Jump to content


Photo
- - - - -

Google redirect / Mydomainadvisor.com problem

Mydomainadvisor Google redirect

  • This topic is locked This topic is locked
21 replies to this topic

#1 sp1234

sp1234

    New Member

  • Members
  • Pip
  • 10 posts

Posted 17 February 2012 - 12:57 PM

Hello,

I've been having this problem, where I am not able to go to www.google.com using Chrome. It goes to "www.google.com/search.php" and displays the following message on the page: "Google 404. That’s an error. The requested URL /search.php was not found on this server. That’s all we know." The tab says " Error 404 (Not Found)!!1 ". When you load Chrome (Google is my home page), it very briefly gives a heading on the tab saying "Welcome to mydomainadvisor.com" before it goes to the "" Error 404 (Not Found)!!1 " message.

Weird thing is that I am able to access google.com from Mozilla and Internet explorer. Also, Google searches work fine from the address bar on Chrome. I haven't noticed this with other websites like yahoo.com, bing.com, cnn.com etc. I have read quite a few posts on this issue on this forum and others, to know that this is likely a real issue, and I'm afraid it could get worse/ my passwords and other data could get stolen... now the only problem is I don't know how to get rid of this :)

I have tried to scan using Malwarebytes Anti-Malware, Spybot, and Adaware (before I unistalled it recently). I have also scanned the whole system using Symantec. I am attaching the most recent Malwarebytes and HiJackThis logs in advance, to speed up the process.

I would appreaciate your help in guiding me through this process!... Many thanks in advance!

SP

***************

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.17.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Saurabh :: SAURABHP [administrator]

2/17/2012 11:36:12 AM
mbam-log-2012-02-17 (11-36-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219905
Time elapsed: 17 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

*************

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:31:04 AM, on 2/17/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
C:\Users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Users\Saurabh\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP

\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870

-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft

\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:

\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files

\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype

\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:

\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar

\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP

\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-

df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS

\PIconStartup.exe"
O4 - HKLM\..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software

\launcher.exe" /startup
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe

/start
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application

Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader

\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --

silent --no_ui
O4 - HKLM\..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard

\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support

\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support

\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update

\jusched.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync

\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\Saurabh\AppData\Local\Google\Update\GoogleUpdate.exe"

/c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK

SERVICE')
O4 - Startup: Dropbox.lnk = Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr

\acrotray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin

\hpqtra08.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect

\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit

\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks

2012\QBW32.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows

\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad

\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad

\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-

C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:

\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:

\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-

C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 -

{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software

\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo

\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}

- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files

\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live

\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live

\wlidnsp.dll
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) -

https://juniper.net/...SetupClient.cab
O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files\Intuit

\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files

\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live

\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad

\Bluetooth Software\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files

\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad

\Utilities\DOZESVC.EXE
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program

Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program

Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files

\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr

\iviRegMgr.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files

\LENOVO\HOTKEY\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files

\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) -

Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB\R2006a

\webserver\bin\win32\matlabserver.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup

\MemeoBackgroundService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows

\system32\nvvsvc.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities

\PWMDBSVC.EXE
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks

\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files

\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit

\DataProtect\QBIDPService.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program

Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:

\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files

\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files

\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System

Update\SUService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:

\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer

\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer

\Version6\TeamViewer_Service.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files

\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows

\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO

\HOTKEY\TPHKSVC.exe
O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost

\TurboBoost.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and

Recovery\rrservice.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel

Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

--
End of file - 18553 bytes


#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 17 February 2012 - 05:48 PM

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 sp1234

sp1234

    New Member

  • Members
  • Pip
  • 10 posts

Posted 17 February 2012 - 10:46 PM

Hi MrC,

Thanks for your response and your help! I am attaching the DDS.txt and Attach.txt files below, as you suggested. Do let me know what I should do next.

thanks,
SP


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Saurabh at 22:39:20 on 2012-02-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3060.1701 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Memeo\Memeo Send\MemeoSend.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
C:\Users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Users\Saurabh\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie

\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\saurabh\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\users\saurabh\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\saurabh\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2012\QBW32.EXE
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039}\7416C6C65737 : DhcpNameServer = 192.168.15.1
TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039}\A4847457563747E65647 : DhcpNameServer = 128.220.1.75 162.129.253.134
TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039}\F46796371627965637 : DhcpNameServer = 192.168.2.1 68.87.64.150 68.87.75.198
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\0653317f.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\saurabh\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-20 24304]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-25 56208]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-12-9 13480]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-25 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-25 164112]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-2-20 132456]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\hotkey\cammute.exe [2009-12-9 54632]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-12-9 44984]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-2-20 48640]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-12-16 2477304]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-12-9 62904]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-2-20 126080]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-2-20 29472]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-2-20 214696]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-20 125696]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-2-20 66664]
R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-2-20 75112]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-29 99768]
.
=============== Created Last 30 ================
.
2012-02-17 23:44:43 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cd41c75b-7ae7-476d-ad88-b459a7c60f33}\mpengine.dll
2012-02-16 08:06:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-16 06:24:46 388096 ----a-r- c:\users\saurabh\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-16 06:24:45 -------- d-----w- c:\program files\Trend Micro
2012-02-16 05:56:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-16 05:56:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-16 05:46:33 -------- d-----w- c:\users\saurabh\appdata\roaming\Malwarebytes
2012-02-16 05:46:30 -------- d-----w- c:\programdata\Malwarebytes
2012-02-16 05:46:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 05:46:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-16 03:29:32 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 03:28:39 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 03:27:59 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-01 17:09:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-02-01 17:09:42 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-02-01 17:09:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-02-01 17:09:41 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-02-01 17:09:41 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-02-01 17:09:40 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe
2012-02-01 17:09:37 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-01 17:09:37 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-01 17:09:37 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-01 17:09:37 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-01 15:04:16 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2012-02-01 15:03:26 -------- d-----w- c:\program files\common files\xing shared
2012-02-01 15:02:52 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-02-01 15:02:22 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2012-01-31 20:06:02 -------- d-----w- c:\program files\One-Click Export
2012-01-25 23:32:14 -------- d-----w- c:\users\saurabh\appdata\local\Intuit_Inc
2012-01-25 15:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-12 20:10:17 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-23 18:12:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST950042 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8323E000]<< >>UNKNOWN [0x8BA00000]<< >>UNKNOWN [0x8BBDD000]<< >>UNKNOWN [0x8B62D000]<< >>UNKNOWN [0x83207000]<< >>UNKNOWN [0x8B82C000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8327552A] -> \Device\Harddisk0\DR0[0x88258AA0]
\Driver\Disk[0x88257C98] -> IRP_MJ_CREATE -> 0x8BA0439F
3 [0x8BA0459E] -> ntkrnlpa!IofCallDriver[0x8327552A] -> [0x866E8B90]
\Driver\ACPI[0x85950E58] -> IRP_MJ_CREATE -> 0x8B6364CC
5 [0x8B6363D4] -> ntkrnlpa!IofCallDriver[0x8327552A] -> \Device\Ide\IAAStorageDevice-1[0x866D4028]
\Driver\iaStor[0x8592FF38] -> IRP_MJ_CREATE -> 0x8B852B26
kernel: MBR read successfully
_asm { JMP 0x10; }
user & kernel MBR OK
copy of MBR has been found in sector 9 !
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:41:55.60 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/9/2010 3:07:04 PM
System Uptime: 2/17/2012 10:15:10 AM (12 hours ago)
.
Motherboard: LENOVO | | 43142PU
Processor: Intel® Core™ i5 CPU M 540 @ 2.53GHz | None | 1190/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 149.73 GiB free.
E: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 3.352 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP312: 2/3/2012 9:18:27 AM - Windows Update
RP313: 2/5/2012 3:01:03 AM - Windows Update
RP314: 2/8/2012 9:36:22 AM - Windows Update
RP315: 2/14/2012 12:11:43 PM - Windows Update
RP316: 2/16/2012 1:23:16 AM - Installed HiJackThis
RP317: 2/16/2012 3:02:02 AM - Windows Update
RP318: 2/16/2012 3:34:48 PM - Removed Ad-Aware
RP319: 2/16/2012 11:12:54 PM - Removed Ad-Aware
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
7-Zip 9.20
Access Help
Adobe Acrobat 6.0 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.4.6
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Service Activation
Avidemux 2.5
Bing Bar
Bing Bar Platform
Bonjour
BufferChm
Burn.Now 4.5
Business Contact Manager for Outlook 2007 SP2
Client Security - Password Manager
Conexant 20585 SmartAudio HD
Copy
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory 7 Lenovo Edition
Create Recovery Media
D3DX10
Destinations
DeviceDiscovery
Direct DiscRecorder
Disable AMT Profile Synchronization Pop-up for Windows Vista/7
DJ_AIO_03_F4200_Software_Min
Dropbox
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EndNote 8.0.2
F4200
FEMLAB 3.1
Google Chrome
Google Talk Plugin
GPBaseService2
GPL Ghostscript 8.64
HiJackThis
HP Customer Participation Program 13.0
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
iCloud
ImageJ 1.45s
ImgBurn
Integrated Camera Driver Installer Package Ver.1.1.0.17
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technology Driver
Intel® Turbo Boost Technology Monitor
InterVideo WinDVD 8
iSEEK AnswerWorks English Runtime
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java™ 6 Update 29
Juniper Networks Network Connect 6.5.0
Juniper Networks Network Connect 7.0.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Junk Mail filter update
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Warranty Information
Lenovo Welcome
LiveUpdate 3.3 (Symantec Corporation)
Macromedia FreeHand 10
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Mathematica 5.2
MATLAB R2006a
Memeo Instant Backup
Memeo Send
Memeo Share
Mesh Runtime
Message Center Plus
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Research AutoCollage Touch 2009
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Mobile Broadband Connect
MobileMe Control Panel
Mozilla Firefox 10.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyPhoneExplorer
NVIDIA Drivers
NVIDIA nView Desktop Manager
On Screen Display
One-Click Export
PDF Settings
PDFill PDF Editor with FREE Writer and Free Tools
Picasa 3
PrimoPDF -- by Nitro PDF Software
QuickBooks
QuickBooks Pro 2012
QuickTime
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
RICOH R5U230 Media Driver ver.2.06.02.02
Scan
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shop for HP Supplies
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SolutionCenter
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Spotify
Spybot - Search & Destroy
Status
Symantec Endpoint Protection
SyncToy 2.1 (x86)
System Update
Tansee iPhone Transfer SMS
TeamViewer 5
TeamViewer 6
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Service
Verizon Wireless Mobile Broadband Self Activation
Watermark Image software version 1.9.9.7
WebReg
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Driver Package - Intel (e1kexpress) Net (12/01/2009 11.5.7.0)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
Windows Essentials Media Codec Pack 3.1
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wolfram Notebook Indexer 1.1
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
2/17/2012 9:47:08 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
2/17/2012 9:46:21 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
2/17/2012 10:19:59 AM, Error: Service Control Manager [7034] - The MATLAB Server service terminated unexpectedly. It has done this 1 time(s).
2/16/2012 2:14:34 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "002314123820" to identify the interface for which

initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address.

If neither the MAC address nor the GUID were available, the string represents a cluster device name.
2/16/2012 12:45:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server:

{000C101C-0000-0000-C000-000000000046}
2/16/2012 11:36:45 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.164.132.97. The computer with the IP address

10.164.133.156 did not allow the name to be claimed by this computer.
2/16/2012 1:13:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The

dependency service or group failed to start.
2/15/2012 6:14:57 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Netman service.
2/15/2012 5:43:00 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WANHUA-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced.
2/15/2012 4:50:06 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SABSAN-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced.
2/15/2012 4:41:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCOTT-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced.
2/15/2012 4:21:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer POSEIDON that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced.
2/15/2012 4:06:35 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PETER-XPS that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced.
2/15/2012 3:55:34 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WEN-HP that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced.
2/15/2012 3:49:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SKYNET that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced.
2/15/2012 3:16:46 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRYSOPHYLAX that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66. The master browser is stopping or an election is being forced.
2/15/2012 11:04:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:

{9E175B6D-F52A-11D8-B9A5-505054503030}
2/15/2012 11:04:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:

{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/15/2012 11:04:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the

server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/15/2012 11:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the

server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/15/2012 11:03:17 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
2/15/2012 11:03:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl lenovo.smi RapportKELL SPBBCDrv

spldr SRTSP SRTSPX SYMTDI TPPWRIF Wanarpv6
2/15/2012 1:20:39 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
2/14/2012 5:51:55 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer YUANFENG-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667. The master browser is stopping or an election is being forced.
2/14/2012 5:48:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PIYUSH-LAPTOP that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6. The master browser is stopping or an election is being forced.
2/14/2012 5:46:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JHU-0439F46ABA4 that believes that it is the master browser for

the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6. The master browser is stopping or an election is being forced.
2/14/2012 5:44:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SEABASS-LAPTOP that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D. The master browser is stopping or an election is being forced.
2/14/2012 5:40:04 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TREE that believes that it is the master browser for the domain on

transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502039}. The master browser is stopping or an election is being forced.
2/14/2012 5:36:27 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GROVER that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced.
2/14/2012 5:32:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer 0B726C703E9A49E that believes that it is the master browser for

the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6. The master browser is stopping or an election is being forced.
2/14/2012 5:29:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ALEXIS-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced.
2/14/2012 5:28:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GUY-PC that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced.
2/14/2012 5:27:09 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NOW_IBM that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced.
2/14/2012 5:24:07 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KHAN-PC that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced.
2/14/2012 5:21:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KONEKO_BASU that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667. The master browser is stopping or an election is being forced.
2/14/2012 5:18:52 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ADITA-STUDIOPC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D. The master browser is stopping or an election is being forced.
2/14/2012 5:13:05 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MIA-THINK that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced.
2/14/2012 5:11:23 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TUTKUN-THINK that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66. The master browser is stopping or an election is being forced.
2/14/2012 5:10:47 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ACLAYTON-LAPTOP that believes that it is the master browser for

the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6. The master browser is stopping or an election is being forced.
2/14/2012 5:08:24 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHEW-PC that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced.
2/14/2012 5:02:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MATTHEWKERR-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D. The master browser is stopping or an election is being forced.
2/14/2012 4:53:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SSOCT-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced.
2/14/2012 4:48:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RICHARD-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675. The master browser is stopping or an election is being forced.
2/14/2012 4:46:18 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ROSEBUD that believes that it is the master browser for the domain

on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced.
2/13/2012 9:26:10 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the TeamViewer6 service.
2/13/2012 8:55:58 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/11/2012 11:02:25 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
2/10/2012 7:15:11 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KARLO-PC that believes that it is the master browser for the

domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced.
2/10/2012 7:03:50 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 18 February 2012 - 07:41 AM

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
Click Scan to scan the system (don't run any other options)
Post back the report.

------------------------------------

Then.........

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 sp1234

sp1234

    New Member

  • Members
  • Pip
  • 10 posts

Posted 18 February 2012 - 10:19 AM

Thanks... Here are the two reports:

RogueKiller report

RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Saurabh [Admin rights]
Mode: Scan -- Date: 02/18/2012 10:13:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[88] : NtCreateThreadEx @ 0x834AF1E4 -> HOOKED (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys @ 0x8B7E4640)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 5aa5bdfcefaf57595edf98cffb5afe78
[BSP] 94b1f9633b95fd44dc9b4d7b0c3cc8f9 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



********************************************

TDSSKiller Report

10:14:07.0600 1840 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
10:14:08.0646 1840 ============================================================
10:14:08.0895 1840 Current date / time: 2012/02/18 10:14:08.0646
10:14:08.0895 1840 SystemInfo:
10:14:08.0895 1840
10:14:08.0895 1840 OS Version: 6.1.7601 ServicePack: 1.0
10:14:08.0895 1840 Product type: Workstation
10:14:08.0895 1840 ComputerName: SAURABHP
10:14:08.0895 1840 UserName: Saurabh
10:14:08.0895 1840 Windows directory: C:\Windows
10:14:08.0895 1840 System windows directory: C:\Windows
10:14:08.0895 1840 Processor architecture: Intel x86
10:14:08.0895 1840 Number of processors: 4
10:14:08.0895 1840 Page size: 0x1000
10:14:08.0895 1840 Boot type: Normal boot
10:14:08.0895 1840 ============================================================
10:14:10.0627 1840 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize:

0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags

0x00000050
10:14:10.0627 1840 \Device\Harddisk0\DR0:
10:14:10.0627 1840 MBR used
10:14:10.0627 1840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800,

BlocksNum 0x258000
10:14:10.0627 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800,

BlocksNum 0x38DA4FF8
10:14:10.0627 1840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FFD800,

BlocksNum 0x1388000
10:14:10.0814 1840 Initialize success
10:14:10.0814 1840 ============================================================
10:14:38.0223 10884 ============================================================
10:14:38.0223 10884 Scan started
10:14:38.0223 10884 Mode: Manual; SigCheck; TDLFS;
10:14:38.0223 10884 ============================================================
10:14:42.0513 10884 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows

\system32\drivers\1394ohci.sys
10:14:42.0654 10884 1394ohci - ok
10:14:42.0716 10884 5U877 (a3ac25d2c9eeb18384a88deb392c355d) C:\Windows

\system32\DRIVERS\5U877.sys
10:14:42.0810 10884 5U877 - ok
10:14:42.0888 10884 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows

\system32\drivers\ACPI.sys
10:14:42.0934 10884 ACPI - ok
10:14:42.0997 10884 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows

\system32\drivers\acpipmi.sys
10:14:43.0075 10884 AcpiPmi - ok
10:14:43.0168 10884 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows

\system32\DRIVERS\adp94xx.sys
10:14:43.0246 10884 adp94xx - ok
10:14:43.0293 10884 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows

\system32\DRIVERS\adpahci.sys
10:14:43.0340 10884 adpahci - ok
10:14:43.0387 10884 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows

\system32\DRIVERS\adpu320.sys
10:14:43.0434 10884 adpu320 - ok
10:14:43.0527 10884 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows

\system32\drivers\afd.sys
10:14:43.0605 10884 AFD - ok
10:14:43.0683 10884 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows

\system32\drivers\agp440.sys
10:14:43.0730 10884 agp440 - ok
10:14:43.0792 10884 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows

\system32\DRIVERS\djsvs.sys
10:14:43.0839 10884 aic78xx - ok
10:14:43.0902 10884 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows

\system32\drivers\aliide.sys
10:14:43.0948 10884 aliide - ok
10:14:43.0980 10884 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows

\system32\drivers\amdagp.sys
10:14:44.0026 10884 amdagp - ok
10:14:44.0058 10884 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows

\system32\drivers\amdide.sys
10:14:44.0104 10884 amdide - ok
10:14:44.0136 10884 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows

\system32\DRIVERS\amdk8.sys
10:14:44.0463 10884 AmdK8 - ok
10:14:44.0962 10884 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows

\system32\DRIVERS\amdppm.sys
10:14:45.0009 10884 AmdPPM - ok
10:14:45.0087 10884 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows

\system32\drivers\amdsata.sys
10:14:45.0134 10884 amdsata - ok
10:14:45.0181 10884 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows

\system32\DRIVERS\amdsbs.sys
10:14:45.0243 10884 amdsbs - ok
10:14:45.0274 10884 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows

\system32\drivers\amdxata.sys
10:14:45.0306 10884 amdxata - ok
10:14:45.0352 10884 AppID (aea177f783e20150ace5383ee368da19) C:\Windows

\system32\drivers\appid.sys
10:14:45.0493 10884 AppID - ok
10:14:45.0602 10884 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows

\system32\DRIVERS\arc.sys
10:14:45.0649 10884 arc - ok
10:14:45.0680 10884 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows

\system32\DRIVERS\arcsas.sys
10:14:45.0727 10884 arcsas - ok
10:14:45.0805 10884 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows

\system32\DRIVERS\asyncmac.sys
10:14:45.0898 10884 AsyncMac - ok
10:14:45.0976 10884 atapi (338c86357871c167a96ab976519bf59e) C:\Windows

\system32\drivers\atapi.sys
10:14:46.0023 10884 atapi - ok
10:14:46.0070 10884 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows

\system32\DRIVERS\bxvbdx.sys
10:14:46.0195 10884 b06bdrv - ok
10:14:46.0226 10884 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows

\system32\DRIVERS\b57nd60x.sys
10:14:46.0304 10884 b57nd60x - ok
10:14:46.0366 10884 Beep (505506526a9d467307b3c393dedaf858) C:\Windows

\system32\drivers\Beep.sys
10:14:46.0429 10884 Beep - ok
10:14:46.0476 10884 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows

\system32\DRIVERS\blbdrive.sys
10:14:46.0522 10884 blbdrive - ok
10:14:46.0585 10884 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows

\system32\DRIVERS\bowser.sys
10:14:46.0632 10884 bowser - ok
10:14:46.0663 10884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows

\system32\DRIVERS\BrFiltLo.sys
10:14:46.0850 10884 BrFiltLo - ok
10:14:47.0599 10884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows

\system32\DRIVERS\BrFiltUp.sys
10:14:47.0724 10884 BrFiltUp - ok
10:14:47.0770 10884 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows

\System32\Drivers\Brserid.sys
10:14:47.0911 10884 Brserid - ok
10:14:47.0942 10884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows

\System32\Drivers\BrSerWdm.sys
10:14:48.0004 10884 BrSerWdm - ok
10:14:48.0036 10884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows

\System32\Drivers\BrUsbMdm.sys
10:14:48.0098 10884 BrUsbMdm - ok
10:14:48.0145 10884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows

\System32\Drivers\BrUsbSer.sys
10:14:48.0207 10884 BrUsbSer - ok
10:14:48.0301 10884 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows

\system32\drivers\BthEnum.sys
10:14:48.0332 10884 BthEnum - ok
10:14:48.0363 10884 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows

\system32\DRIVERS\bthmodem.sys
10:14:48.0410 10884 BTHMODEM - ok
10:14:48.0441 10884 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows

\system32\DRIVERS\bthpan.sys
10:14:48.0504 10884 BthPan - ok
10:14:48.0582 10884 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows

\System32\Drivers\BTHport.sys
10:14:48.0644 10884 BTHPORT - ok
10:14:48.0722 10884 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows

\System32\Drivers\BTHUSB.sys
10:14:48.0753 10884 BTHUSB - ok
10:14:48.0831 10884 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows

\system32\drivers\btwaudio.sys
10:14:48.0894 10884 btwaudio - ok
10:14:48.0940 10884 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows

\system32\drivers\btwavdt.sys
10:14:48.0956 10884 btwavdt - ok
10:14:49.0003 10884 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows

\system32\DRIVERS\btwl2cap.sys
10:14:49.0034 10884 btwl2cap - ok
10:14:49.0065 10884 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows

\system32\DRIVERS\btwrchid.sys
10:14:49.0081 10884 btwrchid - ok
10:14:49.0159 10884 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows

\system32\DRIVERS\cdfs.sys
10:14:49.0237 10884 cdfs - ok
10:14:50.0079 10884 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows

\system32\drivers\cdrom.sys
10:14:50.0157 10884 cdrom - ok
10:14:50.0204 10884 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows

\system32\DRIVERS\circlass.sys
10:14:50.0298 10884 circlass - ok
10:14:50.0344 10884 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows

\system32\CLFS.sys
10:14:50.0391 10884 CLFS - ok
10:14:50.0454 10884 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows

\system32\DRIVERS\CmBatt.sys
10:14:50.0485 10884 CmBatt - ok
10:14:50.0547 10884 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows

\system32\drivers\cmdide.sys
10:14:50.0594 10884 cmdide - ok
10:14:50.0672 10884 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows

\system32\Drivers\cng.sys
10:14:50.0734 10884 CNG - ok
10:14:50.0797 10884 CnxtHdAudService (cdc46f169ddb1a00110a026a61f2792f) C:\Windows

\system32\drivers\CHDRT32.sys
10:14:50.0890 10884 CnxtHdAudService - ok
10:14:50.0953 10884 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows

\system32\DRIVERS\compbatt.sys
10:14:50.0984 10884 Compbatt - ok
10:14:51.0062 10884 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows

\system32\drivers\CompositeBus.sys
10:14:51.0109 10884 CompositeBus - ok
10:14:51.0156 10884 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows

\system32\DRIVERS\crcdisk.sys
10:14:51.0202 10884 crcdisk - ok
10:14:51.0280 10884 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows

\system32\drivers\csc.sys
10:14:51.0358 10884 CSC - ok
10:14:51.0452 10884 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows

\system32\Drivers\dfsc.sys
10:14:51.0514 10884 DfsC - ok
10:14:51.0546 10884 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows

\system32\drivers\discache.sys
10:14:51.0624 10884 discache - ok
10:14:51.0686 10884 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows

\system32\DRIVERS\disk.sys
10:14:51.0717 10884 Disk - ok
10:14:51.0795 10884 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows

\system32\DRIVERS\Dot4.sys
10:14:52.0029 10884 Dot4 - ok
10:14:52.0653 10884 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows

\system32\drivers\Dot4Prt.sys
10:14:52.0716 10884 Dot4Print - ok
10:14:52.0809 10884 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows

\system32\DRIVERS\dot4usb.sys
10:14:52.0856 10884 dot4usb - ok
10:14:52.0918 10884 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\Windows

\system32\DRIVERS\DozeHDD.sys
10:14:52.0950 10884 DozeHDD - ok
10:14:52.0981 10884 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows

\system32\drivers\drmkaud.sys
10:14:53.0043 10884 drmkaud - ok
10:14:53.0090 10884 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows

\system32\DRIVERS\dsNcAdpt.sys
10:14:53.0184 10884 dsNcAdpt - ok
10:14:53.0262 10884 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows

\System32\drivers\dxgkrnl.sys
10:14:53.0324 10884 DXGKrnl - ok
10:14:53.0386 10884 e1kexpress (62d5e04c7cf9d4c69d99f3e0f75bb2cf) C:\Windows

\system32\DRIVERS\e1k6232.sys
10:14:53.0418 10884 e1kexpress - ok
10:14:53.0527 10884 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows

\system32\DRIVERS\evbdx.sys
10:14:53.0730 10884 ebdrv - ok
10:14:53.0839 10884 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files

\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:14:53.0917 10884 eeCtrl - ok
10:14:53.0979 10884 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows

\system32\DRIVERS\elxstor.sys
10:14:54.0042 10884 elxstor - ok
10:14:54.0120 10884 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files

\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
10:14:54.0151 10884 EraserUtilDrv11122 - ok
10:14:54.0213 10884 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows

\system32\drivers\errdev.sys
10:14:54.0276 10884 ErrDev - ok
10:14:54.0354 10884 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows

\system32\drivers\exfat.sys
10:14:54.0447 10884 exfat - ok
10:14:55.0149 10884 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows

\system32\drivers\fastfat.sys
10:14:55.0274 10884 fastfat - ok
10:14:55.0321 10884 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows

\system32\DRIVERS\fdc.sys
10:14:55.0383 10884 fdc - ok
10:14:55.0430 10884 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows

\system32\drivers\fileinfo.sys
10:14:55.0461 10884 FileInfo - ok
10:14:55.0492 10884 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows

\system32\drivers\filetrace.sys
10:14:55.0570 10884 Filetrace - ok
10:14:55.0617 10884 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows

\system32\DRIVERS\flpydisk.sys
10:14:55.0742 10884 flpydisk - ok
10:14:55.0804 10884 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows

\system32\drivers\fltmgr.sys
10:14:55.0836 10884 FltMgr - ok
10:14:55.0882 10884 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows

\system32\drivers\FsDepends.sys
10:14:55.0914 10884 FsDepends - ok
10:14:55.0992 10884 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows

\system32\DRIVERS\fssfltr.sys
10:14:56.0038 10884 fssfltr - ok
10:14:56.0085 10884 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows

\system32\drivers\Fs_Rec.sys
10:14:56.0116 10884 Fs_Rec - ok
10:14:56.0272 10884 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows

\system32\DRIVERS\fvevol.sys
10:14:56.0319 10884 fvevol - ok
10:14:56.0366 10884 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows

\system32\DRIVERS\gagp30kx.sys
10:14:56.0413 10884 gagp30kx - ok
10:14:56.0475 10884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows

\system32\DRIVERS\GEARAspiWDM.sys
10:14:56.0506 10884 GEARAspiWDM - ok
10:14:56.0584 10884 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows

\system32\drivers\hcw85cir.sys
10:14:56.0662 10884 hcw85cir - ok
10:14:56.0740 10884 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows

\system32\drivers\HdAudio.sys
10:14:56.0818 10884 HdAudAddService - ok
10:14:56.0896 10884 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows

\system32\drivers\HDAudBus.sys
10:14:57.0068 10884 HDAudBus - ok
10:14:57.0770 10884 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows

\system32\DRIVERS\HECI.sys
10:14:57.0895 10884 HECI - ok
10:14:57.0926 10884 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows

\system32\DRIVERS\HidBatt.sys
10:14:57.0988 10884 HidBatt - ok
10:14:58.0020 10884 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows

\system32\DRIVERS\hidbth.sys
10:14:58.0066 10884 HidBth - ok
10:14:58.0129 10884 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows

\system32\DRIVERS\hidir.sys
10:14:58.0191 10884 HidIr - ok
10:14:58.0269 10884 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows

\system32\drivers\hidusb.sys
10:14:58.0332 10884 HidUsb - ok
10:14:58.0410 10884 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows

\system32\drivers\HpSAMD.sys
10:14:58.0456 10884 HpSAMD - ok
10:14:58.0550 10884 HSF_DPV (c761b4a8391f5e47f7c51a691ce773f4) C:\Windows

\system32\DRIVERS\HSX_DPV.sys
10:14:58.0659 10884 HSF_DPV - ok
10:14:58.0690 10884 HSXHWAZL (50b42ef358a2e5363be6b77138a22391) C:\Windows

\system32\DRIVERS\HSXHWAZL.sys
10:14:58.0753 10884 HSXHWAZL - ok
10:14:58.0815 10884 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows

\system32\drivers\HTTP.sys
10:14:58.0924 10884 HTTP - ok
10:14:58.0987 10884 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows

\system32\drivers\hwpolicy.sys
10:14:59.0018 10884 hwpolicy - ok
10:14:59.0096 10884 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows

\system32\drivers\i8042prt.sys
10:14:59.0143 10884 i8042prt - ok
10:14:59.0190 10884 iaStor (edf5ecc965faaa533d35e02f47b9132e) C:\Windows

\system32\DRIVERS\iaStor.sys
10:14:59.0236 10884 iaStor - ok
10:14:59.0314 10884 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows

\system32\drivers\iaStorV.sys
10:14:59.0439 10884 iaStorV - ok
10:15:00.0250 10884 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\Windows

\system32\DRIVERS\ibmpmdrv.sys
10:15:00.0282 10884 IBMPMDRV - ok
10:15:00.0422 10884 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows

\system32\DRIVERS\igdkmd32.sys
10:15:00.0718 10884 igfx - ok
10:15:00.0765 10884 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows

\system32\DRIVERS\iirsp.sys
10:15:00.0812 10884 iirsp - ok
10:15:00.0874 10884 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows

\system32\DRIVERS\Impcd.sys
10:15:00.0921 10884 Impcd - ok
10:15:00.0999 10884 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows

\system32\drivers\intelide.sys
10:15:01.0046 10884 intelide - ok
10:15:01.0077 10884 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows

\system32\DRIVERS\intelppm.sys
10:15:01.0124 10884 intelppm - ok
10:15:01.0171 10884 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows

\system32\DRIVERS\ipfltdrv.sys
10:15:01.0249 10884 IpFilterDriver - ok
10:15:01.0311 10884 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows

\system32\drivers\IPMIDrv.sys
10:15:01.0374 10884 IPMIDRV - ok
10:15:01.0420 10884 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows

\system32\drivers\ipnat.sys
10:15:01.0514 10884 IPNAT - ok
10:15:01.0576 10884 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows

\system32\drivers\irenum.sys
10:15:01.0639 10884 IRENUM - ok
10:15:01.0717 10884 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows

\system32\drivers\isapnp.sys
10:15:01.0764 10884 isapnp - ok
10:15:01.0810 10884 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows

\system32\drivers\msiscsi.sys
10:15:01.0873 10884 iScsiPrt - ok
10:15:01.0935 10884 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows

\system32\drivers\kbdclass.sys
10:15:01.0966 10884 kbdclass - ok
10:15:02.0809 10884 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows

\system32\drivers\kbdhid.sys
10:15:02.0840 10884 kbdhid - ok
10:15:02.0965 10884 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows

\system32\Drivers\ksecdd.sys
10:15:02.0996 10884 KSecDD - ok
10:15:03.0027 10884 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows

\system32\Drivers\ksecpkg.sys
10:15:03.0074 10884 KSecPkg - ok
10:15:03.0136 10884 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows

\system32\DRIVERS\smiif32.sys
10:15:03.0153 10884 lenovo.smi - ok
10:15:03.0231 10884 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows

\system32\DRIVERS\lltdio.sys
10:15:03.0309 10884 lltdio - ok
10:15:03.0356 10884 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows

\system32\DRIVERS\lsi_fc.sys
10:15:03.0403 10884 LSI_FC - ok
10:15:03.0434 10884 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows

\system32\DRIVERS\lsi_sas.sys
10:15:03.0481 10884 LSI_SAS - ok
10:15:03.0496 10884 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows

\system32\DRIVERS\lsi_sas2.sys
10:15:03.0543 10884 LSI_SAS2 - ok
10:15:03.0559 10884 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows

\system32\DRIVERS\lsi_scsi.sys
10:15:03.0605 10884 LSI_SCSI - ok
10:15:03.0621 10884 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows

\system32\drivers\luafv.sys
10:15:03.0715 10884 luafv - ok
10:15:03.0777 10884 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows

\system32\DRIVERS\mdmxsdk.sys
10:15:03.0808 10884 mdmxsdk - ok
10:15:03.0839 10884 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows

\system32\DRIVERS\megasas.sys
10:15:03.0871 10884 megasas - ok
10:15:03.0902 10884 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows

\system32\DRIVERS\MegaSR.sys
10:15:03.0964 10884 MegaSR - ok
10:15:03.0995 10884 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows

\system32\drivers\modem.sys
10:15:04.0089 10884 Modem - ok
10:15:04.0136 10884 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows

\system32\DRIVERS\monitor.sys
10:15:04.0199 10884 monitor - ok
10:15:04.0277 10884 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows

\system32\drivers\mouclass.sys
10:15:04.0308 10884 mouclass - ok
10:15:04.0324 10884 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows

\system32\DRIVERS\mouhid.sys
10:15:04.0355 10884 mouhid - ok
10:15:04.0418 10884 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows

\system32\drivers\mountmgr.sys
10:15:04.0449 10884 mountmgr - ok
10:15:04.0496 10884 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows

\system32\drivers\mpio.sys
10:15:04.0542 10884 mpio - ok
10:15:05.0291 10884 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows

\system32\drivers\mpsdrv.sys
10:15:05.0369 10884 mpsdrv - ok
10:15:05.0416 10884 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows

\system32\drivers\mrxdav.sys
10:15:05.0510 10884 MRxDAV - ok
10:15:05.0556 10884 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows

\system32\DRIVERS\mrxsmb.sys
10:15:05.0619 10884 mrxsmb - ok
10:15:05.0666 10884 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows

\system32\DRIVERS\mrxsmb10.sys
10:15:05.0712 10884 mrxsmb10 - ok
10:15:05.0728 10884 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows

\system32\DRIVERS\mrxsmb20.sys
10:15:05.0790 10884 mrxsmb20 - ok
10:15:05.0822 10884 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows

\system32\drivers\msahci.sys
10:15:05.0868 10884 msahci - ok
10:15:05.0915 10884 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows

\system32\drivers\msdsm.sys
10:15:05.0962 10884 msdsm - ok
10:15:06.0009 10884 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows

\system32\drivers\Msfs.sys
10:15:06.0071 10884 Msfs - ok
10:15:06.0102 10884 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows

\System32\drivers\mshidkmdf.sys
10:15:06.0165 10884 mshidkmdf - ok
10:15:06.0180 10884 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows

\system32\drivers\msisadrv.sys
10:15:06.0212 10884 msisadrv - ok
10:15:06.0258 10884 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows

\system32\drivers\MSKSSRV.sys
10:15:06.0352 10884 MSKSSRV - ok
10:15:06.0383 10884 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows

\system32\drivers\MSPCLOCK.sys
10:15:06.0477 10884 MSPCLOCK - ok
10:15:06.0508 10884 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows

\system32\drivers\MSPQM.sys
10:15:06.0602 10884 MSPQM - ok
10:15:06.0633 10884 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows

\system32\drivers\MsRPC.sys
10:15:06.0664 10884 MsRPC - ok
10:15:06.0695 10884 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows

\system32\drivers\mssmbios.sys
10:15:06.0726 10884 mssmbios - ok
10:15:06.0773 10884 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows

\system32\drivers\MSTEE.sys
10:15:06.0867 10884 MSTEE - ok
10:15:06.0898 10884 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows

\system32\DRIVERS\MTConfig.sys
10:15:06.0960 10884 MTConfig - ok
10:15:06.0992 10884 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows

\system32\Drivers\mup.sys
10:15:07.0023 10884 Mup - ok
10:15:07.0226 10884 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows

\system32\DRIVERS\nwifi.sys
10:15:07.0756 10884 NativeWifiP - ok
10:15:08.0349 10884 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec

\DEFINI~1\VIRUSD~1\20120217.004\NAVENG.SYS
10:15:08.0380 10884 NAVENG - ok
10:15:08.0474 10884 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec

\DEFINI~1\VIRUSD~1\20120217.004\NAVEX15.SYS
10:15:08.0598 10884 NAVEX15 - ok
10:15:08.0692 10884 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows

\system32\drivers\ndis.sys
10:15:08.0770 10884 NDIS - ok
10:15:08.0817 10884 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows

\system32\DRIVERS\ndiscap.sys
10:15:08.0910 10884 NdisCap - ok
10:15:08.0957 10884 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows

\system32\DRIVERS\ndistapi.sys
10:15:09.0035 10884 NdisTapi - ok
10:15:09.0098 10884 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows

\system32\DRIVERS\ndisuio.sys
10:15:09.0176 10884 Ndisuio - ok
10:15:09.0222 10884 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows

\system32\DRIVERS\ndiswan.sys
10:15:09.0300 10884 NdisWan - ok
10:15:09.0378 10884 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows

\system32\drivers\NDProxy.sys
10:15:09.0441 10884 NDProxy - ok
10:15:09.0488 10884 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows

\system32\DRIVERS\netbios.sys
10:15:09.0581 10884 NetBIOS - ok
10:15:09.0659 10884 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows

\system32\DRIVERS\netbt.sys
10:15:09.0737 10884 NetBT - ok
10:15:10.0720 10884 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows

\system32\DRIVERS\NETw5s32.sys
10:15:11.0001 10884 NETw5s32 - ok
10:15:11.0141 10884 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows

\system32\DRIVERS\netw5v32.sys
10:15:11.0391 10884 netw5v32 - ok
10:15:11.0438 10884 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows

\system32\DRIVERS\nfrd960.sys
10:15:11.0484 10884 nfrd960 - ok
10:15:11.0531 10884 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows

\system32\drivers\Npfs.sys
10:15:11.0609 10884 Npfs - ok
10:15:11.0656 10884 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows

\system32\drivers\nsiproxy.sys
10:15:11.0718 10884 nsiproxy - ok
10:15:11.0812 10884 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows

\system32\drivers\Ntfs.sys
10:15:11.0890 10884 Ntfs - ok
10:15:11.0921 10884 Null (f9756a98d69098dca8945d62858a812c) C:\Windows

\system32\drivers\Null.sys
10:15:11.0999 10884 Null - ok
10:15:12.0062 10884 NVHDA (8571011b62ce0207fa1dc95d88308f1d) C:\Windows

\system32\drivers\nvhda32v.sys
10:15:12.0077 10884 NVHDA - ok
10:15:12.0327 10884 nvlddmkm (6672d9a10fb3e42623f2bcff38bb31d9) C:\Windows

\system32\DRIVERS\nvlddmkm.sys
10:15:13.0029 10884 nvlddmkm - ok
10:15:13.0388 10884 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows

\system32\drivers\nvraid.sys
10:15:13.0466 10884 nvraid - ok
10:15:13.0512 10884 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows

\system32\drivers\nvstor.sys
10:15:13.0559 10884 nvstor - ok
10:15:13.0606 10884 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows

\system32\drivers\nv_agp.sys
10:15:13.0653 10884 nv_agp - ok
10:15:13.0700 10884 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows

\system32\drivers\ohci1394.sys
10:15:13.0762 10884 ohci1394 - ok
10:15:13.0840 10884 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows

\system32\DRIVERS\parport.sys
10:15:13.0902 10884 Parport - ok
10:15:13.0980 10884 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows

\system32\drivers\partmgr.sys
10:15:14.0012 10884 partmgr - ok
10:15:14.0043 10884 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows

\system32\DRIVERS\parvdm.sys
10:15:14.0105 10884 Parvdm - ok
10:15:14.0199 10884 PCDSRVC{3037D694-FD904ACA-06000000}_0 (a88f42ad20418620d08a13ad1a70c083)

c:\program files\pc-doctor\pcdsrvc.pkms
10:15:14.0573 10884 PCDSRVC{3037D694-FD904ACA-06000000}_0 - ok
10:15:14.0620 10884 PCDSRVC{C4B36920-79E24793-06000000}_0 (a88f42ad20418620d08a13ad1a70c083)

c:\progra~1\pc-doc~1\pcdsrvc.pkms
10:15:14.0651 10884 PCDSRVC{C4B36920-79E24793-06000000}_0 - ok
10:15:14.0745 10884 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows

\system32\drivers\pci.sys
10:15:14.0792 10884 pci - ok
10:15:14.0823 10884 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows

\system32\drivers\pciide.sys
10:15:14.0870 10884 pciide - ok
10:15:14.0916 10884 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows

\system32\DRIVERS\pcmcia.sys
10:15:14.0979 10884 pcmcia - ok
10:15:15.0759 10884 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows

\system32\drivers\pcw.sys
10:15:15.0790 10884 pcw - ok
10:15:15.0852 10884 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows

\system32\drivers\peauth.sys
10:15:15.0962 10884 PEAUTH - ok
10:15:16.0118 10884 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows

\system32\DRIVERS\point32.sys
10:15:16.0149 10884 Point32 - ok
10:15:16.0211 10884 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows

\system32\DRIVERS\raspptp.sys
10:15:16.0305 10884 PptpMiniport - ok
10:15:16.0352 10884 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows

\system32\DRIVERS\processr.sys
10:15:16.0398 10884 Processor - ok
10:15:16.0461 10884 psadd (72de205cd4006dc45b1401859c506679) C:\Windows

\system32\DRIVERS\psadd.sys
10:15:16.0492 10884 psadd - ok
10:15:16.0539 10884 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows

\system32\DRIVERS\pacer.sys
10:15:16.0632 10884 Psched - ok
10:15:16.0726 10884 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows

\system32\DRIVERS\ql2300.sys
10:15:16.0866 10884 ql2300 - ok
10:15:16.0913 10884 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows

\system32\DRIVERS\ql40xx.sys
10:15:17.0085 10884 ql40xx - ok
10:15:17.0132 10884 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows

\system32\drivers\qwavedrv.sys
10:15:17.0210 10884 QWAVEdrv - ok
10:15:17.0381 10884 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData

\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
10:15:17.0428 10884 RapportCerberus_34302 - ok
10:15:18.0130 10884 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files

\Trusteer\Rapport\bin\RapportEI.sys
10:15:18.0270 10884 RapportEI - ok
10:15:18.0364 10884 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata

\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
10:15:18.0411 10884 RapportIaso - ok
10:15:18.0504 10884 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\Windows

\system32\Drivers\RapportKELL.sys
10:15:18.0582 10884 RapportKELL - ok
10:15:18.0754 10884 RapportPG (060f8e34707d68178a564935ce4546eb) C:\Program Files

\Trusteer\Rapport\bin\RapportPG.sys
10:15:18.0816 10884 RapportPG - ok
10:15:18.0863 10884 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows

\system32\DRIVERS\rasacd.sys
10:15:18.0957 10884 RasAcd - ok
10:15:19.0019 10884 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows

\system32\DRIVERS\AgileVpn.sys
10:15:19.0097 10884 RasAgileVpn - ok
10:15:19.0144 10884 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows

\system32\DRIVERS\rasl2tp.sys
10:15:19.0238 10884 Rasl2tp - ok
10:15:19.0284 10884 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows

\system32\DRIVERS\raspppoe.sys
10:15:19.0378 10884 RasPppoe - ok
10:15:19.0409 10884 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows

\system32\DRIVERS\rassstp.sys
10:15:19.0503 10884 RasSstp - ok
10:15:19.0581 10884 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows

\system32\DRIVERS\rdbss.sys
10:15:19.0643 10884 rdbss - ok
10:15:19.0674 10884 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows

\system32\DRIVERS\rdpbus.sys
10:15:19.0721 10884 rdpbus - ok
10:15:19.0768 10884 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows

\system32\DRIVERS\RDPCDD.sys
10:15:19.0846 10884 RDPCDD - ok
10:15:19.0908 10884 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows

\system32\drivers\rdpdr.sys
10:15:19.0986 10884 RDPDR - ok
10:15:20.0018 10884 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows

\system32\drivers\rdpencdd.sys
10:15:20.0236 10884 RDPENCDD - ok
10:15:20.0798 10884 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows

\system32\drivers\rdprefmp.sys
10:15:20.0891 10884 RDPREFMP - ok
10:15:20.0938 10884 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows

\system32\drivers\RDPWD.sys
10:15:21.0032 10884 RDPWD - ok
10:15:21.0125 10884 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows

\system32\drivers\rdyboost.sys
10:15:21.0172 10884 rdyboost - ok
10:15:21.0219 10884 regi (001b4278407f4303efc902a2b16f2453) C:\Windows

\system32\drivers\regi.sys
10:15:21.0250 10884 regi - ok
10:15:21.0312 10884 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows

\system32\DRIVERS\rfcomm.sys
10:15:21.0344 10884 RFCOMM - ok
10:15:21.0406 10884 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows

\system32\DRIVERS\rimspe86.sys
10:15:21.0468 10884 rimspci - ok
10:15:21.0531 10884 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows

\system32\DRIVERS\rspndr.sys
10:15:21.0593 10884 rspndr - ok
10:15:21.0671 10884 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows

\system32\DRIVERS\s125bus.sys
10:15:21.0749 10884 s125bus - ok
10:15:21.0827 10884 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows

\system32\DRIVERS\s125mdfl.sys
10:15:21.0874 10884 s125mdfl - ok
10:15:21.0905 10884 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows

\system32\DRIVERS\s125mdm.sys
10:15:21.0952 10884 s125mdm - ok
10:15:22.0030 10884 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows

\system32\DRIVERS\s125mgmt.sys
10:15:22.0077 10884 s125mgmt - ok
10:15:22.0108 10884 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows

\system32\DRIVERS\s125obex.sys
10:15:22.0155 10884 s125obex - ok
10:15:22.0217 10884 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows

\system32\drivers\vms3cap.sys
10:15:22.0280 10884 s3cap - ok
10:15:22.0342 10884 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows

\system32\drivers\sbp2port.sys
10:15:22.0389 10884 sbp2port - ok
10:15:22.0467 10884 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows

\system32\DRIVERS\scfilter.sys
10:15:22.0529 10884 scfilter - ok
10:15:23.0418 10884 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows

\system32\drivers\sdbus.sys
10:15:23.0465 10884 sdbus - ok
10:15:23.0512 10884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows

\system32\drivers\secdrv.sys
10:15:23.0590 10884 secdrv - ok
10:15:23.0668 10884 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows

\system32\DRIVERS\serenum.sys
10:15:23.0730 10884 Serenum - ok
10:15:23.0918 10884 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows

\system32\DRIVERS\serial.sys
10:15:23.0980 10884 Serial - ok
10:15:24.0074 10884 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows

\system32\DRIVERS\sermouse.sys
10:15:24.0136 10884 sermouse - ok
10:15:24.0214 10884 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows

\system32\drivers\sffdisk.sys
10:15:24.0276 10884 sffdisk - ok
10:15:24.0308 10884 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows

\system32\drivers\sffp_mmc.sys
10:15:24.0354 10884 sffp_mmc - ok
10:15:24.0401 10884 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows

\system32\drivers\sffp_sd.sys
10:15:24.0464 10884 sffp_sd - ok
10:15:24.0526 10884 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows

\system32\DRIVERS\sfloppy.sys
10:15:24.0573 10884 sfloppy - ok
10:15:24.0620 10884 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\Windows

\system32\DRIVERS\Apsx86.sys
10:15:24.0651 10884 Shockprf - ok
10:15:24.0682 10884 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows

\system32\drivers\sisagp.sys
10:15:24.0729 10884 sisagp - ok
10:15:24.0776 10884 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows

\system32\DRIVERS\SiSRaid2.sys
10:15:24.0807 10884 SiSRaid2 - ok
10:15:24.0854 10884 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows

\system32\DRIVERS\sisraid4.sys
10:15:24.0900 10884 SiSRaid4 - ok
10:15:24.0947 10884 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows

\system32\DRIVERS\smb.sys
10:15:25.0025 10884 Smb - ok
10:15:25.0088 10884 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files

\ThinkVantage Fingerprint Software\smihlp.sys
10:15:25.0119 10884 smihlp - ok
10:15:25.0977 10884 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files

\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
10:15:26.0039 10884 SPBBCDrv - ok
10:15:26.0070 10884 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows

\system32\drivers\spldr.sys
10:15:26.0102 10884 spldr - ok
10:15:26.0148 10884 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows

\system32\Drivers\SRTSP.SYS
10:15:26.0195 10884 SRTSP - ok
10:15:26.0226 10884 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows

\system32\Drivers\SRTSPL.SYS
10:15:26.0289 10884 SRTSPL - ok
10:15:26.0320 10884 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows

\system32\Drivers\SRTSPX.SYS
10:15:26.0351 10884 SRTSPX - ok
10:15:26.0414 10884 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows

\system32\DRIVERS\srv.sys
10:15:26.0507 10884 srv - ok
10:15:26.0585 10884 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows

\system32\DRIVERS\srv2.sys
10:15:26.0648 10884 srv2 - ok
10:15:26.0726 10884 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows

\system32\DRIVERS\VSTAZL3.SYS
10:15:26.0804 10884 SrvHsfHDA - ok
10:15:26.0866 10884 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows

\system32\DRIVERS\VSTDPV3.SYS
10:15:27.0007 10884 SrvHsfV92 - ok
10:15:27.0069 10884 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows

\system32\DRIVERS\VSTCNXT3.SYS
10:15:27.0163 10884 SrvHsfWinac - ok
10:15:27.0225 10884 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows

\system32\DRIVERS\srvnet.sys
10:15:27.0287 10884 srvnet - ok
10:15:27.0350 10884 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows

\system32\DRIVERS\stexstor.sys
10:15:27.0381 10884 stexstor - ok
10:15:27.0459 10884 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows

\system32\drivers\vmstorfl.sys
10:15:27.0490 10884 storflt - ok
10:15:27.0537 10884 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows

\system32\drivers\storvsc.sys
10:15:27.0584 10884 storvsc - ok
10:15:27.0662 10884 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows

\system32\drivers\swenum.sys
10:15:27.0693 10884 swenum - ok
10:15:28.0504 10884 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows

\system32\Drivers\SYMEVENT.SYS
10:15:28.0551 10884 SymEvent - ok
10:15:28.0613 10884 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows

\System32\Drivers\SYMREDRV.SYS
10:15:28.0660 10884 SYMREDRV - ok
10:15:28.0691 10884 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows

\System32\Drivers\SYMTDI.SYS
10:15:28.0723 10884 SYMTDI - ok
10:15:28.0785 10884 SynTP (bd8e7f87de409a745a132a8812de5a96) C:\Windows

\system32\DRIVERS\SynTP.sys
10:15:28.0816 10884 SynTP - ok
10:15:28.0863 10884 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows

\SYSTEM32\Drivers\SysPlant.sys
10:15:28.0910 10884 SysPlant - ok
10:15:29.0035 10884 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows

\system32\drivers\tcpip.sys
10:15:29.0128 10884 Tcpip - ok
10:15:29.0206 10884 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows

\system32\DRIVERS\tcpip.sys
10:15:29.0269 10884 TCPIP6 - ok
10:15:29.0331 10884 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows

\system32\drivers\tcpipreg.sys
10:15:29.0409 10884 tcpipreg - ok
10:15:29.0471 10884 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows

\system32\drivers\tdpipe.sys
10:15:29.0565 10884 TDPIPE - ok
10:15:29.0627 10884 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows

\system32\drivers\tdtcp.sys
10:15:29.0705 10884 TDTCP - ok
10:15:29.0783 10884 tdx (b459575348c20e8121d6039da063c704) C:\Windows

\system32\DRIVERS\tdx.sys
10:15:29.0861 10884 tdx - ok
10:15:29.0971 10884 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows

\system32\DRIVERS\teefer2.sys
10:15:30.0002 10884 Teefer2 - ok
10:15:30.0064 10884 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows

\system32\drivers\termdd.sys
10:15:30.0095 10884 TermDD - ok
10:15:30.0158 10884 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\Windows

\system32\DRIVERS\ApsHM86.sys
10:15:30.0189 10884 TPDIGIMN - ok
10:15:30.0267 10884 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows

\system32\drivers\tpm.sys
10:15:30.0298 10884 TPM - ok
10:15:31.0109 10884 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows

\system32\drivers\Tppwr32v.sys
10:15:31.0141 10884 TPPWRIF - ok
10:15:31.0219 10884 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows

\system32\DRIVERS\tssecsrv.sys
10:15:31.0281 10884 tssecsrv - ok
10:15:31.0375 10884 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows

\system32\drivers\tsusbflt.sys
10:15:31.0468 10884 TsUsbFlt - ok
10:15:31.0546 10884 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows

\system32\DRIVERS\tunnel.sys
10:15:31.0640 10884 tunnel - ok
10:15:31.0702 10884 TurboB (c0847edcccef8d4f5354e82ec9e90159) C:\Windows

\system32\DRIVERS\TurboB.sys
10:15:31.0733 10884 TurboB - ok
10:15:31.0780 10884 TVTI2C (3078906e991f29305e8066911153717e) C:\Windows

\system32\DRIVERS\Tvti2c.sys
10:15:31.0811 10884 TVTI2C - ok
10:15:31.0874 10884 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows

\system32\DRIVERS\uagp35.sys
10:15:31.0921 10884 uagp35 - ok
10:15:31.0983 10884 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows

\system32\DRIVERS\udfs.sys
10:15:32.0092 10884 udfs - ok
10:15:32.0170 10884 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows

\system32\drivers\uliagpkx.sys
10:15:32.0217 10884 uliagpkx - ok
10:15:32.0311 10884 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows

\system32\drivers\umbus.sys
10:15:32.0342 10884 umbus - ok
10:15:32.0373 10884 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows

\system32\DRIVERS\umpass.sys
10:15:32.0420 10884 UmPass - ok
10:15:32.0498 10884 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows

\system32\Drivers\usbaapl.sys
10:15:32.0591 10884 USBAAPL - ok
10:15:32.0654 10884 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows

\system32\DRIVERS\usbccgp.sys
10:15:32.0716 10884 usbccgp - ok
10:15:32.0763 10884 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows

\system32\drivers\usbcir.sys
10:15:32.0810 10884 usbcir - ok
10:15:32.0981 10884 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows

\system32\drivers\usbehci.sys
10:15:33.0527 10884 usbehci - ok
10:15:33.0699 10884 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows

\system32\DRIVERS\usbhub.sys
10:15:33.0761 10884 usbhub - ok
10:15:33.0824 10884 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows

\system32\drivers\usbohci.sys
10:15:33.0886 10884 usbohci - ok
10:15:33.0949 10884 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows

\system32\DRIVERS\usbprint.sys
10:15:33.0995 10884 usbprint - ok
10:15:34.0151 10884 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows

\system32\DRIVERS\usbscan.sys
10:15:34.0229 10884 usbscan - ok
10:15:34.0292 10884 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows

\system32\DRIVERS\USBSTOR.SYS
10:15:34.0385 10884 USBSTOR - ok
10:15:34.0432 10884 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows

\system32\drivers\usbuhci.sys
10:15:34.0495 10884 usbuhci - ok
10:15:34.0557 10884 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows

\System32\Drivers\usbvideo.sys
10:15:34.0604 10884 usbvideo - ok
10:15:34.0682 10884 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows

\system32\drivers\vdrvroot.sys
10:15:34.0713 10884 vdrvroot - ok
10:15:34.0760 10884 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows

\system32\DRIVERS\vgapnp.sys
10:15:34.0838 10884 vga - ok
10:15:34.0869 10884 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows

\System32\drivers\vga.sys
10:15:34.0963 10884 VgaSave - ok
10:15:35.0041 10884 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows

\system32\drivers\vhdmp.sys
10:15:35.0087 10884 vhdmp - ok
10:15:35.0165 10884 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows

\system32\drivers\viaagp.sys
10:15:35.0212 10884 viaagp - ok
10:15:35.0259 10884 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows

\system32\DRIVERS\viac7.sys
10:15:35.0321 10884 ViaC7 - ok
10:15:35.0399 10884 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows

\system32\drivers\viaide.sys
10:15:35.0431 10884 viaide - ok
10:15:36.0226 10884 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows

\system32\drivers\vmbus.sys
10:15:36.0273 10884 vmbus - ok
10:15:36.0304 10884 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows

\system32\drivers\VMBusHID.sys
10:15:36.0367 10884 VMBusHID - ok
10:15:36.0413 10884 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows

\system32\drivers\volmgr.sys
10:15:36.0445 10884 volmgr - ok
10:15:36.0476 10884 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows

\system32\drivers\volmgrx.sys
10:15:36.0523 10884 volmgrx - ok
10:15:36.0569 10884 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows

\system32\drivers\volsnap.sys
10:15:36.0616 10884 volsnap - ok
10:15:36.0663 10884 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows

\system32\DRIVERS\vsmraid.sys
10:15:36.0710 10884 vsmraid - ok
10:15:36.0741 10884 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows

\system32\DRIVERS\vwifibus.sys
10:15:36.0803 10884 vwifibus - ok
10:15:36.0866 10884 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows

\system32\DRIVERS\vwififlt.sys
10:15:36.0913 10884 vwififlt - ok
10:15:36.0944 10884 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows

\system32\DRIVERS\vwifimp.sys
10:15:36.0975 10884 vwifimp - ok
10:15:37.0022 10884 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows

\system32\DRIVERS\wacompen.sys
10:15:37.0069 10884 WacomPen - ok
10:15:37.0131 10884 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows

\system32\DRIVERS\wanarp.sys
10:15:37.0209 10884 WANARP - ok
10:15:37.0209 10884 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows

\system32\DRIVERS\wanarp.sys
10:15:37.0287 10884 Wanarpv6 - ok
10:15:37.0349 10884 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows

\system32\DRIVERS\wd.sys
10:15:37.0396 10884 Wd - ok
10:15:37.0443 10884 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows

\system32\drivers\Wdf01000.sys
10:15:37.0490 10884 Wdf01000 - ok
10:15:37.0552 10884 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows

\system32\DRIVERS\wfplwf.sys
10:15:37.0615 10884 WfpLwf - ok
10:15:37.0661 10884 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows

\system32\drivers\wimmount.sys
10:15:37.0693 10884 WIMMount - ok
10:15:37.0771 10884 winachsf (253a9c2df9a2a7b3b23146014959f2cd) C:\Windows

\system32\DRIVERS\HSX_CNXT.sys
10:15:37.0833 10884 winachsf - ok
10:15:37.0942 10884 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows

\system32\DRIVERS\WinUSB.sys
10:15:38.0098 10884 WinUsb - ok
10:15:38.0847 10884 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows

\system32\drivers\wmiacpi.sys
10:15:38.0894 10884 WmiAcpi - ok
10:15:38.0972 10884 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows

\system32\drivers\wpsdrvnt.sys
10:15:39.0003 10884 WPS - ok
10:15:39.0050 10884 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows

\system32\drivers\WpsHelper.sys
10:15:39.0081 10884 WpsHelper - ok
10:15:39.0128 10884 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows

\system32\drivers\ws2ifsl.sys
10:15:39.0237 10884 ws2ifsl - ok
10:15:39.0315 10884 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows

\system32\drivers\WudfPf.sys
10:15:39.0409 10884 WudfPf - ok
10:15:39.0471 10884 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows

\system32\DRIVERS\WUDFRd.sys
10:15:39.0549 10884 WUDFRd - ok
10:15:39.0611 10884 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows

\system32\DRIVERS\XAudio32.sys
10:15:39.0643 10884 XAudio - ok
10:15:39.0689 10884 MBR (0x1B8) (bca79969e5e06eef18fcb13b6cfadd95) \Device\Harddisk0\DR0
10:15:39.0814 10884 \Device\Harddisk0\DR0 - ok
10:15:39.0845 10884 Boot (0x1200) (71f3f3285c94c0864d3c545a481368ca) \Device

\Harddisk0\DR0\Partition0
10:15:39.0861 10884 \Device\Harddisk0\DR0\Partition0 - ok
10:15:39.0877 10884 Boot (0x1200) (595da05ed7acb69af4dc5b5945dd195e) \Device

\Harddisk0\DR0\Partition1
10:15:39.0877 10884 \Device\Harddisk0\DR0\Partition1 - ok
10:15:39.0908 10884 Boot (0x1200) (c99903ee01c0351dee23f8139179fa93) \Device

\Harddisk0\DR0\Partition2
10:15:39.0908 10884 \Device\Harddisk0\DR0\Partition2 - ok
10:15:39.0908 10884 ============================================================
10:15:39.0908 10884 Scan finished
10:15:39.0908 10884 ============================================================
10:15:39.0923 1428 Detected object count: 0
10:15:39.0923 1428 Actual detected object count: 0

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 18 February 2012 - 10:37 AM

Download aswMBR to your desktop.
http://public.avast....erek/aswMBR.exe
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 sp1234

sp1234

    New Member

  • Members
  • Pip
  • 10 posts

Posted 19 February 2012 - 01:04 PM

Hi Mr. Charlie,

Sorry about the delayed response. I tried out the aswMBR file scan, but twice the computer crashed, and I got the Blue Screen. (I'm attaching one of the images from the BlureScreen). Also, attaching the brief messages from Windows... The program did not create an MBR dat file on the desktop, perhaps because the computer crashed. On one occasion, I stopped the program after about 30 mins, and am attaching the log from that scan.

Kindly suggest what I should do next.

thanks,
SP

Scan log from a scan which I stopped mid-way...

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-18 13:39:22
-----------------------------
13:39:22.558 OS Version: Windows 6.1.7601 Service Pack 1
13:39:22.558 Number of processors: 4 586 0x2502
13:39:22.558 ComputerName: SAURABHP UserName: Saurabh
13:39:26.989 Initialize success
13:39:35.304 AVAST engine defs: 12021800
13:39:38.626 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:39:38.626 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
13:39:38.642 Disk 0 MBR read successfully
13:39:38.658 Disk 0 MBR scan
13:39:38.658 Disk 0 unknown MBR code
13:39:38.798 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
13:39:39.001 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
13:39:39.282 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
13:39:39.516 Disk 0 scanning sectors +976771072
13:39:39.672 Disk 0 scanning C:\Windows\system32\drivers
13:40:29.515 Service scanning
13:41:33.726 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
13:41:36.222 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
13:41:49.467 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
13:41:49.576 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
13:41:51.729 Modules scanning
13:42:24.052 Disk 0 trace - called modules:
13:42:24.130 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
13:42:24.146 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8825ba00]
13:42:24.177 3 CLASSPNP.SYS[8bdcf59e] -> nt!IofCallDriver -> [0x866d8c10]
13:42:24.193 5 ACPI.sys[8b6933d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866d4028]
13:42:26.595 AVAST engine scan C:\Windows
13:43:07.420 AVAST engine scan C:\Windows\system32
13:53:24.541 AVAST engine scan C:\Windows\system32\drivers
13:54:03.339 AVAST engine scan C:\Users\Saurabh
14:36:59.180 Disk 0 MBR has been saved successfully to "C:\Users\Saurabh\Desktop\temp_files\virus_removal\MBR.dat"
14:36:59.218 The log file has been saved successfully to "C:\Users\Saurabh\Desktop\temp_files\virus_removal\aswMBR_Feb18.txt"


Messages from Windows when the computer crashed..

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: a
BCP1: 30394C54
BCP2: 00000002
BCP3: 00000000
BCP4: 832B79FC
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\021812-74646-01.dmp
C:\Users\Saurabh\AppData\Local\Temp\WER-152943-0.sysdata.xml

%%%%%%%%%%%%%%%%

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: be
BCP1: 8BC27764
BCP2: 03F15121
BCP3: 8DBD3CB0
BCP4: 0000000A
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\021912-61604-01.dmp
C:\Users\Saurabh\AppData\Local\Temp\WER-165688-0.sysdata.xml

Blue Screen image is attached.

Attached Files



#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 February 2012 - 08:45 AM

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}


Looks like you have Symantec and Windows Defender running at the same time, if this is correct....
Please disable Windows Defender and only run Symantec:

http://windows.micro...ender-on-or-off

The blue screen is most likely from Symantec.

------------------

Please do this:

Download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe
http://download.blee...al/MBRCheck.exe
http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 sp1234

sp1234

    New Member

  • Members
  • Pip
  • 10 posts

Posted 20 February 2012 - 05:06 PM

MrC,

Here is the log file from MBRCheck.exe. Kindly let me know what to do next...

thanks,
SP


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 43142PU
Logical Drives Mask: 0x00010014

Kernel Drivers (total 241):
0x8320A000 \SystemRoot\system32\ntkrnlpa.exe
0x8361C000 \SystemRoot\system32\halmacpi.dll
0x80BC5000 \SystemRoot\system32\kdcom.dll
0x8B40F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B494000 \SystemRoot\system32\PSHED.dll
0x8B4A5000 \SystemRoot\system32\BOOTVID.dll
0x8B4AD000 \SystemRoot\system32\CLFS.SYS
0x8B4EF000 \SystemRoot\system32\CI.dll
0x8B63B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B6AC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B6BA000 \SystemRoot\system32\drivers\ACPI.sys
0x8B702000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8B70B000 \SystemRoot\system32\drivers\msisadrv.sys
0x8B713000 \SystemRoot\system32\drivers\pci.sys
0x8B73D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8B748000 \SystemRoot\System32\drivers\partmgr.sys
0x8B759000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B761000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B76C000 \SystemRoot\system32\drivers\volmgr.sys
0x8B77C000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B7C7000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B600000 \SystemRoot\system32\drivers\vmbus.sys
0x8B7DD000 \SystemRoot\system32\drivers\winhv.sys
0x8B81E000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B9D1000 \SystemRoot\system32\drivers\amdxata.sys
0x8B59A000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B9DA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BA04000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB33000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BB5E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BB71000 \SystemRoot\System32\Drivers\cng.sys
0x8BBCE000 \SystemRoot\System32\drivers\pcw.sys
0x8BBDC000 \SystemRoot\System32\DRIVERS\DozeHDD.sys
0x8BBE1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BC01000 \SystemRoot\system32\drivers\ndis.sys
0x8BCB8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BCF6000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BE3F000 \SystemRoot\System32\drivers\tcpip.sys
0x8BF89000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BFBA000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8BE00000 \SystemRoot\system32\drivers\volsnap.sys
0x8BFC3000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x8BFCC000 \SystemRoot\System32\Drivers\spldr.sys
0x8BD1B000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BFD4000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8BFF4000 \SystemRoot\System32\Drivers\RapportKELL.sys
0x8BD48000 \SystemRoot\System32\Drivers\mup.sys
0x8BD58000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BD60000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BD92000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BDA3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x91BC8000 \SystemRoot\system32\drivers\cdrom.sys
0x92000000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x921CA000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x921EF000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x99C01000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
0x99C37000 \SystemRoot\System32\Drivers\Null.SYS
0x99C3E000 \SystemRoot\System32\Drivers\Beep.SYS
0x99C45000 \SystemRoot\System32\drivers\vga.sys
0x99C51000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x99C72000 \SystemRoot\System32\drivers\watchdog.sys
0x99C7F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x99C87000 \SystemRoot\system32\drivers\rdpencdd.sys
0x99C8F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x99C97000 \SystemRoot\System32\Drivers\Msfs.SYS
0x99CA2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x99CB0000 \SystemRoot\system32\DRIVERS\tdx.sys
0x99CC7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x99CD3000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x99D00000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys
0x99D0E000 \SystemRoot\system32\drivers\afd.sys
0x99D68000 \SystemRoot\System32\DRIVERS\netbt.sys
0x99D9A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x99DA1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x99DC0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x99DD1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x99DDF000 \SystemRoot\system32\DRIVERS\serial.sys
0x8BDD5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x99DF9000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x8BDE8000 \SystemRoot\system32\drivers\termdd.sys
0x9D00D000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x9D077000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9D0B8000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0x9D0DE000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
0x9D0EE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9D0F8000 \SystemRoot\system32\drivers\mssmbios.sys
0x9D102000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x9D104000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9D162000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9D180000 \SystemRoot\System32\drivers\discache.sys
0x9D18C000 \SystemRoot\system32\drivers\csc.sys
0x8B800000 \SystemRoot\System32\Drivers\dfsc.sys
0x9D1F0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8B5CE000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BBEA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9E401000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9ED78000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9D612000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9D6C9000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9D702000 \SystemRoot\system32\drivers\HDAudBus.sys
0x9D721000 \SystemRoot\system32\DRIVERS\HECI.sys
0x9D72C000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9D736000 \SystemRoot\system32\DRIVERS\e1k6232.sys
0x9D76B000 \SystemRoot\system32\drivers\usbehci.sys
0x9D77A000 \SystemRoot\system32\drivers\USBPORT.SYS
0x9F20C000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x9F7EB000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9D7C5000 \SystemRoot\system32\drivers\sdbus.sys
0x9D7DE000 \SystemRoot\system32\DRIVERS\rimspe86.sys
0x9ED7A000 \SystemRoot\system32\drivers\1394ohci.sys
0x9EDA7000 \SystemRoot\system32\drivers\i8042prt.sys
0x9D7F3000 \SystemRoot\system32\drivers\kbdclass.sys
0x9EDBF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9F7F5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9D600000 \SystemRoot\system32\drivers\mouclass.sys
0x9F200000 \SystemRoot\system32\drivers\tpm.sys
0x9F7F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x9F7FB000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x9EDF6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xA1A0D000 \SystemRoot\system32\DRIVERS\Impcd.sys
0xA1A2C000 \SystemRoot\system32\drivers\wmiacpi.sys
0xA1A35000 \SystemRoot\system32\drivers\CompositeBus.sys
0xA1A42000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0xA1A4D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0xA1A5F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xA1A77000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xA1A82000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xA1AA4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xA1ABC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xA1AD3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0xA1AEA000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0xA1AF4000 \SystemRoot\system32\DRIVERS\psadd.sys
0xA1AFB000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0xA1B03000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xA1B21000 \SystemRoot\system32\drivers\swenum.sys
0xA1B23000 \SystemRoot\system32\drivers\ks.sys
0xA1B57000 \SystemRoot\system32\drivers\umbus.sys
0xA1B65000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA1BA9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA1BBA000 \SystemRoot\system32\drivers\nvhda32v.sys
0xA1BCD000 \SystemRoot\system32\drivers\portcls.sys
0xA183A000 \SystemRoot\system32\drivers\drmk.sys
0xA1853000 \SystemRoot\system32\drivers\CHDRT32.sys
0xA18CB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xA200C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xA210E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xA21C3000 \SystemRoot\system32\drivers\modem.sys
0xA21D0000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xA1908000 \SystemRoot\System32\Drivers\bthport.sys
0xA21E2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA196C000 \SystemRoot\system32\DRIVERS\5U877.sys
0xA198B000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xA1999000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91A00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xA19A6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0xA19B7000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xA19DB000 \SystemRoot\system32\drivers\BthEnum.sys
0xA1800000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xA181B000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0xA3320000 \SystemRoot\System32\win32k.sys
0xA2000000 \SystemRoot\System32\drivers\Dxapi.sys
0xA3627000 \SystemRoot\system32\drivers\btwavdt.sys
0xA369A000 \SystemRoot\system32\DRIVERS\hidbth.sys
0xA36B5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA36C8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA36CF000 \SystemRoot\system32\drivers\btwaudio.sys
0xA3750000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0xA375B000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0xA3580000 \SystemRoot\System32\TSDDD.dll
0xA35B0000 \SystemRoot\System32\cdd.dll
0xA3200000 \SystemRoot\System32\ATMFD.DLL
0xA3780000 \SystemRoot\system32\drivers\luafv.sys
0xA379B000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
0xA379D000 \SystemRoot\system32\drivers\WudfPf.sys
0xA37B7000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0xA37C0000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA37E1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAC220000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAC266000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC276000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAC289000 \SystemRoot\system32\DRIVERS\TurboB.sys
0xAC290000 \SystemRoot\system32\drivers\HTTP.sys
0xAC315000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAC32E000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAC340000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAC363000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAC39E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC3D1000 \??\C:\Windows\system32\drivers\WpsHelper.sys
0xAC200000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0xAC209000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB3631000 \SystemRoot\system32\drivers\peauth.sys
0xB36C8000 \SystemRoot\system32\drivers\regi.sys
0xB36CA000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB36D4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB36F5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB3702000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0xB370A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB375A000 \SystemRoot\System32\DRIVERS\srv.sys
0xB37AC000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x9204A000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120219.016\NAVEX15.SYS
0xB37E4000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120219.016\NAVENG.SYS
0xC95D2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xC95DB000 \??\c:\program files\pc-doctor\pcdsrvc.pkms
0xC95EA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77000000 \Windows\System32\ntdll.dll
0x48330000 \Windows\System32\smss.exe
0x77240000 \Windows\System32\apisetschema.dll
0x00300000 \Windows\System32\autochk.exe
0x763B0000 \Windows\System32\shell32.dll
0x76250000 \Windows\System32\ole32.dll
0x771A0000 \Windows\System32\clbcatq.dll
0x761D0000 \Windows\System32\comdlg32.dll
0x76140000 \Windows\System32\oleaut32.dll
0x77180000 \Windows\System32\sechost.dll
0x760F0000 \Windows\System32\gdi32.dll
0x75EF0000 \Windows\System32\iertutil.dll
0x75E90000 \Windows\System32\difxapi.dll
0x75E40000 \Windows\System32\Wldap32.dll
0x77170000 \Windows\System32\lpk.dll
0x75D90000 \Windows\System32\rpcrt4.dll
0x75CB0000 \Windows\System32\kernel32.dll
0x75C10000 \Windows\System32\advapi32.dll
0x75B40000 \Windows\System32\user32.dll
0x759A0000 \Windows\System32\setupapi.dll
0x77160000 \Windows\System32\psapi.dll
0x75960000 \Windows\System32\ws2_32.dll
0x77150000 \Windows\System32\nsi.dll
0x75940000 \Windows\System32\imm32.dll
0x758E0000 \Windows\System32\shlwapi.dll
0x757A0000 \Windows\System32\urlmon.dll
0x756A0000 \Windows\System32\wininet.dll
0x75670000 \Windows\System32\imagehlp.dll
0x77140000 \Windows\System32\normaliz.dll
0x755A0000 \Windows\System32\msctf.dll
0x754F0000 \Windows\System32\msvcrt.dll
0x75450000 \Windows\System32\usp10.dll
0x75430000 \Windows\System32\devobj.dll
0x753E0000 \Windows\System32\KernelBase.dll
0x753B0000 \Windows\System32\cfgmgr32.dll
0x75380000 \Windows\System32\wintrust.dll
0x752F0000 \Windows\System32\comctl32.dll

Processes (total 130):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
528 csrss.exe
604 csrss.exe
612 C:\Windows\System32\wininit.exe
664 C:\Windows\System32\services.exe
700 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\lsass.exe
740 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\ibmpmsvc.exe
936 C:\Windows\System32\nvvsvc.exe
976 C:\Windows\System32\svchost.exe
1060 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1180 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\svchost.exe
1456 C:\Windows\System32\nvvsvc.exe
1540 WUDFHost.exe
1600 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
1700 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
1744 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1840 C:\Windows\System32\spoolsv.exe
1712 C:\Windows\System32\svchost.exe
2100 C:\Windows\System32\svchost.exe
2144 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
2192 C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
2212 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
2300 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2548 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2584 C:\Program Files\Bonjour\mDNSResponder.exe
2620 C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
2660 C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
2688 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2724 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2788 C:\Windows\System32\svchost.exe
2832 C:\Program Files\Lenovo\HOTKEY\cammute.exe
2872 C:\Program Files\Lenovo\HOTKEY\micmute.exe
2936 C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
2992 C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe
3036 C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
3080 MATLAB.exe
3232 C:\Windows\System32\taskhost.exe
3348 C:\Windows\System32\dwm.exe
3412 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
3520 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
3824 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
3888 C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
3976 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
4000 C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
4036 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
4076 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2024 C:\Windows\System32\svchost.exe
2388 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
3656 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
344 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
3536 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1852 C:\Program Files\Lenovo\Access Connections\AcSvc.exe
1580 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1860 unsecapp.exe
4108 WmiPrvSE.exe
4368 C:\Windows\System32\svchost.exe
4736 C:\Windows\System32\svchost.exe
5004 C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
5024 WmiPrvSE.exe
5340 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
5364 C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
5388 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
5408 C:\Windows\System32\TpShocks.exe
5536 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
5612 C:\Windows\System32\rundll32.exe
5620 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
5712 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5788 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
5800 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
5936 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
6008 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
6084 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
4200 C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
4788 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
4568 C:\Windows\System32\SearchIndexer.exe
1352 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
1592 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
5236 C:\Windows\System32\svchost.exe
5512 C:\Program Files\iTunes\iTunesHelper.exe
3836 C:\Program Files\Memeo\Memeo Send\MemeoSend.exe
972 C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
5204 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4800 C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
4124 C:\Program Files\iPod\bin\iPodService.exe
2032 C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
4668 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
4700 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
3216 C:\Program Files\Digital Line Detect\DLG.exe
4020 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
6148 C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
6524 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
6740 C:\Program Files\Common Files\Teleca Shared\Generic.exe
6868 C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE
6936 C:\Users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe
7076 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
7184 C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
7336 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
7952 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
8028 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
4188 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
8128 C:\Windows\System32\svchost.exe
7444 C:\Users\Saurabh\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
5696 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
2260 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
3804 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
5360 C:\Program Files\Lenovo\System Update\SUService.exe
3736 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
4852 C:\Program Files\Windows Media Player\wmpnetwk.exe
7140 C:\Windows\System32\svchost.exe
3764 C:\Windows\System32\taskhost.exe
4056 C:\Program Files\Real\RealPlayer\Update\realsched.exe
8748 C:\Windows\explorer.exe
3360 C:\Windows\System32\wlanext.exe
9816 C:\Windows\System32\conhost.exe
3120 C:\Windows\System32\svchost.exe
4904 C:\Windows\System32\audiodg.exe
4420 C:\Windows\System32\SearchProtocolHost.exe
1680 C:\Windows\System32\SearchFilterHost.exe
8548 C:\Users\Saurabh\Desktop\MBRCheck.exe
8316 C:\Windows\System32\conhost.exe
10192 C:\Windows\System32\dllhost.exe
8428 taskhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 64C8A6D0A0A7C08A8B7754F84FA77F4F4CF079F1


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 February 2012 - 06:44 PM

When you ran RogueKiller it should have created a folder called RK_Quarantine on your desktop, inside should be a file called
PhysicalDrive0_User.dat or similar. Can you zip it up and attach it to your next post.

What kind of computer is this?

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 sp1234

sp1234

    New Member

  • Members
  • Pip
  • 10 posts

Posted 20 February 2012 - 07:17 PM

The zipped file is attached. The original file was pretty small as well (1KB), but I figured you may want it zipped? Let me know if I need to run Rogue Killer again.
It is a Lenovo Thinkpad T510 with Windows 7.

SP

Attached Files



#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 February 2012 - 07:39 PM

Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 sp1234

sp1234

    New Member

  • Members
  • Pip
  • 10 posts

Posted 21 February 2012 - 12:22 AM

MrC,

The Results file from Listparts is attached. What do you think is the problem that is going on with regards to the malware/ virus?

Thanks,
SP


ListParts by Farbar
Ran by Saurabh on 21-02-2012 at 00:17:12
Windows 7 (X86)
Running From: C:\Users\Saurabh\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 33%
Total physical RAM: 3059.69 MB
Available physical RAM: 2025.55 MB
Total Pagefile: 6117.66 MB
Available Pagefile: 4236.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.38 MB

======================= Partitions =========================

1 Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:149.78 GB) NTFS ==>[System with boot

components (obtained from reading drive)]
3 Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:3.35 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 454 GB 1201 MB
Partition 3 Primary 9 GB 455 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM_DRV NTFS Partition 1200 MB Healthy System (partition with

boot components)

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows7_OS NTFS Partition 454 GB Healthy Boot

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 Q Lenovo_Reco NTFS Partition 9 GB Healthy



****** End Of Log ******

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 21 February 2012 - 09:17 AM

What do you think is the problem that is going on with regards to the malware/ virus?

This is a concern:

Disk trace:
called modules: >>UNKNOWN [0x8323E000]<< >>UNKNOWN [0x8BA00000]<< >>UNKNOWN [0x8BBDD000]<< >>UNKNOWN [0x8B62D000]<< >>UNKNOWN [0x83207000]<< >>UNKNOWN [0x8B82C000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8327552A] -> \Device\Harddisk0\DR0[0x88258AA0]
\Driver\Disk[0x88257C98] -> IRP_MJ_CREATE -> 0x8BA0439F
3 [0x8BA0459E] -> ntkrnlpa!IofCallDriver[0x8327552A] -> [0x866E8B90]
\Driver\ACPI[0x85950E58] -> IRP_MJ_CREATE -> 0x8B6364CC
5 [0x8B6363D4] -> ntkrnlpa!IofCallDriver[0x8327552A] -> \Device\Ide\IAAStorageDevice-1[0x866D4028]
\Driver\iaStor[0x8592FF38] -> IRP_MJ_CREATE -> 0x8B852B26
kernel: MBR read successfully
_asm { JMP 0x10; }
user & kernel MBR OK
copy of MBR has been found in sector 9 !
Warning: possible TDL3 rootkit infection !


Lets do this:

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 sp1234

sp1234

    New Member

  • Members
  • Pip
  • 10 posts

Posted 24 February 2012 - 05:52 PM

Hi MrC,

I am attaching the ComboFix log below. I am still observing the same issue with Chrome (it does not go to www.google.com and the tab says "Welcome to mydomainadvisor.com" etc).
A couple of days back (before I ran Combofix), the computer had restarted suddenly... I am also attaching one of the error messages that it showed...

thanks,
SP


COMBOFIX LOG

ComboFix 12-02-23.01 - Saurabh 02/24/2012 16:22:44.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3060.1972 [GMT -5:00]
Running from: c:\users\Saurabh\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET61CD.tmp
c:\windows\system32\SETAC30.tmp
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 21:38 . 2012-02-24 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 21:38 . 2012-02-24 21:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-17 23:44 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD41C75B-7AE7-476D-AD88-B459A7C60F33}\mpengine.dll
2012-02-16 08:06 . 2012-02-16 08:06 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-16 06:24 . 2012-02-16 06:24 388096 ----a-r- c:\users\Saurabh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-16 06:24 . 2012-02-16 06:24 -------- d-----w- c:\program files\Trend Micro
2012-02-16 05:56 . 2012-02-17 06:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-16 05:56 . 2012-02-16 05:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-16 05:46 . 2012-02-16 05:46 -------- d-----w- c:\users\Saurabh\AppData\Roaming\Malwarebytes
2012-02-16 05:46 . 2012-02-16 05:46 -------- d-----w- c:\programdata\Malwarebytes
2012-02-16 05:46 . 2012-02-16 05:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-16 05:46 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-16 03:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 03:28 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 03:27 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-01 17:09 . 2012-02-01 17:09 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-02-01 17:09 . 2012-02-01 17:09 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-02-01 17:09 . 2012-02-01 17:09 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-02-01 17:09 . 2012-02-01 17:09 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-02-01 17:09 . 2012-02-01 17:09 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-02-01 17:09 . 2012-02-01 17:09 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2012-02-01 17:09 . 2012-02-01 17:09 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-01 17:09 . 2012-02-01 17:09 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-01 17:09 . 2012-02-01 17:09 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-01 17:09 . 2012-02-01 17:09 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-01 15:04 . 2012-02-01 15:04 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-02-01 15:03 . 2012-02-01 15:03 -------- d-----w- c:\program files\Common Files\xing shared
2012-02-01 15:02 . 2012-02-01 15:02 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-02-01 15:02 . 2012-02-01 15:02 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2012-01-31 20:06 . 2012-01-31 20:17 -------- d-----w- c:\program files\One-Click Export
2012-01-25 23:32 . 2012-01-25 23:32 -------- d-----w- c:\users\Saurabh\AppData\Local\Intuit_Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 05:21 . 2010-03-09 22:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 15:16 . 2012-01-25 15:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-12-12 20:10 . 2011-12-12 20:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-01 17:09 . 2012-02-01 17:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-11-17 69568]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2009-08-17 55048]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"nwiz"="nwiz.exe" [2009-12-03 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-03 13838952]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-12-10 865640]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-12-16 115560]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416]
"Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-01 296056]
.
c:\users\Saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 795936]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-20 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-12-6 5904216]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-08-17 22:27 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIXER8"=WnvMxr.dll
"WAVE8"=WnvWav32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848]
R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-07 21520]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 99768]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2009-12-10 24304]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2012-01-25 56208]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2012-01-25 71440]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2012-01-25 164112]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2009-12-10 132456]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-01-25 931640]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-11-16 62904]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 13752]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-10-27 126080]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-01 214696]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-11 66664]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1143727864-1791916152-3031067532-1003Core.job
- c:\users\Saurabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 22:08]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1143727864-1791916152-3031067532-1003UA.job
- c:\users\Saurabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 22:08]
.
2012-02-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
.
2012-02-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 128.220.1.75 162.129.253.134
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\0653317f.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(732)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(5856)
c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-02-24 16:50:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 21:49
.
Pre-Run: 165,016,322,048 bytes free
Post-Run: 164,808,577,024 bytes free
.
- - End Of File - - 1E7669E54C408B84B7D9D9CD45BB4181


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

RESTART ERROR MESSAGE

PROBLEM:

NT Kernel _System has changed since the last time you used it. This could happen if you have updated it recently. Click Detail to see more information. Do you want to allow it to access the network?

Yes? No? Detail

Detailed information about NT Kernel _System and the connection it is trying to establish:


The executable has changed since the last time you used C:\Windows\system32\ntoskrnl.exe
File Version: 6.1.7601.17713
File Description: NT Kernel & System
File Path: C:\Windows\system32\ntoskrnl.exe
Digital Signature:
Process ID: 0x0 (Hexadecimal) 0 (Decimal)

Connection origin: remote initiated
Protocol: UDP
Local Address: 192.168.1.255
Local Port: 137 (NETBIOS-NS - Browsing requests of NetBIOS over TCP/IP)
Remote Name:
Remote Address: 192.168.1.6
Remote Port: 137

Ethernet packet details:
Ethernet II (Packet Length: 92)
Destination: ff-ff-ff-ff-ff-ff
Source: 00-13-02-3b-4a-7b
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0xe36b (Correct)
Source: 192.168.1.6
Destination: 192.168.1.255
User Datagram Protocol
Source port: 21203200
Destination port: 35072
Length: 8
Checksum: 0xd638 (Correct)
Data (58 Bytes)

Binary dump of the packet:
0000: FF FF FF FF FF FF 00 13 : 02 3B 4A 7B 08 00 45 00 | .........;J{..E.
0010: 00 4E 4A 66 00 00 80 11 : 6B E3 C0 A8 01 06 C0 A8 | .NJf....k.......
0020: 01 FF 00 89 00 89 00 3A : 38 D6 D5 C4 01 10 00 01 | .......:8.......
0030: 00 00 00 00 00 00 20 46 : 45 46 44 45 44 45 4D 45 | ...... FEFDEDEME
0040: 4A 45 46 45 4F 46 45 43 : 41 43 41 43 41 43 41 43 | JEFEOFECACACACAC
0050: 41 43 41 43 41 41 41 00 : 00 20 00 01 | ACACAAA.. ..

THIS WAS THE PROBLEM SIGNATURE

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 9f
BCP1: 00000003
BCP2: 859F6760
BCP3: 83336AE0
BCP4: AE1CCBA8
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\022312-54288-01.dmp
C:\Users\Saurabh\AppData\Local\Temp\WER-129090-0.sysdata.xml

#16 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 24 February 2012 - 06:23 PM

Lets make sure you have the latest version of Chrome:
Open up Chrome > in the upper right corner click the wrench > scroll down to "About Google Chrome", if an update is available it will be installed.

The click on the wrench again and chose Tools Extensions, see if there's any suspicious items there.
Click on Clear Browser Data > clear it out.
The to the left go through Basics, Personal Stuff, etc. see if there's any thing suspicious.

-------------------------------------

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17 sp1234

sp1234

    New Member

  • Members
  • Pip
  • 10 posts

Posted 24 February 2012 - 09:16 PM

MrC,

I tried the changes you suggested with Chrome, and it seems like I can now go to Google.com from it. Do you think the virus/ malware has been taken care of?
I'm also attaching the log from OTL below. (Btw, after I started Symantec, it recognized Combofix as a Trojan and deleted/ quarantined it. Is this a problem, or should I let it go).

thanks,
SP


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73974971 bytes
->Flash cache emptied: 2631 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Saurabh
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 696649697 bytes
->Java cache emptied: 467140 bytes
->FireFox cache emptied: 154111763 bytes
->Google Chrome cache emptied: 8362172 bytes
->Flash cache emptied: 239538 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74165 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 891.00 mb


OTL by OldTimer - Version 3.2.33.2 log created on 02242012_210008

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_SAURABHP$\3456 not found!

Registry entries deleted on Reboot...

#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 25 February 2012 - 09:07 AM

(Btw, after I started Symantec, it recognized Combofix as a Trojan and deleted/ quarantined it. Is this a problem, or should I let it go).

No move it back to your desktop so we can properly uninstall it.

--------------------------------

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-------------------------------


Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)


---------------------------

Your Java is out of date, older versions are vulnerable to malware.

Go to your control panel > Java > Update Tab > Update Now.

BrowserJavaVersion: 1.6.0_29 <----should be 31

---------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 sp1234

sp1234

    New Member

  • Members
  • Pip
  • 10 posts

Posted 25 February 2012 - 05:31 PM

MrC,

I did the OTL and Java task.

I am unable to restore the Combofix file unfortunately. When I go to Symantec and go to the View Quanratine panel, there are two listings for it. When I ask it to restore the Combofix file (which it has labeled as a Trojan.ADH.2), it either does not do it or it briefly restores it and then wipes it out again.
Once I was able to restore it briefly by turning Symantec off, but when I tried to do the "Combofix /uninstall" command on run, it cannot find Combofix.
I also tried to re-run Combofix so that I can reinstall the program, and then uninstall it. Even though I had disabled Symantec, it still deleted the Combofix icon midway / towards the end of the process.

Please let me know if something can be done for this.

Also, I was wondering if there is a way to make this complete post thread private or delete it, in case there is any private information in the Logs?

Thank you so much again for your patient and knowledgeable help.

SP

#20 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,196 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 25 February 2012 - 05:38 PM

Also, I was wondering if there is a way to make this complete post thread private or delete it, in case there is any private information in the Logs?

We can edit out any info that you want, it has to be done by a moderator....I suggest you contact by PM one if needed.

To clean up just do this:

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users