sp1234

Members
  • Content count

    11
  • Joined

  • Last visited

About sp1234

  • Rank
    New Member
  1. MrC, I did the OTL and Java task. I am unable to restore the Combofix file unfortunately. When I go to Symantec and go to the View Quanratine panel, there are two listings for it. When I ask it to restore the Combofix file (which it has labeled as a Trojan.ADH.2), it either does not do it or it briefly restores it and then wipes it out again. Once I was able to restore it briefly by turning Symantec off, but when I tried to do the "Combofix /uninstall" command on run, it cannot find Combofix. I also tried to re-run Combofix so that I can reinstall the program, and then uninstall it. Even though I had disabled Symantec, it still deleted the Combofix icon midway / towards the end of the process. Please let me know if something can be done for this. Also, I was wondering if there is a way to make this complete post thread private or delete it, in case there is any private information in the Logs? Thank you so much again for your patient and knowledgeable help. SP
  2. MrCharlie was amazingly helpful. I was stumped by a malware/ virus that none of the spyware programs or anti-virus programs workedl. He patiently helped me through the process of getting rid of the virus/ malware.

    1. sp1234

      sp1234

      He's extremely knowledgeable and very prompt in his responses as well. Thanks so much again!

  3. MrC, I tried the changes you suggested with Chrome, and it seems like I can now go to Google.com from it. Do you think the virus/ malware has been taken care of? I'm also attaching the log from OTL below. (Btw, after I started Symantec, it recognized Combofix as a Trojan and deleted/ quarantined it. Is this a problem, or should I let it go). thanks, SP All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 73974971 bytes ->Flash cache emptied: 2631 bytes User: Public ->Temp folder emptied: 0 bytes User: Saurabh ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 696649697 bytes ->Java cache emptied: 467140 bytes ->FireFox cache emptied: 154111763 bytes ->Google Chrome cache emptied: 8362172 bytes ->Flash cache emptied: 239538 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 74165 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 891.00 mb OTL by OldTimer - Version 3.2.33.2 log created on 02242012_210008 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\hsperfdata_SAURABHP$\3456 not found! Registry entries deleted on Reboot...
  4. Hi MrC, I am attaching the ComboFix log below. I am still observing the same issue with Chrome (it does not go to www.google.com and the tab says "Welcome to mydomainadvisor.com" etc). A couple of days back (before I ran Combofix), the computer had restarted suddenly... I am also attaching one of the error messages that it showed... thanks, SP COMBOFIX LOG ComboFix 12-02-23.01 - Saurabh 02/24/2012 16:22:44.1.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3060.1972 [GMT -5:00] Running from: c:\users\Saurabh\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\SET61CD.tmp c:\windows\system32\SETAC30.tmp Q:\AUTORUN.INF . . ((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 ))))))))))))))))))))))))))))))) . . 2012-02-24 21:38 . 2012-02-24 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-24 21:38 . 2012-02-24 21:38 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-02-17 23:44 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD41C75B-7AE7-476D-AD88-B459A7C60F33}\mpengine.dll 2012-02-16 08:06 . 2012-02-16 08:06 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-02-16 06:24 . 2012-02-16 06:24 388096 ----a-r- c:\users\Saurabh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-16 06:24 . 2012-02-16 06:24 -------- d-----w- c:\program files\Trend Micro 2012-02-16 05:56 . 2012-02-17 06:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-02-16 05:56 . 2012-02-16 05:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-02-16 05:46 . 2012-02-16 05:46 -------- d-----w- c:\users\Saurabh\AppData\Roaming\Malwarebytes 2012-02-16 05:46 . 2012-02-16 05:46 -------- d-----w- c:\programdata\Malwarebytes 2012-02-16 05:46 . 2012-02-16 05:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-16 05:46 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-16 03:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 03:28 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-16 03:27 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-01 17:09 . 2012-02-01 17:09 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2012-02-01 17:09 . 2012-02-01 17:09 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2012-02-01 17:09 . 2012-02-01 17:09 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2012-02-01 17:09 . 2012-02-01 17:09 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe 2012-02-01 17:09 . 2012-02-01 17:09 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2012-02-01 17:09 . 2012-02-01 17:09 924632 ----a-w- c:\program files\Mozilla Firefox\firefox.exe 2012-02-01 17:09 . 2012-02-01 17:09 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2012-02-01 17:09 . 2012-02-01 17:09 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2012-02-01 17:09 . 2012-02-01 17:09 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2012-02-01 17:09 . 2012-02-01 17:09 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2012-02-01 15:04 . 2012-02-01 15:04 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll 2012-02-01 15:03 . 2012-02-01 15:03 -------- d-----w- c:\program files\Common Files\xing shared 2012-02-01 15:02 . 2012-02-01 15:02 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2012-02-01 15:02 . 2012-02-01 15:02 108544 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll 2012-01-31 20:06 . 2012-01-31 20:17 -------- d-----w- c:\program files\One-Click Export 2012-01-25 23:32 . 2012-01-25 23:32 -------- d-----w- c:\users\Saurabh\AppData\Local\Intuit_Inc . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-27 05:21 . 2010-03-09 22:06 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-25 15:16 . 2012-01-25 15:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-12-12 20:10 . 2011-12-12 20:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-02-01 17:09 . 2012-02-01 17:09 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664] "IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640] "RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-11-17 69568] "TpShocks"="TpShocks.exe" [2009-12-11 337256] "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2009-08-17 55048] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768] "nwiz"="nwiz.exe" [2009-12-03 1657448] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-03 13838952] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-12-10 865640] "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976] "AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-12-16 115560] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2010-04-23 136416] "Memeo Send"="c:\program files\Memeo\Memeo Send\MemeoLauncher.exe" [2009-11-05 236816] "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-12-06 2215768] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-01 296056] . c:\users\Saurabh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 795936] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-20 50688] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-12-6 5904216] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-6 1175912] QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2012\QBW32.EXE [2011-12-6 1178984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2009-08-17 22:27 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MIXER8"=WnvMxr.dll "WAVE8"=WnvWav32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848] R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112] R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-07 21520] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 99768] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2009-12-10 24304] S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2012-01-25 56208] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480] S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2012-01-25 71440] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2012-01-25 164112] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2009-12-10 132456] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-23 25824] S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-08-20 1248256] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-01-25 931640] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352] S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-11-16 62904] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 13752] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-10-27 126080] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-01 214696] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696] S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-11 66664] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1143727864-1791916152-3031067532-1003Core.job - c:\users\Saurabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 22:08] . 2012-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1143727864-1791916152-3031067532-1003UA.job - c:\users\Saurabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 22:08] . 2012-02-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12] . 2012-02-24 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-02-18 00:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 128.220.1.75 162.129.253.134 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll FF - ProfilePath - c:\users\Saurabh\AppData\Roaming\Mozilla\Firefox\Profiles\0653317f.default\ FF - prefs.js: browser.startup.homepage - about:home . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-Symantec Antvirus . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0] "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0] "ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(732) c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infql2.dll . - - - - - - - > 'Explorer.exe'(5856) c:\users\Saurabh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll c:\program files\Lenovo\Access Connections\ACDeskBand.dll c:\program files\Lenovo\Access Connections\AcLocSettings.dll c:\program files\Lenovo\Access Connections\AcSvcStub.dll c:\program files\Lenovo\Access Connections\ACHelper.dll c:\program files\ThinkPad\Bluetooth Software\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\WUDFHost.exe c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Juniper Networks\Common Files\dsNcService.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Lenovo\Access Connections\AcSvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\taskhost.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\windows\system32\conhost.exe c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe c:\program files\ThinkPad\Bluetooth Software\btwdins.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\windows\system32\sppsvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-02-24 16:50:03 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-24 21:49 . Pre-Run: 165,016,322,048 bytes free Post-Run: 164,808,577,024 bytes free . - - End Of File - - 1E7669E54C408B84B7D9D9CD45BB4181 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%% RESTART ERROR MESSAGE PROBLEM: NT Kernel _System has changed since the last time you used it. This could happen if you have updated it recently. Click Detail to see more information. Do you want to allow it to access the network? Yes? No? Detail Detailed information about NT Kernel _System and the connection it is trying to establish: The executable has changed since the last time you used C:\Windows\system32\ntoskrnl.exe File Version: 6.1.7601.17713 File Description: NT Kernel & System File Path: C:\Windows\system32\ntoskrnl.exe Digital Signature: Process ID: 0x0 (Hexadecimal) 0 (Decimal) Connection origin: remote initiated Protocol: UDP Local Address: 192.168.1.255 Local Port: 137 (NETBIOS-NS - Browsing requests of NetBIOS over TCP/IP) Remote Name: Remote Address: 192.168.1.6 Remote Port: 137 Ethernet packet details: Ethernet II (Packet Length: 92) Destination: ff-ff-ff-ff-ff-ff Source: 00-13-02-3b-4a-7b Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset:0 Time to live: 128 Protocol: 0x11 (UDP - User Datagram Protocol) Header checksum: 0xe36b (Correct) Source: 192.168.1.6 Destination: 192.168.1.255 User Datagram Protocol Source port: 21203200 Destination port: 35072 Length: 8 Checksum: 0xd638 (Correct) Data (58 Bytes) Binary dump of the packet: 0000: FF FF FF FF FF FF 00 13 : 02 3B 4A 7B 08 00 45 00 | .........;J{..E. 0010: 00 4E 4A 66 00 00 80 11 : 6B E3 C0 A8 01 06 C0 A8 | .NJf....k....... 0020: 01 FF 00 89 00 89 00 3A : 38 D6 D5 C4 01 10 00 01 | .......:8....... 0030: 00 00 00 00 00 00 20 46 : 45 46 44 45 44 45 4D 45 | ...... FEFDEDEME 0040: 4A 45 46 45 4F 46 45 43 : 41 43 41 43 41 43 41 43 | JEFEOFECACACACAC 0050: 41 43 41 43 41 41 41 00 : 00 20 00 01 | ACACAAA.. .. THIS WAS THE PROBLEM SIGNATURE Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional information about the problem: BCCode: 9f BCP1: 00000003 BCP2: 859F6760 BCP3: 83336AE0 BCP4: AE1CCBA8 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\022312-54288-01.dmp C:\Users\Saurabh\AppData\Local\Temp\WER-129090-0.sysdata.xml
  5. MrC, The Results file from Listparts is attached. What do you think is the problem that is going on with regards to the malware/ virus? Thanks, SP ListParts by Farbar Ran by Saurabh on 21-02-2012 at 00:17:12 Windows 7 (X86) Running From: C:\Users\Saurabh\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 33% Total physical RAM: 3059.69 MB Available physical RAM: 2025.55 MB Total Pagefile: 6117.66 MB Available Pagefile: 4236.65 MB Total Virtual: 2047.88 MB Available Virtual: 1960.38 MB ======================= Partitions ========================= 1 Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:149.78 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:3.35 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1200 MB 1024 KB Partition 2 Primary 454 GB 1201 MB Partition 3 Primary 9 GB 455 GB Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 SYSTEM_DRV NTFS Partition 1200 MB Healthy System (partition with boot components) Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C Windows7_OS NTFS Partition 454 GB Healthy Boot Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 Q Lenovo_Reco NTFS Partition 9 GB Healthy ****** End Of Log ******
  6. The zipped file is attached. The original file was pretty small as well (1KB), but I figured you may want it zipped? Let me know if I need to run Rogue Killer again. It is a Lenovo Thinkpad T510 with Windows 7. SP PhysicalDrive0_User.zip
  7. MrC, Here is the log file from MBRCheck.exe. Kindly let me know what to do next... thanks, SP MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 32-bit Base Board Manufacturer: LENOVO BIOS Manufacturer: LENOVO System Manufacturer: LENOVO System Product Name: 43142PU Logical Drives Mask: 0x00010014 Kernel Drivers (total 241): 0x8320A000 \SystemRoot\system32\ntkrnlpa.exe 0x8361C000 \SystemRoot\system32\halmacpi.dll 0x80BC5000 \SystemRoot\system32\kdcom.dll 0x8B40F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8B494000 \SystemRoot\system32\PSHED.dll 0x8B4A5000 \SystemRoot\system32\BOOTVID.dll 0x8B4AD000 \SystemRoot\system32\CLFS.SYS 0x8B4EF000 \SystemRoot\system32\CI.dll 0x8B63B000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8B6AC000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8B6BA000 \SystemRoot\system32\drivers\ACPI.sys 0x8B702000 \SystemRoot\system32\drivers\WMILIB.SYS 0x8B70B000 \SystemRoot\system32\drivers\msisadrv.sys 0x8B713000 \SystemRoot\system32\drivers\pci.sys 0x8B73D000 \SystemRoot\system32\drivers\vdrvroot.sys 0x8B748000 \SystemRoot\System32\drivers\partmgr.sys 0x8B759000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8B761000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8B76C000 \SystemRoot\system32\drivers\volmgr.sys 0x8B77C000 \SystemRoot\System32\drivers\volmgrx.sys 0x8B7C7000 \SystemRoot\System32\drivers\mountmgr.sys 0x8B600000 \SystemRoot\system32\drivers\vmbus.sys 0x8B7DD000 \SystemRoot\system32\drivers\winhv.sys 0x8B81E000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8B9D1000 \SystemRoot\system32\drivers\amdxata.sys 0x8B59A000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B9DA000 \SystemRoot\system32\drivers\fileinfo.sys 0x8BA04000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8BB33000 \SystemRoot\System32\Drivers\msrpc.sys 0x8BB5E000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8BB71000 \SystemRoot\System32\Drivers\cng.sys 0x8BBCE000 \SystemRoot\System32\drivers\pcw.sys 0x8BBDC000 \SystemRoot\System32\DRIVERS\DozeHDD.sys 0x8BBE1000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8BC01000 \SystemRoot\system32\drivers\ndis.sys 0x8BCB8000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BCF6000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8BE3F000 \SystemRoot\System32\drivers\tcpip.sys 0x8BF89000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8BFBA000 \SystemRoot\system32\drivers\vmstorfl.sys 0x8BE00000 \SystemRoot\system32\drivers\volsnap.sys 0x8BFC3000 \SystemRoot\System32\DRIVERS\ApsHM86.sys 0x8BFCC000 \SystemRoot\System32\Drivers\spldr.sys 0x8BD1B000 \SystemRoot\System32\drivers\rdyboost.sys 0x8BFD4000 \SystemRoot\System32\DRIVERS\Apsx86.sys 0x8BFF4000 \SystemRoot\System32\Drivers\RapportKELL.sys 0x8BD48000 \SystemRoot\System32\Drivers\mup.sys 0x8BD58000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BD60000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8BD92000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BDA3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x91BC8000 \SystemRoot\system32\drivers\cdrom.sys 0x92000000 \SystemRoot\System32\Drivers\SRTSP.SYS 0x921CA000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS 0x921EF000 \SystemRoot\System32\Drivers\SRTSPX.SYS 0x99C01000 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys 0x99C37000 \SystemRoot\System32\Drivers\Null.SYS 0x99C3E000 \SystemRoot\System32\Drivers\Beep.SYS 0x99C45000 \SystemRoot\System32\drivers\vga.sys 0x99C51000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x99C72000 \SystemRoot\System32\drivers\watchdog.sys 0x99C7F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x99C87000 \SystemRoot\system32\drivers\rdpencdd.sys 0x99C8F000 \SystemRoot\system32\drivers\rdprefmp.sys 0x99C97000 \SystemRoot\System32\Drivers\Msfs.SYS 0x99CA2000 \SystemRoot\System32\Drivers\Npfs.SYS 0x99CB0000 \SystemRoot\system32\DRIVERS\tdx.sys 0x99CC7000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x99CD3000 \SystemRoot\System32\Drivers\SYMTDI.SYS 0x99D00000 \??\C:\Windows\system32\drivers\wpsdrvnt.sys 0x99D0E000 \SystemRoot\system32\drivers\afd.sys 0x99D68000 \SystemRoot\System32\DRIVERS\netbt.sys 0x99D9A000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x99DA1000 \SystemRoot\system32\DRIVERS\pacer.sys 0x99DC0000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x99DD1000 \SystemRoot\system32\DRIVERS\netbios.sys 0x99DDF000 \SystemRoot\system32\DRIVERS\serial.sys 0x8BDD5000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x99DF9000 \SystemRoot\System32\drivers\Tppwr32v.sys 0x8BDE8000 \SystemRoot\system32\drivers\termdd.sys 0x9D00D000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 0x9D077000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x9D0B8000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 0x9D0DE000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 0x9D0EE000 \SystemRoot\system32\drivers\nsiproxy.sys 0x9D0F8000 \SystemRoot\system32\drivers\mssmbios.sys 0x9D102000 \SystemRoot\system32\DRIVERS\smiif32.sys 0x9D104000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 0x9D162000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 0x9D180000 \SystemRoot\System32\drivers\discache.sys 0x9D18C000 \SystemRoot\system32\drivers\csc.sys 0x8B800000 \SystemRoot\System32\Drivers\dfsc.sys 0x9D1F0000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8B5CE000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8BBEA000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x9E401000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x9ED78000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x9D612000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x9D6C9000 \SystemRoot\System32\drivers\dxgmms1.sys 0x9D702000 \SystemRoot\system32\drivers\HDAudBus.sys 0x9D721000 \SystemRoot\system32\DRIVERS\HECI.sys 0x9D72C000 \SystemRoot\system32\DRIVERS\serenum.sys 0x9D736000 \SystemRoot\system32\DRIVERS\e1k6232.sys 0x9D76B000 \SystemRoot\system32\drivers\usbehci.sys 0x9D77A000 \SystemRoot\system32\drivers\USBPORT.SYS 0x9F20C000 \SystemRoot\system32\DRIVERS\NETw5s32.sys 0x9F7EB000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x9D7C5000 \SystemRoot\system32\drivers\sdbus.sys 0x9D7DE000 \SystemRoot\system32\DRIVERS\rimspe86.sys 0x9ED7A000 \SystemRoot\system32\drivers\1394ohci.sys 0x9EDA7000 \SystemRoot\system32\drivers\i8042prt.sys 0x9D7F3000 \SystemRoot\system32\drivers\kbdclass.sys 0x9EDBF000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x9F7F5000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x9D600000 \SystemRoot\system32\drivers\mouclass.sys 0x9F200000 \SystemRoot\system32\drivers\tpm.sys 0x9F7F7000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x9F7FB000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys 0x9EDF6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xA1A0D000 \SystemRoot\system32\DRIVERS\Impcd.sys 0xA1A2C000 \SystemRoot\system32\drivers\wmiacpi.sys 0xA1A35000 \SystemRoot\system32\drivers\CompositeBus.sys 0xA1A42000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys 0xA1A4D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0xA1A5F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xA1A77000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xA1A82000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xA1AA4000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xA1ABC000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xA1AD3000 \SystemRoot\system32\DRIVERS\rassstp.sys 0xA1AEA000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0xA1AF4000 \SystemRoot\system32\DRIVERS\psadd.sys 0xA1AFB000 \SystemRoot\system32\DRIVERS\Tvti2c.sys 0xA1B03000 \SystemRoot\system32\DRIVERS\teefer2.sys 0xA1B21000 \SystemRoot\system32\drivers\swenum.sys 0xA1B23000 \SystemRoot\system32\drivers\ks.sys 0xA1B57000 \SystemRoot\system32\drivers\umbus.sys 0xA1B65000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xA1BA9000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xA1BBA000 \SystemRoot\system32\drivers\nvhda32v.sys 0xA1BCD000 \SystemRoot\system32\drivers\portcls.sys 0xA183A000 \SystemRoot\system32\drivers\drmk.sys 0xA1853000 \SystemRoot\system32\drivers\CHDRT32.sys 0xA18CB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0xA200C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0xA210E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0xA21C3000 \SystemRoot\system32\drivers\modem.sys 0xA21D0000 \SystemRoot\System32\Drivers\BTHUSB.sys 0xA1908000 \SystemRoot\System32\Drivers\bthport.sys 0xA21E2000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xA196C000 \SystemRoot\system32\DRIVERS\5U877.sys 0xA198B000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xA1999000 \SystemRoot\System32\Drivers\crashdmp.sys 0x91A00000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xA19A6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0xA19B7000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0xA19DB000 \SystemRoot\system32\drivers\BthEnum.sys 0xA1800000 \SystemRoot\system32\DRIVERS\bthpan.sys 0xA181B000 \SystemRoot\system32\DRIVERS\bthmodem.sys 0xA3320000 \SystemRoot\System32\win32k.sys 0xA2000000 \SystemRoot\System32\drivers\Dxapi.sys 0xA3627000 \SystemRoot\system32\drivers\btwavdt.sys 0xA369A000 \SystemRoot\system32\DRIVERS\hidbth.sys 0xA36B5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xA36C8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xA36CF000 \SystemRoot\system32\drivers\btwaudio.sys 0xA3750000 \SystemRoot\system32\DRIVERS\btwl2cap.sys 0xA375B000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0xA3580000 \SystemRoot\System32\TSDDD.dll 0xA35B0000 \SystemRoot\System32\cdd.dll 0xA3200000 \SystemRoot\System32\ATMFD.DLL 0xA3780000 \SystemRoot\system32\drivers\luafv.sys 0xA379B000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 0xA379D000 \SystemRoot\system32\drivers\WudfPf.sys 0xA37B7000 \SystemRoot\system32\DRIVERS\WinUSB.sys 0xA37C0000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA37E1000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xAC220000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xAC266000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xAC276000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xAC289000 \SystemRoot\system32\DRIVERS\TurboB.sys 0xAC290000 \SystemRoot\system32\drivers\HTTP.sys 0xAC315000 \SystemRoot\system32\DRIVERS\bowser.sys 0xAC32E000 \SystemRoot\System32\drivers\mpsdrv.sys 0xAC340000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAC363000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xAC39E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xAC3D1000 \??\C:\Windows\system32\drivers\WpsHelper.sys 0xAC200000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0xAC209000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xB3631000 \SystemRoot\system32\drivers\peauth.sys 0xB36C8000 \SystemRoot\system32\drivers\regi.sys 0xB36CA000 \SystemRoot\System32\Drivers\secdrv.SYS 0xB36D4000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xB36F5000 \SystemRoot\System32\drivers\tcpipreg.sys 0xB3702000 \SystemRoot\system32\DRIVERS\XAudio32.sys 0xB370A000 \SystemRoot\System32\DRIVERS\srv2.sys 0xB375A000 \SystemRoot\System32\DRIVERS\srv.sys 0xB37AC000 \SystemRoot\System32\Drivers\SYMREDRV.SYS 0x9204A000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120219.016\NAVEX15.SYS 0xB37E4000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120219.016\NAVENG.SYS 0xC95D2000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xC95DB000 \??\c:\program files\pc-doctor\pcdsrvc.pkms 0xC95EA000 \SystemRoot\system32\DRIVERS\monitor.sys 0x77000000 \Windows\System32\ntdll.dll 0x48330000 \Windows\System32\smss.exe 0x77240000 \Windows\System32\apisetschema.dll 0x00300000 \Windows\System32\autochk.exe 0x763B0000 \Windows\System32\shell32.dll 0x76250000 \Windows\System32\ole32.dll 0x771A0000 \Windows\System32\clbcatq.dll 0x761D0000 \Windows\System32\comdlg32.dll 0x76140000 \Windows\System32\oleaut32.dll 0x77180000 \Windows\System32\sechost.dll 0x760F0000 \Windows\System32\gdi32.dll 0x75EF0000 \Windows\System32\iertutil.dll 0x75E90000 \Windows\System32\difxapi.dll 0x75E40000 \Windows\System32\Wldap32.dll 0x77170000 \Windows\System32\lpk.dll 0x75D90000 \Windows\System32\rpcrt4.dll 0x75CB0000 \Windows\System32\kernel32.dll 0x75C10000 \Windows\System32\advapi32.dll 0x75B40000 \Windows\System32\user32.dll 0x759A0000 \Windows\System32\setupapi.dll 0x77160000 \Windows\System32\psapi.dll 0x75960000 \Windows\System32\ws2_32.dll 0x77150000 \Windows\System32\nsi.dll 0x75940000 \Windows\System32\imm32.dll 0x758E0000 \Windows\System32\shlwapi.dll 0x757A0000 \Windows\System32\urlmon.dll 0x756A0000 \Windows\System32\wininet.dll 0x75670000 \Windows\System32\imagehlp.dll 0x77140000 \Windows\System32\normaliz.dll 0x755A0000 \Windows\System32\msctf.dll 0x754F0000 \Windows\System32\msvcrt.dll 0x75450000 \Windows\System32\usp10.dll 0x75430000 \Windows\System32\devobj.dll 0x753E0000 \Windows\System32\KernelBase.dll 0x753B0000 \Windows\System32\cfgmgr32.dll 0x75380000 \Windows\System32\wintrust.dll 0x752F0000 \Windows\System32\comctl32.dll Processes (total 130): 0 System Idle Process 4 System 380 C:\Windows\System32\smss.exe 528 csrss.exe 604 csrss.exe 612 C:\Windows\System32\wininit.exe 664 C:\Windows\System32\services.exe 700 C:\Windows\System32\winlogon.exe 728 C:\Windows\System32\lsass.exe 740 C:\Windows\System32\lsm.exe 828 C:\Windows\System32\svchost.exe 896 C:\Windows\System32\ibmpmsvc.exe 936 C:\Windows\System32\nvvsvc.exe 976 C:\Windows\System32\svchost.exe 1060 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe 1180 C:\Windows\System32\svchost.exe 1212 C:\Windows\System32\svchost.exe 1240 C:\Windows\System32\svchost.exe 1392 C:\Windows\System32\svchost.exe 1456 C:\Windows\System32\nvvsvc.exe 1540 WUDFHost.exe 1600 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe 1700 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe 1744 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 1840 C:\Windows\System32\spoolsv.exe 1712 C:\Windows\System32\svchost.exe 2100 C:\Windows\System32\svchost.exe 2144 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe 2192 C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe 2212 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe 2300 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2548 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 2584 C:\Program Files\Bonjour\mDNSResponder.exe 2620 C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE 2660 C:\Program Files\Juniper Networks\Common Files\dsNcService.exe 2688 C:\Program Files\Intel\WiFi\bin\EvtEng.exe 2724 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 2788 C:\Windows\System32\svchost.exe 2832 C:\Program Files\Lenovo\HOTKEY\cammute.exe 2872 C:\Program Files\Lenovo\HOTKEY\micmute.exe 2936 C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe 2992 C:\Program Files\MATLAB\R2006a\webserver\bin\win32\matlabserver.exe 3036 C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe 3080 MATLAB.exe 3232 C:\Windows\System32\taskhost.exe 3348 C:\Windows\System32\dwm.exe 3412 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe 3520 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe 3824 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe 3888 C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe 3976 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 4000 C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe 4036 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 4076 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 2024 C:\Windows\System32\svchost.exe 2388 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe 3656 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe 344 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe 3536 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 1852 C:\Program Files\Lenovo\Access Connections\AcSvc.exe 1580 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 1860 unsecapp.exe 4108 WmiPrvSE.exe 4368 C:\Windows\System32\svchost.exe 4736 C:\Windows\System32\svchost.exe 5004 C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe 5024 WmiPrvSE.exe 5340 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 5364 C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe 5388 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe 5408 C:\Windows\System32\TpShocks.exe 5536 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 5612 C:\Windows\System32\rundll32.exe 5620 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe 5712 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 5788 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe 5800 C:\Program Files\Common Files\Symantec Shared\ccApp.exe 5936 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe 6008 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 6084 C:\Program Files\Lenovo\ZOOM\TpScrex.exe 4200 C:\Program Files\Lenovo\Client Security Solution\password_manager.exe 4788 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe 4568 C:\Windows\System32\SearchIndexer.exe 1352 C:\Program Files\Microsoft IntelliPoint\ipoint.exe 1592 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 5236 C:\Windows\System32\svchost.exe 5512 C:\Program Files\iTunes\iTunesHelper.exe 3836 C:\Program Files\Memeo\Memeo Send\MemeoSend.exe 972 C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe 5204 C:\Program Files\Common Files\Java\Java Update\jusched.exe 4800 C:\Program Files\Memeo\AutoBackup\InstantBackup.exe 4124 C:\Program Files\iPod\bin\iPodService.exe 2032 C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe 4668 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe 4700 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe 3216 C:\Program Files\Digital Line Detect\DLG.exe 4020 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 6148 C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe 6524 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe 6740 C:\Program Files\Common Files\Teleca Shared\Generic.exe 6868 C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE 6936 C:\Users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe 7076 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 7184 C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe 7336 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe 7952 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe 8028 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 4188 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 8128 C:\Windows\System32\svchost.exe 7444 C:\Users\Saurabh\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe 5696 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe 2260 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 3804 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 5360 C:\Program Files\Lenovo\System Update\SUService.exe 3736 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe 4852 C:\Program Files\Windows Media Player\wmpnetwk.exe 7140 C:\Windows\System32\svchost.exe 3764 C:\Windows\System32\taskhost.exe 4056 C:\Program Files\Real\RealPlayer\Update\realsched.exe 8748 C:\Windows\explorer.exe 3360 C:\Windows\System32\wlanext.exe 9816 C:\Windows\System32\conhost.exe 3120 C:\Windows\System32\svchost.exe 4904 C:\Windows\System32\audiodg.exe 4420 C:\Windows\System32\SearchProtocolHost.exe 1680 C:\Windows\System32\SearchFilterHost.exe 8548 C:\Users\Saurabh\Desktop\MBRCheck.exe 8316 C:\Windows\System32\conhost.exe 10192 C:\Windows\System32\dllhost.exe 8428 taskhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS) \\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS) PhysicalDrive0 Model Number: ST9500420AS, Rev: 0003LVM1 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 64C8A6D0A0A7C08A8B7754F84FA77F4F4CF079F1 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Done!
  8. Hi Mr. Charlie, Sorry about the delayed response. I tried out the aswMBR file scan, but twice the computer crashed, and I got the Blue Screen. (I'm attaching one of the images from the BlureScreen). Also, attaching the brief messages from Windows... The program did not create an MBR dat file on the desktop, perhaps because the computer crashed. On one occasion, I stopped the program after about 30 mins, and am attaching the log from that scan. Kindly suggest what I should do next. thanks, SP Scan log from a scan which I stopped mid-way... aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software Run date: 2012-02-18 13:39:22 ----------------------------- 13:39:22.558 OS Version: Windows 6.1.7601 Service Pack 1 13:39:22.558 Number of processors: 4 586 0x2502 13:39:22.558 ComputerName: SAURABHP UserName: Saurabh 13:39:26.989 Initialize success 13:39:35.304 AVAST engine defs: 12021800 13:39:38.626 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 13:39:38.626 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3 13:39:38.642 Disk 0 MBR read successfully 13:39:38.658 Disk 0 MBR scan 13:39:38.658 Disk 0 unknown MBR code 13:39:38.798 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048 13:39:39.001 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648 13:39:39.282 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072 13:39:39.516 Disk 0 scanning sectors +976771072 13:39:39.672 Disk 0 scanning C:\Windows\system32\drivers 13:40:29.515 Service scanning 13:41:33.726 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32 13:41:36.222 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32 13:41:49.467 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32 13:41:49.576 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32 13:41:51.729 Modules scanning 13:42:24.052 Disk 0 trace - called modules: 13:42:24.130 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 13:42:24.146 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8825ba00] 13:42:24.177 3 CLASSPNP.SYS[8bdcf59e] -> nt!IofCallDriver -> [0x866d8c10] 13:42:24.193 5 ACPI.sys[8b6933d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866d4028] 13:42:26.595 AVAST engine scan C:\Windows 13:43:07.420 AVAST engine scan C:\Windows\system32 13:53:24.541 AVAST engine scan C:\Windows\system32\drivers 13:54:03.339 AVAST engine scan C:\Users\Saurabh 14:36:59.180 Disk 0 MBR has been saved successfully to "C:\Users\Saurabh\Desktop\temp_files\virus_removal\MBR.dat" 14:36:59.218 The log file has been saved successfully to "C:\Users\Saurabh\Desktop\temp_files\virus_removal\aswMBR_Feb18.txt" Messages from Windows when the computer crashed.. Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional information about the problem: BCCode: a BCP1: 30394C54 BCP2: 00000002 BCP3: 00000000 BCP4: 832B79FC OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\021812-74646-01.dmp C:\Users\Saurabh\AppData\Local\Temp\WER-152943-0.sysdata.xml %%%%%%%%%%%%%%%% Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional information about the problem: BCCode: be BCP1: 8BC27764 BCP2: 03F15121 BCP3: 8DBD3CB0 BCP4: 0000000A OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\021912-61604-01.dmp C:\Users\Saurabh\AppData\Local\Temp\WER-165688-0.sysdata.xml Blue Screen image is attached.
  9. Thanks... Here are the two reports: RogueKiller report RogueKiller V7.1.0 [02/15/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User: Saurabh [Admin rights] Mode: Scan -- Date: 02/18/2012 10:13:25 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ SSDT[88] : NtCreateThreadEx @ 0x834AF1E4 -> HOOKED (\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys @ 0x8B7E4640) ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 5aa5bdfcefaf57595edf98cffb5afe78 [bSP] 94b1f9633b95fd44dc9b4d7b0c3cc8f9 : MBR Code unknown Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt ******************************************** TDSSKiller Report 10:14:07.0600 1840 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14 10:14:08.0646 1840 ============================================================ 10:14:08.0895 1840 Current date / time: 2012/02/18 10:14:08.0646 10:14:08.0895 1840 SystemInfo: 10:14:08.0895 1840 10:14:08.0895 1840 OS Version: 6.1.7601 ServicePack: 1.0 10:14:08.0895 1840 Product type: Workstation 10:14:08.0895 1840 ComputerName: SAURABHP 10:14:08.0895 1840 UserName: Saurabh 10:14:08.0895 1840 Windows directory: C:\Windows 10:14:08.0895 1840 System windows directory: C:\Windows 10:14:08.0895 1840 Processor architecture: Intel x86 10:14:08.0895 1840 Number of processors: 4 10:14:08.0895 1840 Page size: 0x1000 10:14:08.0895 1840 Boot type: Normal boot 10:14:08.0895 1840 ============================================================ 10:14:10.0627 1840 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 10:14:10.0627 1840 \Device\Harddisk0\DR0: 10:14:10.0627 1840 MBR used 10:14:10.0627 1840 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000 10:14:10.0627 1840 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA4FF8 10:14:10.0627 1840 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x1388000 10:14:10.0814 1840 Initialize success 10:14:10.0814 1840 ============================================================ 10:14:38.0223 10884 ============================================================ 10:14:38.0223 10884 Scan started 10:14:38.0223 10884 Mode: Manual; SigCheck; TDLFS; 10:14:38.0223 10884 ============================================================ 10:14:42.0513 10884 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows \system32\drivers\1394ohci.sys 10:14:42.0654 10884 1394ohci - ok 10:14:42.0716 10884 5U877 (a3ac25d2c9eeb18384a88deb392c355d) C:\Windows \system32\DRIVERS\5U877.sys 10:14:42.0810 10884 5U877 - ok 10:14:42.0888 10884 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows \system32\drivers\ACPI.sys 10:14:42.0934 10884 ACPI - ok 10:14:42.0997 10884 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows \system32\drivers\acpipmi.sys 10:14:43.0075 10884 AcpiPmi - ok 10:14:43.0168 10884 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows \system32\DRIVERS\adp94xx.sys 10:14:43.0246 10884 adp94xx - ok 10:14:43.0293 10884 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows \system32\DRIVERS\adpahci.sys 10:14:43.0340 10884 adpahci - ok 10:14:43.0387 10884 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows \system32\DRIVERS\adpu320.sys 10:14:43.0434 10884 adpu320 - ok 10:14:43.0527 10884 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows \system32\drivers\afd.sys 10:14:43.0605 10884 AFD - ok 10:14:43.0683 10884 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows \system32\drivers\agp440.sys 10:14:43.0730 10884 agp440 - ok 10:14:43.0792 10884 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows \system32\DRIVERS\djsvs.sys 10:14:43.0839 10884 aic78xx - ok 10:14:43.0902 10884 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows \system32\drivers\aliide.sys 10:14:43.0948 10884 aliide - ok 10:14:43.0980 10884 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows \system32\drivers\amdagp.sys 10:14:44.0026 10884 amdagp - ok 10:14:44.0058 10884 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows \system32\drivers\amdide.sys 10:14:44.0104 10884 amdide - ok 10:14:44.0136 10884 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows \system32\DRIVERS\amdk8.sys 10:14:44.0463 10884 AmdK8 - ok 10:14:44.0962 10884 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows \system32\DRIVERS\amdppm.sys 10:14:45.0009 10884 AmdPPM - ok 10:14:45.0087 10884 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows \system32\drivers\amdsata.sys 10:14:45.0134 10884 amdsata - ok 10:14:45.0181 10884 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows \system32\DRIVERS\amdsbs.sys 10:14:45.0243 10884 amdsbs - ok 10:14:45.0274 10884 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows \system32\drivers\amdxata.sys 10:14:45.0306 10884 amdxata - ok 10:14:45.0352 10884 AppID (aea177f783e20150ace5383ee368da19) C:\Windows \system32\drivers\appid.sys 10:14:45.0493 10884 AppID - ok 10:14:45.0602 10884 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows \system32\DRIVERS\arc.sys 10:14:45.0649 10884 arc - ok 10:14:45.0680 10884 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows \system32\DRIVERS\arcsas.sys 10:14:45.0727 10884 arcsas - ok 10:14:45.0805 10884 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows \system32\DRIVERS\asyncmac.sys 10:14:45.0898 10884 AsyncMac - ok 10:14:45.0976 10884 atapi (338c86357871c167a96ab976519bf59e) C:\Windows \system32\drivers\atapi.sys 10:14:46.0023 10884 atapi - ok 10:14:46.0070 10884 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows \system32\DRIVERS\bxvbdx.sys 10:14:46.0195 10884 b06bdrv - ok 10:14:46.0226 10884 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows \system32\DRIVERS\b57nd60x.sys 10:14:46.0304 10884 b57nd60x - ok 10:14:46.0366 10884 Beep (505506526a9d467307b3c393dedaf858) C:\Windows \system32\drivers\Beep.sys 10:14:46.0429 10884 Beep - ok 10:14:46.0476 10884 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows \system32\DRIVERS\blbdrive.sys 10:14:46.0522 10884 blbdrive - ok 10:14:46.0585 10884 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows \system32\DRIVERS\bowser.sys 10:14:46.0632 10884 bowser - ok 10:14:46.0663 10884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows \system32\DRIVERS\BrFiltLo.sys 10:14:46.0850 10884 BrFiltLo - ok 10:14:47.0599 10884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows \system32\DRIVERS\BrFiltUp.sys 10:14:47.0724 10884 BrFiltUp - ok 10:14:47.0770 10884 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows \System32\Drivers\Brserid.sys 10:14:47.0911 10884 Brserid - ok 10:14:47.0942 10884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows \System32\Drivers\BrSerWdm.sys 10:14:48.0004 10884 BrSerWdm - ok 10:14:48.0036 10884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows \System32\Drivers\BrUsbMdm.sys 10:14:48.0098 10884 BrUsbMdm - ok 10:14:48.0145 10884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows \System32\Drivers\BrUsbSer.sys 10:14:48.0207 10884 BrUsbSer - ok 10:14:48.0301 10884 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows \system32\drivers\BthEnum.sys 10:14:48.0332 10884 BthEnum - ok 10:14:48.0363 10884 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows \system32\DRIVERS\bthmodem.sys 10:14:48.0410 10884 BTHMODEM - ok 10:14:48.0441 10884 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows \system32\DRIVERS\bthpan.sys 10:14:48.0504 10884 BthPan - ok 10:14:48.0582 10884 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows \System32\Drivers\BTHport.sys 10:14:48.0644 10884 BTHPORT - ok 10:14:48.0722 10884 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows \System32\Drivers\BTHUSB.sys 10:14:48.0753 10884 BTHUSB - ok 10:14:48.0831 10884 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows \system32\drivers\btwaudio.sys 10:14:48.0894 10884 btwaudio - ok 10:14:48.0940 10884 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows \system32\drivers\btwavdt.sys 10:14:48.0956 10884 btwavdt - ok 10:14:49.0003 10884 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows \system32\DRIVERS\btwl2cap.sys 10:14:49.0034 10884 btwl2cap - ok 10:14:49.0065 10884 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows \system32\DRIVERS\btwrchid.sys 10:14:49.0081 10884 btwrchid - ok 10:14:49.0159 10884 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows \system32\DRIVERS\cdfs.sys 10:14:49.0237 10884 cdfs - ok 10:14:50.0079 10884 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows \system32\drivers\cdrom.sys 10:14:50.0157 10884 cdrom - ok 10:14:50.0204 10884 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows \system32\DRIVERS\circlass.sys 10:14:50.0298 10884 circlass - ok 10:14:50.0344 10884 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows \system32\CLFS.sys 10:14:50.0391 10884 CLFS - ok 10:14:50.0454 10884 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows \system32\DRIVERS\CmBatt.sys 10:14:50.0485 10884 CmBatt - ok 10:14:50.0547 10884 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows \system32\drivers\cmdide.sys 10:14:50.0594 10884 cmdide - ok 10:14:50.0672 10884 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows \system32\Drivers\cng.sys 10:14:50.0734 10884 CNG - ok 10:14:50.0797 10884 CnxtHdAudService (cdc46f169ddb1a00110a026a61f2792f) C:\Windows \system32\drivers\CHDRT32.sys 10:14:50.0890 10884 CnxtHdAudService - ok 10:14:50.0953 10884 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows \system32\DRIVERS\compbatt.sys 10:14:50.0984 10884 Compbatt - ok 10:14:51.0062 10884 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows \system32\drivers\CompositeBus.sys 10:14:51.0109 10884 CompositeBus - ok 10:14:51.0156 10884 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows \system32\DRIVERS\crcdisk.sys 10:14:51.0202 10884 crcdisk - ok 10:14:51.0280 10884 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows \system32\drivers\csc.sys 10:14:51.0358 10884 CSC - ok 10:14:51.0452 10884 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows \system32\Drivers\dfsc.sys 10:14:51.0514 10884 DfsC - ok 10:14:51.0546 10884 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows \system32\drivers\discache.sys 10:14:51.0624 10884 discache - ok 10:14:51.0686 10884 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows \system32\DRIVERS\disk.sys 10:14:51.0717 10884 Disk - ok 10:14:51.0795 10884 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows \system32\DRIVERS\Dot4.sys 10:14:52.0029 10884 Dot4 - ok 10:14:52.0653 10884 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows \system32\drivers\Dot4Prt.sys 10:14:52.0716 10884 Dot4Print - ok 10:14:52.0809 10884 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows \system32\DRIVERS\dot4usb.sys 10:14:52.0856 10884 dot4usb - ok 10:14:52.0918 10884 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\Windows \system32\DRIVERS\DozeHDD.sys 10:14:52.0950 10884 DozeHDD - ok 10:14:52.0981 10884 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows \system32\drivers\drmkaud.sys 10:14:53.0043 10884 drmkaud - ok 10:14:53.0090 10884 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows \system32\DRIVERS\dsNcAdpt.sys 10:14:53.0184 10884 dsNcAdpt - ok 10:14:53.0262 10884 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows \System32\drivers\dxgkrnl.sys 10:14:53.0324 10884 DXGKrnl - ok 10:14:53.0386 10884 e1kexpress (62d5e04c7cf9d4c69d99f3e0f75bb2cf) C:\Windows \system32\DRIVERS\e1k6232.sys 10:14:53.0418 10884 e1kexpress - ok 10:14:53.0527 10884 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows \system32\DRIVERS\evbdx.sys 10:14:53.0730 10884 ebdrv - ok 10:14:53.0839 10884 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files \Common Files\Symantec Shared\EENGINE\eeCtrl.sys 10:14:53.0917 10884 eeCtrl - ok 10:14:53.0979 10884 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows \system32\DRIVERS\elxstor.sys 10:14:54.0042 10884 elxstor - ok 10:14:54.0120 10884 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files \Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys 10:14:54.0151 10884 EraserUtilDrv11122 - ok 10:14:54.0213 10884 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows \system32\drivers\errdev.sys 10:14:54.0276 10884 ErrDev - ok 10:14:54.0354 10884 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows \system32\drivers\exfat.sys 10:14:54.0447 10884 exfat - ok 10:14:55.0149 10884 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows \system32\drivers\fastfat.sys 10:14:55.0274 10884 fastfat - ok 10:14:55.0321 10884 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows \system32\DRIVERS\fdc.sys 10:14:55.0383 10884 fdc - ok 10:14:55.0430 10884 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows \system32\drivers\fileinfo.sys 10:14:55.0461 10884 FileInfo - ok 10:14:55.0492 10884 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows \system32\drivers\filetrace.sys 10:14:55.0570 10884 Filetrace - ok 10:14:55.0617 10884 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows \system32\DRIVERS\flpydisk.sys 10:14:55.0742 10884 flpydisk - ok 10:14:55.0804 10884 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows \system32\drivers\fltmgr.sys 10:14:55.0836 10884 FltMgr - ok 10:14:55.0882 10884 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows \system32\drivers\FsDepends.sys 10:14:55.0914 10884 FsDepends - ok 10:14:55.0992 10884 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows \system32\DRIVERS\fssfltr.sys 10:14:56.0038 10884 fssfltr - ok 10:14:56.0085 10884 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows \system32\drivers\Fs_Rec.sys 10:14:56.0116 10884 Fs_Rec - ok 10:14:56.0272 10884 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows \system32\DRIVERS\fvevol.sys 10:14:56.0319 10884 fvevol - ok 10:14:56.0366 10884 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows \system32\DRIVERS\gagp30kx.sys 10:14:56.0413 10884 gagp30kx - ok 10:14:56.0475 10884 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows \system32\DRIVERS\GEARAspiWDM.sys 10:14:56.0506 10884 GEARAspiWDM - ok 10:14:56.0584 10884 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows \system32\drivers\hcw85cir.sys 10:14:56.0662 10884 hcw85cir - ok 10:14:56.0740 10884 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows \system32\drivers\HdAudio.sys 10:14:56.0818 10884 HdAudAddService - ok 10:14:56.0896 10884 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows \system32\drivers\HDAudBus.sys 10:14:57.0068 10884 HDAudBus - ok 10:14:57.0770 10884 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows \system32\DRIVERS\HECI.sys 10:14:57.0895 10884 HECI - ok 10:14:57.0926 10884 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows \system32\DRIVERS\HidBatt.sys 10:14:57.0988 10884 HidBatt - ok 10:14:58.0020 10884 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows \system32\DRIVERS\hidbth.sys 10:14:58.0066 10884 HidBth - ok 10:14:58.0129 10884 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows \system32\DRIVERS\hidir.sys 10:14:58.0191 10884 HidIr - ok 10:14:58.0269 10884 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows \system32\drivers\hidusb.sys 10:14:58.0332 10884 HidUsb - ok 10:14:58.0410 10884 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows \system32\drivers\HpSAMD.sys 10:14:58.0456 10884 HpSAMD - ok 10:14:58.0550 10884 HSF_DPV (c761b4a8391f5e47f7c51a691ce773f4) C:\Windows \system32\DRIVERS\HSX_DPV.sys 10:14:58.0659 10884 HSF_DPV - ok 10:14:58.0690 10884 HSXHWAZL (50b42ef358a2e5363be6b77138a22391) C:\Windows \system32\DRIVERS\HSXHWAZL.sys 10:14:58.0753 10884 HSXHWAZL - ok 10:14:58.0815 10884 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows \system32\drivers\HTTP.sys 10:14:58.0924 10884 HTTP - ok 10:14:58.0987 10884 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows \system32\drivers\hwpolicy.sys 10:14:59.0018 10884 hwpolicy - ok 10:14:59.0096 10884 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows \system32\drivers\i8042prt.sys 10:14:59.0143 10884 i8042prt - ok 10:14:59.0190 10884 iaStor (edf5ecc965faaa533d35e02f47b9132e) C:\Windows \system32\DRIVERS\iaStor.sys 10:14:59.0236 10884 iaStor - ok 10:14:59.0314 10884 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows \system32\drivers\iaStorV.sys 10:14:59.0439 10884 iaStorV - ok 10:15:00.0250 10884 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\Windows \system32\DRIVERS\ibmpmdrv.sys 10:15:00.0282 10884 IBMPMDRV - ok 10:15:00.0422 10884 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows \system32\DRIVERS\igdkmd32.sys 10:15:00.0718 10884 igfx - ok 10:15:00.0765 10884 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows \system32\DRIVERS\iirsp.sys 10:15:00.0812 10884 iirsp - ok 10:15:00.0874 10884 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows \system32\DRIVERS\Impcd.sys 10:15:00.0921 10884 Impcd - ok 10:15:00.0999 10884 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows \system32\drivers\intelide.sys 10:15:01.0046 10884 intelide - ok 10:15:01.0077 10884 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows \system32\DRIVERS\intelppm.sys 10:15:01.0124 10884 intelppm - ok 10:15:01.0171 10884 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows \system32\DRIVERS\ipfltdrv.sys 10:15:01.0249 10884 IpFilterDriver - ok 10:15:01.0311 10884 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows \system32\drivers\IPMIDrv.sys 10:15:01.0374 10884 IPMIDRV - ok 10:15:01.0420 10884 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows \system32\drivers\ipnat.sys 10:15:01.0514 10884 IPNAT - ok 10:15:01.0576 10884 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows \system32\drivers\irenum.sys 10:15:01.0639 10884 IRENUM - ok 10:15:01.0717 10884 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows \system32\drivers\isapnp.sys 10:15:01.0764 10884 isapnp - ok 10:15:01.0810 10884 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows \system32\drivers\msiscsi.sys 10:15:01.0873 10884 iScsiPrt - ok 10:15:01.0935 10884 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows \system32\drivers\kbdclass.sys 10:15:01.0966 10884 kbdclass - ok 10:15:02.0809 10884 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows \system32\drivers\kbdhid.sys 10:15:02.0840 10884 kbdhid - ok 10:15:02.0965 10884 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows \system32\Drivers\ksecdd.sys 10:15:02.0996 10884 KSecDD - ok 10:15:03.0027 10884 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows \system32\Drivers\ksecpkg.sys 10:15:03.0074 10884 KSecPkg - ok 10:15:03.0136 10884 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows \system32\DRIVERS\smiif32.sys 10:15:03.0153 10884 lenovo.smi - ok 10:15:03.0231 10884 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows \system32\DRIVERS\lltdio.sys 10:15:03.0309 10884 lltdio - ok 10:15:03.0356 10884 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows \system32\DRIVERS\lsi_fc.sys 10:15:03.0403 10884 LSI_FC - ok 10:15:03.0434 10884 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows \system32\DRIVERS\lsi_sas.sys 10:15:03.0481 10884 LSI_SAS - ok 10:15:03.0496 10884 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows \system32\DRIVERS\lsi_sas2.sys 10:15:03.0543 10884 LSI_SAS2 - ok 10:15:03.0559 10884 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows \system32\DRIVERS\lsi_scsi.sys 10:15:03.0605 10884 LSI_SCSI - ok 10:15:03.0621 10884 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows \system32\drivers\luafv.sys 10:15:03.0715 10884 luafv - ok 10:15:03.0777 10884 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows \system32\DRIVERS\mdmxsdk.sys 10:15:03.0808 10884 mdmxsdk - ok 10:15:03.0839 10884 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows \system32\DRIVERS\megasas.sys 10:15:03.0871 10884 megasas - ok 10:15:03.0902 10884 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows \system32\DRIVERS\MegaSR.sys 10:15:03.0964 10884 MegaSR - ok 10:15:03.0995 10884 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows \system32\drivers\modem.sys 10:15:04.0089 10884 Modem - ok 10:15:04.0136 10884 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows \system32\DRIVERS\monitor.sys 10:15:04.0199 10884 monitor - ok 10:15:04.0277 10884 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows \system32\drivers\mouclass.sys 10:15:04.0308 10884 mouclass - ok 10:15:04.0324 10884 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows \system32\DRIVERS\mouhid.sys 10:15:04.0355 10884 mouhid - ok 10:15:04.0418 10884 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows \system32\drivers\mountmgr.sys 10:15:04.0449 10884 mountmgr - ok 10:15:04.0496 10884 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows \system32\drivers\mpio.sys 10:15:04.0542 10884 mpio - ok 10:15:05.0291 10884 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows \system32\drivers\mpsdrv.sys 10:15:05.0369 10884 mpsdrv - ok 10:15:05.0416 10884 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows \system32\drivers\mrxdav.sys 10:15:05.0510 10884 MRxDAV - ok 10:15:05.0556 10884 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows \system32\DRIVERS\mrxsmb.sys 10:15:05.0619 10884 mrxsmb - ok 10:15:05.0666 10884 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows \system32\DRIVERS\mrxsmb10.sys 10:15:05.0712 10884 mrxsmb10 - ok 10:15:05.0728 10884 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows \system32\DRIVERS\mrxsmb20.sys 10:15:05.0790 10884 mrxsmb20 - ok 10:15:05.0822 10884 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows \system32\drivers\msahci.sys 10:15:05.0868 10884 msahci - ok 10:15:05.0915 10884 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows \system32\drivers\msdsm.sys 10:15:05.0962 10884 msdsm - ok 10:15:06.0009 10884 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows \system32\drivers\Msfs.sys 10:15:06.0071 10884 Msfs - ok 10:15:06.0102 10884 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows \System32\drivers\mshidkmdf.sys 10:15:06.0165 10884 mshidkmdf - ok 10:15:06.0180 10884 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows \system32\drivers\msisadrv.sys 10:15:06.0212 10884 msisadrv - ok 10:15:06.0258 10884 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows \system32\drivers\MSKSSRV.sys 10:15:06.0352 10884 MSKSSRV - ok 10:15:06.0383 10884 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows \system32\drivers\MSPCLOCK.sys 10:15:06.0477 10884 MSPCLOCK - ok 10:15:06.0508 10884 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows \system32\drivers\MSPQM.sys 10:15:06.0602 10884 MSPQM - ok 10:15:06.0633 10884 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows \system32\drivers\MsRPC.sys 10:15:06.0664 10884 MsRPC - ok 10:15:06.0695 10884 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows \system32\drivers\mssmbios.sys 10:15:06.0726 10884 mssmbios - ok 10:15:06.0773 10884 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows \system32\drivers\MSTEE.sys 10:15:06.0867 10884 MSTEE - ok 10:15:06.0898 10884 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows \system32\DRIVERS\MTConfig.sys 10:15:06.0960 10884 MTConfig - ok 10:15:06.0992 10884 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows \system32\Drivers\mup.sys 10:15:07.0023 10884 Mup - ok 10:15:07.0226 10884 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows \system32\DRIVERS\nwifi.sys 10:15:07.0756 10884 NativeWifiP - ok 10:15:08.0349 10884 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec \DEFINI~1\VIRUSD~1\20120217.004\NAVENG.SYS 10:15:08.0380 10884 NAVENG - ok 10:15:08.0474 10884 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec \DEFINI~1\VIRUSD~1\20120217.004\NAVEX15.SYS 10:15:08.0598 10884 NAVEX15 - ok 10:15:08.0692 10884 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows \system32\drivers\ndis.sys 10:15:08.0770 10884 NDIS - ok 10:15:08.0817 10884 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows \system32\DRIVERS\ndiscap.sys 10:15:08.0910 10884 NdisCap - ok 10:15:08.0957 10884 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows \system32\DRIVERS\ndistapi.sys 10:15:09.0035 10884 NdisTapi - ok 10:15:09.0098 10884 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows \system32\DRIVERS\ndisuio.sys 10:15:09.0176 10884 Ndisuio - ok 10:15:09.0222 10884 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows \system32\DRIVERS\ndiswan.sys 10:15:09.0300 10884 NdisWan - ok 10:15:09.0378 10884 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows \system32\drivers\NDProxy.sys 10:15:09.0441 10884 NDProxy - ok 10:15:09.0488 10884 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows \system32\DRIVERS\netbios.sys 10:15:09.0581 10884 NetBIOS - ok 10:15:09.0659 10884 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows \system32\DRIVERS\netbt.sys 10:15:09.0737 10884 NetBT - ok 10:15:10.0720 10884 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows \system32\DRIVERS\NETw5s32.sys 10:15:11.0001 10884 NETw5s32 - ok 10:15:11.0141 10884 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows \system32\DRIVERS\netw5v32.sys 10:15:11.0391 10884 netw5v32 - ok 10:15:11.0438 10884 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows \system32\DRIVERS\nfrd960.sys 10:15:11.0484 10884 nfrd960 - ok 10:15:11.0531 10884 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows \system32\drivers\Npfs.sys 10:15:11.0609 10884 Npfs - ok 10:15:11.0656 10884 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows \system32\drivers\nsiproxy.sys 10:15:11.0718 10884 nsiproxy - ok 10:15:11.0812 10884 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows \system32\drivers\Ntfs.sys 10:15:11.0890 10884 Ntfs - ok 10:15:11.0921 10884 Null (f9756a98d69098dca8945d62858a812c) C:\Windows \system32\drivers\Null.sys 10:15:11.0999 10884 Null - ok 10:15:12.0062 10884 NVHDA (8571011b62ce0207fa1dc95d88308f1d) C:\Windows \system32\drivers\nvhda32v.sys 10:15:12.0077 10884 NVHDA - ok 10:15:12.0327 10884 nvlddmkm (6672d9a10fb3e42623f2bcff38bb31d9) C:\Windows \system32\DRIVERS\nvlddmkm.sys 10:15:13.0029 10884 nvlddmkm - ok 10:15:13.0388 10884 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows \system32\drivers\nvraid.sys 10:15:13.0466 10884 nvraid - ok 10:15:13.0512 10884 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows \system32\drivers\nvstor.sys 10:15:13.0559 10884 nvstor - ok 10:15:13.0606 10884 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows \system32\drivers\nv_agp.sys 10:15:13.0653 10884 nv_agp - ok 10:15:13.0700 10884 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows \system32\drivers\ohci1394.sys 10:15:13.0762 10884 ohci1394 - ok 10:15:13.0840 10884 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows \system32\DRIVERS\parport.sys 10:15:13.0902 10884 Parport - ok 10:15:13.0980 10884 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows \system32\drivers\partmgr.sys 10:15:14.0012 10884 partmgr - ok 10:15:14.0043 10884 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows \system32\DRIVERS\parvdm.sys 10:15:14.0105 10884 Parvdm - ok 10:15:14.0199 10884 PCDSRVC{3037D694-FD904ACA-06000000}_0 (a88f42ad20418620d08a13ad1a70c083) c:\program files\pc-doctor\pcdsrvc.pkms 10:15:14.0573 10884 PCDSRVC{3037D694-FD904ACA-06000000}_0 - ok 10:15:14.0620 10884 PCDSRVC{C4B36920-79E24793-06000000}_0 (a88f42ad20418620d08a13ad1a70c083) c:\progra~1\pc-doc~1\pcdsrvc.pkms 10:15:14.0651 10884 PCDSRVC{C4B36920-79E24793-06000000}_0 - ok 10:15:14.0745 10884 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows \system32\drivers\pci.sys 10:15:14.0792 10884 pci - ok 10:15:14.0823 10884 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows \system32\drivers\pciide.sys 10:15:14.0870 10884 pciide - ok 10:15:14.0916 10884 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows \system32\DRIVERS\pcmcia.sys 10:15:14.0979 10884 pcmcia - ok 10:15:15.0759 10884 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows \system32\drivers\pcw.sys 10:15:15.0790 10884 pcw - ok 10:15:15.0852 10884 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows \system32\drivers\peauth.sys 10:15:15.0962 10884 PEAUTH - ok 10:15:16.0118 10884 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows \system32\DRIVERS\point32.sys 10:15:16.0149 10884 Point32 - ok 10:15:16.0211 10884 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows \system32\DRIVERS\raspptp.sys 10:15:16.0305 10884 PptpMiniport - ok 10:15:16.0352 10884 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows \system32\DRIVERS\processr.sys 10:15:16.0398 10884 Processor - ok 10:15:16.0461 10884 psadd (72de205cd4006dc45b1401859c506679) C:\Windows \system32\DRIVERS\psadd.sys 10:15:16.0492 10884 psadd - ok 10:15:16.0539 10884 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows \system32\DRIVERS\pacer.sys 10:15:16.0632 10884 Psched - ok 10:15:16.0726 10884 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows \system32\DRIVERS\ql2300.sys 10:15:16.0866 10884 ql2300 - ok 10:15:16.0913 10884 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows \system32\DRIVERS\ql40xx.sys 10:15:17.0085 10884 ql40xx - ok 10:15:17.0132 10884 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows \system32\drivers\qwavedrv.sys 10:15:17.0210 10884 QWAVEdrv - ok 10:15:17.0381 10884 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData \Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys 10:15:17.0428 10884 RapportCerberus_34302 - ok 10:15:18.0130 10884 RapportEI (34992b59780a8a227a9eb54c97dc4608) C:\Program Files \Trusteer\Rapport\bin\RapportEI.sys 10:15:18.0270 10884 RapportEI - ok 10:15:18.0364 10884 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata \trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys 10:15:18.0411 10884 RapportIaso - ok 10:15:18.0504 10884 RapportKELL (a231b5552148ade82ed3dfba25919b75) C:\Windows \system32\Drivers\RapportKELL.sys 10:15:18.0582 10884 RapportKELL - ok 10:15:18.0754 10884 RapportPG (060f8e34707d68178a564935ce4546eb) C:\Program Files \Trusteer\Rapport\bin\RapportPG.sys 10:15:18.0816 10884 RapportPG - ok 10:15:18.0863 10884 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows \system32\DRIVERS\rasacd.sys 10:15:18.0957 10884 RasAcd - ok 10:15:19.0019 10884 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows \system32\DRIVERS\AgileVpn.sys 10:15:19.0097 10884 RasAgileVpn - ok 10:15:19.0144 10884 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows \system32\DRIVERS\rasl2tp.sys 10:15:19.0238 10884 Rasl2tp - ok 10:15:19.0284 10884 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows \system32\DRIVERS\raspppoe.sys 10:15:19.0378 10884 RasPppoe - ok 10:15:19.0409 10884 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows \system32\DRIVERS\rassstp.sys 10:15:19.0503 10884 RasSstp - ok 10:15:19.0581 10884 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows \system32\DRIVERS\rdbss.sys 10:15:19.0643 10884 rdbss - ok 10:15:19.0674 10884 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows \system32\DRIVERS\rdpbus.sys 10:15:19.0721 10884 rdpbus - ok 10:15:19.0768 10884 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows \system32\DRIVERS\RDPCDD.sys 10:15:19.0846 10884 RDPCDD - ok 10:15:19.0908 10884 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows \system32\drivers\rdpdr.sys 10:15:19.0986 10884 RDPDR - ok 10:15:20.0018 10884 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows \system32\drivers\rdpencdd.sys 10:15:20.0236 10884 RDPENCDD - ok 10:15:20.0798 10884 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows \system32\drivers\rdprefmp.sys 10:15:20.0891 10884 RDPREFMP - ok 10:15:20.0938 10884 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows \system32\drivers\RDPWD.sys 10:15:21.0032 10884 RDPWD - ok 10:15:21.0125 10884 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows \system32\drivers\rdyboost.sys 10:15:21.0172 10884 rdyboost - ok 10:15:21.0219 10884 regi (001b4278407f4303efc902a2b16f2453) C:\Windows \system32\drivers\regi.sys 10:15:21.0250 10884 regi - ok 10:15:21.0312 10884 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows \system32\DRIVERS\rfcomm.sys 10:15:21.0344 10884 RFCOMM - ok 10:15:21.0406 10884 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows \system32\DRIVERS\rimspe86.sys 10:15:21.0468 10884 rimspci - ok 10:15:21.0531 10884 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows \system32\DRIVERS\rspndr.sys 10:15:21.0593 10884 rspndr - ok 10:15:21.0671 10884 s125bus (06847aa6f3a9bf7c44134d00a2e578c0) C:\Windows \system32\DRIVERS\s125bus.sys 10:15:21.0749 10884 s125bus - ok 10:15:21.0827 10884 s125mdfl (f83f88e1b125308fb5015ea0349502b0) C:\Windows \system32\DRIVERS\s125mdfl.sys 10:15:21.0874 10884 s125mdfl - ok 10:15:21.0905 10884 s125mdm (402a97756c14940ad6ae5169c2fb105e) C:\Windows \system32\DRIVERS\s125mdm.sys 10:15:21.0952 10884 s125mdm - ok 10:15:22.0030 10884 s125mgmt (82b14c51de76825ec769a6374e4c57d6) C:\Windows \system32\DRIVERS\s125mgmt.sys 10:15:22.0077 10884 s125mgmt - ok 10:15:22.0108 10884 s125obex (bedfc5707c356fd073bf1a4afe442d91) C:\Windows \system32\DRIVERS\s125obex.sys 10:15:22.0155 10884 s125obex - ok 10:15:22.0217 10884 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows \system32\drivers\vms3cap.sys 10:15:22.0280 10884 s3cap - ok 10:15:22.0342 10884 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows \system32\drivers\sbp2port.sys 10:15:22.0389 10884 sbp2port - ok 10:15:22.0467 10884 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows \system32\DRIVERS\scfilter.sys 10:15:22.0529 10884 scfilter - ok 10:15:23.0418 10884 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows \system32\drivers\sdbus.sys 10:15:23.0465 10884 sdbus - ok 10:15:23.0512 10884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows \system32\drivers\secdrv.sys 10:15:23.0590 10884 secdrv - ok 10:15:23.0668 10884 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows \system32\DRIVERS\serenum.sys 10:15:23.0730 10884 Serenum - ok 10:15:23.0918 10884 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows \system32\DRIVERS\serial.sys 10:15:23.0980 10884 Serial - ok 10:15:24.0074 10884 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows \system32\DRIVERS\sermouse.sys 10:15:24.0136 10884 sermouse - ok 10:15:24.0214 10884 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows \system32\drivers\sffdisk.sys 10:15:24.0276 10884 sffdisk - ok 10:15:24.0308 10884 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows \system32\drivers\sffp_mmc.sys 10:15:24.0354 10884 sffp_mmc - ok 10:15:24.0401 10884 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows \system32\drivers\sffp_sd.sys 10:15:24.0464 10884 sffp_sd - ok 10:15:24.0526 10884 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows \system32\DRIVERS\sfloppy.sys 10:15:24.0573 10884 sfloppy - ok 10:15:24.0620 10884 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\Windows \system32\DRIVERS\Apsx86.sys 10:15:24.0651 10884 Shockprf - ok 10:15:24.0682 10884 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows \system32\drivers\sisagp.sys 10:15:24.0729 10884 sisagp - ok 10:15:24.0776 10884 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows \system32\DRIVERS\SiSRaid2.sys 10:15:24.0807 10884 SiSRaid2 - ok 10:15:24.0854 10884 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows \system32\DRIVERS\sisraid4.sys 10:15:24.0900 10884 SiSRaid4 - ok 10:15:24.0947 10884 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows \system32\DRIVERS\smb.sys 10:15:25.0025 10884 Smb - ok 10:15:25.0088 10884 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files \ThinkVantage Fingerprint Software\smihlp.sys 10:15:25.0119 10884 smihlp - ok 10:15:25.0977 10884 SPBBCDrv (e621bb5839cf45fa477f48092edd2b40) C:\Program Files \Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 10:15:26.0039 10884 SPBBCDrv - ok 10:15:26.0070 10884 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows \system32\drivers\spldr.sys 10:15:26.0102 10884 spldr - ok 10:15:26.0148 10884 SRTSP (2abf82c8452ab0b9ffc74a2d5da91989) C:\Windows \system32\Drivers\SRTSP.SYS 10:15:26.0195 10884 SRTSP - ok 10:15:26.0226 10884 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\Windows \system32\Drivers\SRTSPL.SYS 10:15:26.0289 10884 SRTSPL - ok 10:15:26.0320 10884 SRTSPX (3b974c158fabd910186f98df8d3e23f3) C:\Windows \system32\Drivers\SRTSPX.SYS 10:15:26.0351 10884 SRTSPX - ok 10:15:26.0414 10884 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows \system32\DRIVERS\srv.sys 10:15:26.0507 10884 srv - ok 10:15:26.0585 10884 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows \system32\DRIVERS\srv2.sys 10:15:26.0648 10884 srv2 - ok 10:15:26.0726 10884 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows \system32\DRIVERS\VSTAZL3.SYS 10:15:26.0804 10884 SrvHsfHDA - ok 10:15:26.0866 10884 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows \system32\DRIVERS\VSTDPV3.SYS 10:15:27.0007 10884 SrvHsfV92 - ok 10:15:27.0069 10884 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows \system32\DRIVERS\VSTCNXT3.SYS 10:15:27.0163 10884 SrvHsfWinac - ok 10:15:27.0225 10884 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows \system32\DRIVERS\srvnet.sys 10:15:27.0287 10884 srvnet - ok 10:15:27.0350 10884 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows \system32\DRIVERS\stexstor.sys 10:15:27.0381 10884 stexstor - ok 10:15:27.0459 10884 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows \system32\drivers\vmstorfl.sys 10:15:27.0490 10884 storflt - ok 10:15:27.0537 10884 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows \system32\drivers\storvsc.sys 10:15:27.0584 10884 storvsc - ok 10:15:27.0662 10884 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows \system32\drivers\swenum.sys 10:15:27.0693 10884 swenum - ok 10:15:28.0504 10884 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows \system32\Drivers\SYMEVENT.SYS 10:15:28.0551 10884 SymEvent - ok 10:15:28.0613 10884 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows \System32\Drivers\SYMREDRV.SYS 10:15:28.0660 10884 SYMREDRV - ok 10:15:28.0691 10884 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows \System32\Drivers\SYMTDI.SYS 10:15:28.0723 10884 SYMTDI - ok 10:15:28.0785 10884 SynTP (bd8e7f87de409a745a132a8812de5a96) C:\Windows \system32\DRIVERS\SynTP.sys 10:15:28.0816 10884 SynTP - ok 10:15:28.0863 10884 SysPlant (1295b1da3e2a2c24c7d176f6e97afbd1) C:\Windows \SYSTEM32\Drivers\SysPlant.sys 10:15:28.0910 10884 SysPlant - ok 10:15:29.0035 10884 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows \system32\drivers\tcpip.sys 10:15:29.0128 10884 Tcpip - ok 10:15:29.0206 10884 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows \system32\DRIVERS\tcpip.sys 10:15:29.0269 10884 TCPIP6 - ok 10:15:29.0331 10884 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows \system32\drivers\tcpipreg.sys 10:15:29.0409 10884 tcpipreg - ok 10:15:29.0471 10884 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows \system32\drivers\tdpipe.sys 10:15:29.0565 10884 TDPIPE - ok 10:15:29.0627 10884 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows \system32\drivers\tdtcp.sys 10:15:29.0705 10884 TDTCP - ok 10:15:29.0783 10884 tdx (b459575348c20e8121d6039da063c704) C:\Windows \system32\DRIVERS\tdx.sys 10:15:29.0861 10884 tdx - ok 10:15:29.0971 10884 Teefer2 (1de2e1357552a79f39bff003a11c533e) C:\Windows \system32\DRIVERS\teefer2.sys 10:15:30.0002 10884 Teefer2 - ok 10:15:30.0064 10884 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows \system32\drivers\termdd.sys 10:15:30.0095 10884 TermDD - ok 10:15:30.0158 10884 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\Windows \system32\DRIVERS\ApsHM86.sys 10:15:30.0189 10884 TPDIGIMN - ok 10:15:30.0267 10884 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows \system32\drivers\tpm.sys 10:15:30.0298 10884 TPM - ok 10:15:31.0109 10884 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows \system32\drivers\Tppwr32v.sys 10:15:31.0141 10884 TPPWRIF - ok 10:15:31.0219 10884 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows \system32\DRIVERS\tssecsrv.sys 10:15:31.0281 10884 tssecsrv - ok 10:15:31.0375 10884 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows \system32\drivers\tsusbflt.sys 10:15:31.0468 10884 TsUsbFlt - ok 10:15:31.0546 10884 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows \system32\DRIVERS\tunnel.sys 10:15:31.0640 10884 tunnel - ok 10:15:31.0702 10884 TurboB (c0847edcccef8d4f5354e82ec9e90159) C:\Windows \system32\DRIVERS\TurboB.sys 10:15:31.0733 10884 TurboB - ok 10:15:31.0780 10884 TVTI2C (3078906e991f29305e8066911153717e) C:\Windows \system32\DRIVERS\Tvti2c.sys 10:15:31.0811 10884 TVTI2C - ok 10:15:31.0874 10884 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows \system32\DRIVERS\uagp35.sys 10:15:31.0921 10884 uagp35 - ok 10:15:31.0983 10884 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows \system32\DRIVERS\udfs.sys 10:15:32.0092 10884 udfs - ok 10:15:32.0170 10884 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows \system32\drivers\uliagpkx.sys 10:15:32.0217 10884 uliagpkx - ok 10:15:32.0311 10884 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows \system32\drivers\umbus.sys 10:15:32.0342 10884 umbus - ok 10:15:32.0373 10884 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows \system32\DRIVERS\umpass.sys 10:15:32.0420 10884 UmPass - ok 10:15:32.0498 10884 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows \system32\Drivers\usbaapl.sys 10:15:32.0591 10884 USBAAPL - ok 10:15:32.0654 10884 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows \system32\DRIVERS\usbccgp.sys 10:15:32.0716 10884 usbccgp - ok 10:15:32.0763 10884 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows \system32\drivers\usbcir.sys 10:15:32.0810 10884 usbcir - ok 10:15:32.0981 10884 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows \system32\drivers\usbehci.sys 10:15:33.0527 10884 usbehci - ok 10:15:33.0699 10884 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows \system32\DRIVERS\usbhub.sys 10:15:33.0761 10884 usbhub - ok 10:15:33.0824 10884 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows \system32\drivers\usbohci.sys 10:15:33.0886 10884 usbohci - ok 10:15:33.0949 10884 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows \system32\DRIVERS\usbprint.sys 10:15:33.0995 10884 usbprint - ok 10:15:34.0151 10884 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows \system32\DRIVERS\usbscan.sys 10:15:34.0229 10884 usbscan - ok 10:15:34.0292 10884 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows \system32\DRIVERS\USBSTOR.SYS 10:15:34.0385 10884 USBSTOR - ok 10:15:34.0432 10884 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows \system32\drivers\usbuhci.sys 10:15:34.0495 10884 usbuhci - ok 10:15:34.0557 10884 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows \System32\Drivers\usbvideo.sys 10:15:34.0604 10884 usbvideo - ok 10:15:34.0682 10884 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows \system32\drivers\vdrvroot.sys 10:15:34.0713 10884 vdrvroot - ok 10:15:34.0760 10884 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows \system32\DRIVERS\vgapnp.sys 10:15:34.0838 10884 vga - ok 10:15:34.0869 10884 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows \System32\drivers\vga.sys 10:15:34.0963 10884 VgaSave - ok 10:15:35.0041 10884 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows \system32\drivers\vhdmp.sys 10:15:35.0087 10884 vhdmp - ok 10:15:35.0165 10884 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows \system32\drivers\viaagp.sys 10:15:35.0212 10884 viaagp - ok 10:15:35.0259 10884 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows \system32\DRIVERS\viac7.sys 10:15:35.0321 10884 ViaC7 - ok 10:15:35.0399 10884 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows \system32\drivers\viaide.sys 10:15:35.0431 10884 viaide - ok 10:15:36.0226 10884 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows \system32\drivers\vmbus.sys 10:15:36.0273 10884 vmbus - ok 10:15:36.0304 10884 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows \system32\drivers\VMBusHID.sys 10:15:36.0367 10884 VMBusHID - ok 10:15:36.0413 10884 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows \system32\drivers\volmgr.sys 10:15:36.0445 10884 volmgr - ok 10:15:36.0476 10884 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows \system32\drivers\volmgrx.sys 10:15:36.0523 10884 volmgrx - ok 10:15:36.0569 10884 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows \system32\drivers\volsnap.sys 10:15:36.0616 10884 volsnap - ok 10:15:36.0663 10884 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows \system32\DRIVERS\vsmraid.sys 10:15:36.0710 10884 vsmraid - ok 10:15:36.0741 10884 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows \system32\DRIVERS\vwifibus.sys 10:15:36.0803 10884 vwifibus - ok 10:15:36.0866 10884 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows \system32\DRIVERS\vwififlt.sys 10:15:36.0913 10884 vwififlt - ok 10:15:36.0944 10884 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows \system32\DRIVERS\vwifimp.sys 10:15:36.0975 10884 vwifimp - ok 10:15:37.0022 10884 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows \system32\DRIVERS\wacompen.sys 10:15:37.0069 10884 WacomPen - ok 10:15:37.0131 10884 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows \system32\DRIVERS\wanarp.sys 10:15:37.0209 10884 WANARP - ok 10:15:37.0209 10884 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows \system32\DRIVERS\wanarp.sys 10:15:37.0287 10884 Wanarpv6 - ok 10:15:37.0349 10884 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows \system32\DRIVERS\wd.sys 10:15:37.0396 10884 Wd - ok 10:15:37.0443 10884 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows \system32\drivers\Wdf01000.sys 10:15:37.0490 10884 Wdf01000 - ok 10:15:37.0552 10884 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows \system32\DRIVERS\wfplwf.sys 10:15:37.0615 10884 WfpLwf - ok 10:15:37.0661 10884 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows \system32\drivers\wimmount.sys 10:15:37.0693 10884 WIMMount - ok 10:15:37.0771 10884 winachsf (253a9c2df9a2a7b3b23146014959f2cd) C:\Windows \system32\DRIVERS\HSX_CNXT.sys 10:15:37.0833 10884 winachsf - ok 10:15:37.0942 10884 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows \system32\DRIVERS\WinUSB.sys 10:15:38.0098 10884 WinUsb - ok 10:15:38.0847 10884 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows \system32\drivers\wmiacpi.sys 10:15:38.0894 10884 WmiAcpi - ok 10:15:38.0972 10884 WPS (c1620ebb375d3b02e31fd311c44fedeb) C:\Windows \system32\drivers\wpsdrvnt.sys 10:15:39.0003 10884 WPS - ok 10:15:39.0050 10884 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows \system32\drivers\WpsHelper.sys 10:15:39.0081 10884 WpsHelper - ok 10:15:39.0128 10884 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows \system32\drivers\ws2ifsl.sys 10:15:39.0237 10884 ws2ifsl - ok 10:15:39.0315 10884 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows \system32\drivers\WudfPf.sys 10:15:39.0409 10884 WudfPf - ok 10:15:39.0471 10884 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows \system32\DRIVERS\WUDFRd.sys 10:15:39.0549 10884 WUDFRd - ok 10:15:39.0611 10884 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows \system32\DRIVERS\XAudio32.sys 10:15:39.0643 10884 XAudio - ok 10:15:39.0689 10884 MBR (0x1B8) (bca79969e5e06eef18fcb13b6cfadd95) \Device\Harddisk0\DR0 10:15:39.0814 10884 \Device\Harddisk0\DR0 - ok 10:15:39.0845 10884 Boot (0x1200) (71f3f3285c94c0864d3c545a481368ca) \Device \Harddisk0\DR0\Partition0 10:15:39.0861 10884 \Device\Harddisk0\DR0\Partition0 - ok 10:15:39.0877 10884 Boot (0x1200) (595da05ed7acb69af4dc5b5945dd195e) \Device \Harddisk0\DR0\Partition1 10:15:39.0877 10884 \Device\Harddisk0\DR0\Partition1 - ok 10:15:39.0908 10884 Boot (0x1200) (c99903ee01c0351dee23f8139179fa93) \Device \Harddisk0\DR0\Partition2 10:15:39.0908 10884 \Device\Harddisk0\DR0\Partition2 - ok 10:15:39.0908 10884 ============================================================ 10:15:39.0908 10884 Scan finished 10:15:39.0908 10884 ============================================================ 10:15:39.0923 1428 Detected object count: 0 10:15:39.0923 1428 Actual detected object count: 0
  10. Hi MrC, Thanks for your response and your help! I am attaching the DDS.txt and Attach.txt files below, as you suggested. Do let me know what I should do next. thanks, SP . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29 Run by Saurabh at 22:39:20 on 2012-02-17 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3060.1701 [GMT -5:00] . AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k NetworkService C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe C:\Windows\system32\Dwm.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\taskhost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Windows\System32\TpShocks.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Lenovo\Client Security Solution\password_manager.exe C:\Program Files\Memeo\AutoBackup\InstantBackup.exe C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Memeo\Memeo Send\MemeoSend.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE C:\Users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Users\Saurabh\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Lenovo\Access Connections\AcSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\Program Files\Lenovo\System Update\SUService.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://lenovo.msn.com uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie \rpbrowserrecordplugin.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [Google Update] "c:\users\saurabh\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe" mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe mRun: [<NO NAME>] mRun: [TpShocks] TpShocks.exe mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup mRun: [smartAudio] c:\program files\conexant\saii\SAIICpl.exe /t mRun: [nwiz] nwiz.exe /installquiet mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui mRun: [Memeo Send] c:\program files\memeo\memeo send\MemeoLauncher.exe --silent mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot StartupFolder: c:\users\saurabh\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\saurabh\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2012\QBW32.EXE mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll Trusted Zone: intuit.com\ttlc DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039}\7416C6C65737 : DhcpNameServer = 192.168.15.1 TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039}\A4847457563747E65647 : DhcpNameServer = 128.220.1.75 162.129.253.134 TCP: Interfaces\{8C4D3ACC-EC63-4E29-9076-F6D667502039}\F46796371627965637 : DhcpNameServer = 192.168.2.1 68.87.64.150 68.87.75.198 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\saurabh\appdata\roaming\mozilla\firefox\profiles\0653317f.default\ FF - prefs.js: browser.startup.homepage - about:home FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\saurabh\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\saurabh\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll . ============= SERVICES / DRIVERS =============== . R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-20 24304] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-1-25 56208] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-12-9 13480] R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208] R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-1-25 71440] R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-1-25 164112] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128] R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-2-20 132456] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\hotkey\cammute.exe [2009-12-9 54632] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-12-9 44984] R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-22 25824] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-8-19 1248256] R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-1-25 931640] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032] R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-2-20 48640] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2010-4-30 14088] R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-12-16 2477304] R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-7-6 173352] R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-1 2337144] R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-12-9 62904] R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752] R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-2-20 126080] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-2-20 29472] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-2-20 214696] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-20 125696] R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-2-20 66664] R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-11-20 20848] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-6-22 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-11-20 20848] S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-2-20 75112] S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-22 52224] S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-29 99768] . =============== Created Last 30 ================ . 2012-02-17 23:44:43 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cd41c75b-7ae7-476d-ad88-b459a7c60f33}\mpengine.dll 2012-02-16 08:06:18 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-02-16 06:24:46 388096 ----a-r- c:\users\saurabh\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-02-16 06:24:45 -------- d-----w- c:\program files\Trend Micro 2012-02-16 05:56:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-02-16 05:56:00 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-02-16 05:46:33 -------- d-----w- c:\users\saurabh\appdata\roaming\Malwarebytes 2012-02-16 05:46:30 -------- d-----w- c:\programdata\Malwarebytes 2012-02-16 05:46:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-16 05:46:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-16 03:29:32 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 03:28:39 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-16 03:27:59 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-01 17:09:42 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2012-02-01 17:09:42 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2012-02-01 17:09:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2012-02-01 17:09:41 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2012-02-01 17:09:41 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2012-02-01 17:09:40 924632 ----a-w- c:\program files\mozilla firefox\firefox.exe 2012-02-01 17:09:37 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll 2012-02-01 17:09:37 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll 2012-02-01 17:09:37 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll 2012-02-01 17:09:37 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll 2012-02-01 15:04:16 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll 2012-02-01 15:03:26 -------- d-----w- c:\program files\common files\xing shared 2012-02-01 15:02:52 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll 2012-02-01 15:02:22 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll 2012-01-31 20:06:02 -------- d-----w- c:\program files\One-Click Export 2012-01-25 23:32:14 -------- d-----w- c:\users\saurabh\appdata\local\Intuit_Inc 2012-01-25 15:16:44 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys . ==================== Find3M ==================== . 2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll 2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-12-12 20:10:17 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-11-23 18:12:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: ST950042 rev.0003 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully . Disk trace: called modules: >>UNKNOWN [0x8323E000]<< >>UNKNOWN [0x8BA00000]<< >>UNKNOWN [0x8BBDD000]<< >>UNKNOWN [0x8B62D000]<< >>UNKNOWN [0x83207000]<< >>UNKNOWN [0x8B82C000]<< _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x8327552A] -> \Device\Harddisk0\DR0[0x88258AA0] \Driver\Disk[0x88257C98] -> IRP_MJ_CREATE -> 0x8BA0439F 3 [0x8BA0459E] -> ntkrnlpa!IofCallDriver[0x8327552A] -> [0x866E8B90] \Driver\ACPI[0x85950E58] -> IRP_MJ_CREATE -> 0x8B6364CC 5 [0x8B6363D4] -> ntkrnlpa!IofCallDriver[0x8327552A] -> \Device\Ide\IAAStorageDevice-1[0x866D4028] \Driver\iaStor[0x8592FF38] -> IRP_MJ_CREATE -> 0x8B852B26 kernel: MBR read successfully _asm { JMP 0x10; } user & kernel MBR OK copy of MBR has been found in sector 9 ! Warning: possible TDL3 rootkit infection ! . ============= FINISH: 22:41:55.60 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/9/2010 3:07:04 PM System Uptime: 2/17/2012 10:15:10 AM (12 hours ago) . Motherboard: LENOVO | | 43142PU Processor: Intel® Core i5 CPU M 540 @ 2.53GHz | None | 1190/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 455 GiB total, 149.73 GiB free. E: is CDROM () Q: is FIXED (NTFS) - 10 GiB total, 3.352 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP312: 2/3/2012 9:18:27 AM - Windows Update RP313: 2/5/2012 3:01:03 AM - Windows Update RP314: 2/8/2012 9:36:22 AM - Windows Update RP315: 2/14/2012 12:11:43 PM - Windows Update RP316: 2/16/2012 1:23:16 AM - Installed HiJackThis RP317: 2/16/2012 3:02:02 AM - Windows Update RP318: 2/16/2012 3:34:48 PM - Removed Ad-Aware RP319: 2/16/2012 11:12:54 PM - Removed Ad-Aware . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office system 32 Bit HP CIO Components Installer 7-Zip 9.20 Access Help Adobe Acrobat 6.0 Professional Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 9.4.6 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Apple Application Support Apple Mobile Device Support Apple Software Update AT&T Service Activation Avidemux 2.5 Bing Bar Bing Bar Platform Bonjour BufferChm Burn.Now 4.5 Business Contact Manager for Outlook 2007 SP2 Client Security - Password Manager Conexant 20585 SmartAudio HD Copy Corel Burn.Now Lenovo Edition Corel DVD MovieFactory 7 Corel DVD MovieFactory 7 Lenovo Edition Create Recovery Media D3DX10 Destinations DeviceDiscovery Direct DiscRecorder Disable AMT Profile Synchronization Pop-up for Windows Vista/7 DJ_AIO_03_F4200_Software_Min Dropbox DVD Decrypter (Remove Only) DVD Shrink 3.2 EndNote 8.0.2 F4200 FEMLAB 3.1 Google Chrome Google Talk Plugin GPBaseService2 GPL Ghostscript 8.64 HiJackThis HP Customer Participation Program 13.0 HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply iCloud ImageJ 1.45s ImgBurn Integrated Camera Driver Installer Package Ver.1.1.0.17 Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Driver Intel® Turbo Boost Technology Monitor InterVideo WinDVD 8 iSEEK AnswerWorks English Runtime ISI ResearchSoft - Export Helper iTunes Java Auto Updater Java 6 Update 29 Juniper Networks Network Connect 6.5.0 Juniper Networks Network Connect 7.0.0 Juniper Networks Setup Client Juniper Networks Setup Client Activex Control Junk Mail filter update Lenovo System Interface Driver Lenovo ThinkVantage Toolbox Lenovo Warranty Information Lenovo Welcome LiveUpdate 3.3 (Symantec Corporation) Macromedia FreeHand 10 Malwarebytes Anti-Malware version 1.60.1.1000 MarketResearch Mathematica 5.2 MATLAB R2006a Memeo Instant Backup Memeo Send Memeo Share Mesh Runtime Message Center Plus Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft IntelliPoint 8.0 Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Research AutoCollage Touch 2009 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Sync Framework 2.0 Core Components (x86) ENU Microsoft Sync Framework 2.0 Provider Services (x86) ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual Studio 2005 Tools for Office Runtime Mobile Broadband Connect MobileMe Control Panel Mozilla Firefox 10.0 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MyPhoneExplorer NVIDIA Drivers NVIDIA nView Desktop Manager On Screen Display One-Click Export PDF Settings PDFill PDF Editor with FREE Writer and Free Tools Picasa 3 PrimoPDF -- by Nitro PDF Software QuickBooks QuickBooks Pro 2012 QuickTime Rapport RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 Rescue and Recovery RICOH R5U230 Media Driver ver.2.06.02.02 Scan Seagate Dashboard Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Shop for HP Supplies Skype Click to Call Skype™ 5.5 SmartWebPrinting SolutionCenter Sony Ericsson Device Data Sony Ericsson Drivers Sony Ericsson PC Suite Spotify Spybot - Search & Destroy Status Symantec Endpoint Protection SyncToy 2.1 (x86) System Update Tansee iPhone Transfer SMS TeamViewer 5 TeamViewer 6 ThinkPad Bluetooth with Enhanced Data Rate Software ThinkPad FullScreen Magnifier ThinkPad Hotkey Features Integration Setup ThinkPad Modem Adapter ThinkPad Power Management Driver ThinkPad Power Manager ThinkPad UltraNav Driver ThinkPad UltraNav Utility ThinkVantage Access Connections ThinkVantage Active Protection System ThinkVantage Fingerprint Software Toolbox TrayApp TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Service Verizon Wireless Mobile Broadband Self Activation Watermark Image software version 1.9.9.7 WebReg Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Driver Package - Intel (e1kexpress) Net (12/01/2009 11.5.7.0) Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) Windows Essentials Media Codec Pack 3.1 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wolfram Notebook Indexer 1.1 Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 2/17/2012 9:47:08 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 2/17/2012 9:46:21 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 2/17/2012 10:19:59 AM, Error: Service Control Manager [7034] - The MATLAB Server service terminated unexpectedly. It has done this 1 time(s). 2/16/2012 2:14:34 AM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "002314123820" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. 2/16/2012 12:45:45 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 2/16/2012 11:36:45 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.164.132.97. The computer with the IP address 10.164.133.156 did not allow the name to be claimed by this computer. 2/16/2012 1:13:57 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 2/15/2012 6:14:57 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Netman service. 2/15/2012 5:43:00 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WANHUA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced. 2/15/2012 4:50:06 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SABSAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced. 2/15/2012 4:41:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SCOTT-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced. 2/15/2012 4:21:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer POSEIDON that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced. 2/15/2012 4:06:35 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PETER-XPS that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced. 2/15/2012 3:55:34 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer WEN-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced. 2/15/2012 3:49:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SKYNET that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced. 2/15/2012 3:16:46 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRYSOPHYLAX that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66. The master browser is stopping or an election is being forced. 2/15/2012 11:04:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 2/15/2012 11:04:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 2/15/2012 11:04:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/15/2012 11:03:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/15/2012 11:03:17 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 2/15/2012 11:03:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl lenovo.smi RapportKELL SPBBCDrv spldr SRTSP SRTSPX SYMTDI TPPWRIF Wanarpv6 2/15/2012 1:20:39 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 2/14/2012 5:51:55 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer YUANFENG-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667. The master browser is stopping or an election is being forced. 2/14/2012 5:48:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PIYUSH-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6. The master browser is stopping or an election is being forced. 2/14/2012 5:46:59 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JHU-0439F46ABA4 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6. The master browser is stopping or an election is being forced. 2/14/2012 5:44:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SEABASS-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D. The master browser is stopping or an election is being forced. 2/14/2012 5:40:04 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TREE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502039}. The master browser is stopping or an election is being forced. 2/14/2012 5:36:27 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GROVER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced. 2/14/2012 5:32:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer 0B726C703E9A49E that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6. The master browser is stopping or an election is being forced. 2/14/2012 5:29:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ALEXIS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced. 2/14/2012 5:28:41 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GUY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750203. The master browser is stopping or an election is being forced. 2/14/2012 5:27:09 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer NOW_IBM that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced. 2/14/2012 5:24:07 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KHAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced. 2/14/2012 5:21:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KONEKO_BASU that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667. The master browser is stopping or an election is being forced. 2/14/2012 5:18:52 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ADITA-STUDIOPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D. The master browser is stopping or an election is being forced. 2/14/2012 5:13:05 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MIA-THINK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66750. The master browser is stopping or an election is being forced. 2/14/2012 5:11:23 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer TUTKUN-THINK that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D66. The master browser is stopping or an election is being forced. 2/14/2012 5:10:47 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ACLAYTON-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6. The master browser is stopping or an election is being forced. 2/14/2012 5:08:24 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHEW-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced. 2/14/2012 5:02:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MATTHEWKERR-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D. The master browser is stopping or an election is being forced. 2/14/2012 4:53:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SSOCT-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced. 2/14/2012 4:48:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RICHARD-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675. The master browser is stopping or an election is being forced. 2/14/2012 4:46:18 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ROSEBUD that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D6675020. The master browser is stopping or an election is being forced. 2/13/2012 9:26:10 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the TeamViewer6 service. 2/13/2012 8:55:58 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 2/11/2012 11:02:25 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service. 2/10/2012 7:15:11 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KARLO-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8C4D3ACC-EC63-4E29-9076-F6D667502. The master browser is stopping or an election is being forced. 2/10/2012 7:03:50 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. . ==== End Of File ===========================
  11. Hello, I've been having this problem, where I am not able to go to www.google.com using Chrome. It goes to "www.google.com/search.php" and displays the following message on the page: "Google 404. That’s an error. The requested URL /search.php was not found on this server. That’s all we know." The tab says " Error 404 (Not Found)!!1 ". When you load Chrome (Google is my home page), it very briefly gives a heading on the tab saying "Welcome to mydomainadvisor.com" before it goes to the "" Error 404 (Not Found)!!1 " message. Weird thing is that I am able to access google.com from Mozilla and Internet explorer. Also, Google searches work fine from the address bar on Chrome. I haven't noticed this with other websites like yahoo.com, bing.com, cnn.com etc. I have read quite a few posts on this issue on this forum and others, to know that this is likely a real issue, and I'm afraid it could get worse/ my passwords and other data could get stolen... now the only problem is I don't know how to get rid of this I have tried to scan using Malwarebytes Anti-Malware, Spybot, and Adaware (before I unistalled it recently). I have also scanned the whole system using Symantec. I am attaching the most recent Malwarebytes and HiJackThis logs in advance, to speed up the process. I would appreaciate your help in guiding me through this process!... Many thanks in advance! SP *************** Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.17.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Saurabh :: SAURABHP [administrator] 2/17/2012 11:36:12 AM mbam-log-2012-02-17 (11-36-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219905 Time elapsed: 17 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ************* Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:31:04 AM, on 2/17/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Windows\System32\TpShocks.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Lenovo\Client Security Solution\password_manager.exe C:\Program Files\Memeo\AutoBackup\InstantBackup.exe C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Memeo\Memeo Send\MemeoSend.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE C:\Users\Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Users\Saurabh\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP \Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870 -4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft \Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C: \Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files \Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype \Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C: \Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar \Platform\6.3.2322.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP \Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100- df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS \PIconStartup.exe" O4 - HKLM\..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software \launcher.exe" /startup O4 - HKLM\..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader \Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe -- silent --no_ui O4 - HKLM\..\Run: [Memeo Send] C:\Program Files\Memeo\Memeo Send\MemeoLauncher.exe --silent O4 - HKLM\..\Run: [seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard \MemeoLauncher.exe --silent --no_ui O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support \AppleSyncNotifier.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support \APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update \jusched.exe" O4 - HKLM\..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync \IntuitSyncManager.exe startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKCU\..\Run: [Google Update] "C:\Users\Saurabh\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = Saurabh\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr \acrotray.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin \hpqtra08.exe O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect \IntuitDataProtect.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit \QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows \system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C: \PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad \Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad \Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B- C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer \WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer \WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C: \Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C: \PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA- C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software \btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo \Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files \PlotSoft\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live \wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live \wlidnsp.dll O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O18 - Protocol: intu-help-qb5 - {867FCB77-9823-4CD6-8210-D85F968D466F} - C:\Program Files\Intuit \QuickBooks 2012\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files \Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live \Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad \Bluetooth Software\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files \Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad \Utilities\DOZESVC.EXE O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files \Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr \iviRegMgr.exe O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files \LENOVO\HOTKEY\CAMMUTE.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files \LENOVO\HOTKEY\MICMUTE.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB\R2006a \webserver\bin\win32\matlabserver.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup \MemeoBackgroundService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows \system32\nvvsvc.exe O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities \PWMDBSVC.EXE O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks \QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files \Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files\Common Files\Intuit \DataProtect\QBIDPService.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C: \Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files \Seagate\Seagate Dashboard\SeagateDashboardService.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files \Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C: \Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer \Version5\TeamViewer_Service.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer \Version6\TeamViewer_Service.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files \Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows \System32\TPHDEXLG.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO \HOTKEY\TPHKSVC.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost \TurboBoost.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- End of file - 18553 bytes