Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google, yahoo search redirect to unknown sites


  • Please log in to reply
16 replies to this topic

#1 Kiran Madhu

Kiran Madhu

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 09 September 2012 - 07:55 AM

Hi,

I think I am infected with some virus , spyware etc..

When ever i click on Google search it goes unknown sites.. i could see some thing like Secure.bidvertiser.com etc.

I have tired different tools like SPYbot, tdsskiller,FixTDSS etc.. But non worked.. i am still facing issue.

Please let me know how i can clear this.

Regards,
Kiran

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:26 PM

Posted 09 September 2012 - 07:56 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Kiran Madhu

Kiran Madhu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 09 September 2012 - 08:51 AM

Hi


Please find below logs.

TDSSkiller


18:34:35.0406 5304 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:34:37.0411 5304 ============================================================
18:34:37.0412 5304 Current date / time: 2012/09/09 18:34:37.0411
18:34:37.0412 5304 SystemInfo:
18:34:37.0412 5304
18:34:37.0412 5304 OS Version: 6.1.7601 ServicePack: 1.0
18:34:37.0412 5304 Product type: Workstation
18:34:37.0412 5304 ComputerName: YH2148L
18:34:37.0412 5304 UserName: kiran.madhu
18:34:37.0412 5304 Windows directory: C:\Windows
18:34:37.0412 5304 System windows directory: C:\Windows
18:34:37.0412 5304 Processor architecture: Intel x86
18:34:37.0412 5304 Number of processors: 4
18:34:37.0412 5304 Page size: 0x1000
18:34:37.0412 5304 Boot type: Normal boot
18:34:37.0412 5304 ============================================================
18:34:38.0156 5304 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:34:38.0167 5304 ============================================================
18:34:38.0167 5304 \Device\Harddisk0\DR0:
18:34:38.0168 5304 MBR partitions:
18:34:38.0168 5304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4B000, BlocksNum 0xFDB000
18:34:38.0168 5304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1026000, BlocksNum 0x637E27C
18:34:38.0180 5304 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x73A42BB, BlocksNum 0x847E789
18:34:38.0196 5304 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xF824000, BlocksNum 0xD9A1000
18:34:38.0196 5304 ============================================================
18:34:38.0211 5304 D: <-> \Device\Harddisk0\DR0\Partition4
18:34:38.0256 5304 C: <-> \Device\Harddisk0\DR0\Partition2
18:34:38.0273 5304 G: <-> \Device\Harddisk0\DR0\Partition3
18:34:38.0273 5304 ============================================================
18:34:38.0273 5304 Initialize success
18:34:38.0273 5304 ============================================================
18:34:46.0506 9796 ============================================================
18:34:46.0506 9796 Scan started
18:34:46.0506 9796 Mode: Manual; TDLFS;
18:34:46.0506 9796 ============================================================
18:34:46.0859 9796 ================ Scan system memory ========================
18:34:46.0859 9796 System memory - ok
18:34:46.0860 9796 ================ Scan services =============================
18:34:47.0056 9796 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:34:47.0059 9796 1394ohci - ok
18:34:47.0118 9796 [ AF1F178B0218B44876E63BF0B019E96B ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
18:34:47.0120 9796 Acceler - ok
18:34:47.0138 9796 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:34:47.0142 9796 ACPI - ok
18:34:47.0190 9796 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:34:47.0191 9796 AcpiPmi - ok
18:34:47.0315 9796 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
18:34:47.0321 9796 Ad-Aware Service - ok
18:34:47.0423 9796 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:34:47.0424 9796 AdobeARMservice - ok
18:34:47.0538 9796 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:34:47.0539 9796 AdobeFlashPlayerUpdateSvc - ok
18:34:47.0583 9796 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:34:47.0586 9796 adp94xx - ok
18:34:47.0605 9796 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:34:47.0607 9796 adpahci - ok
18:34:47.0619 9796 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:34:47.0621 9796 adpu320 - ok
18:34:47.0644 9796 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:34:47.0645 9796 AeLookupSvc - ok
18:34:47.0740 9796 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
18:34:47.0742 9796 AESTFilters - ok
18:34:47.0800 9796 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:34:47.0802 9796 AFD - ok
18:34:47.0832 9796 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:34:47.0833 9796 agp440 - ok
18:34:47.0847 9796 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:34:47.0848 9796 aic78xx - ok
18:34:47.0880 9796 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:34:47.0881 9796 ALG - ok
18:34:47.0911 9796 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:34:47.0912 9796 aliide - ok
18:34:47.0924 9796 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:34:47.0925 9796 amdagp - ok
18:34:47.0949 9796 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:34:47.0950 9796 amdide - ok
18:34:47.0961 9796 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:34:47.0961 9796 AmdK8 - ok
18:34:47.0974 9796 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:34:47.0975 9796 AmdPPM - ok
18:34:48.0000 9796 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:34:48.0000 9796 amdsata - ok
18:34:48.0023 9796 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:34:48.0024 9796 amdsbs - ok
18:34:48.0037 9796 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:34:48.0038 9796 amdxata - ok
18:34:48.0088 9796 [ E8A8E6072CB7E2032E85E7735DAA511F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
18:34:48.0089 9796 ApfiltrService - ok
18:34:48.0128 9796 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:34:48.0129 9796 AppID - ok
18:34:48.0164 9796 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:34:48.0165 9796 AppIDSvc - ok
18:34:48.0204 9796 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:34:48.0205 9796 Appinfo - ok
18:34:48.0278 9796 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:34:48.0280 9796 Apple Mobile Device - ok
18:34:48.0317 9796 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:34:48.0318 9796 AppMgmt - ok
18:34:48.0350 9796 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:34:48.0351 9796 arc - ok
18:34:48.0369 9796 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:34:48.0370 9796 arcsas - ok
18:34:48.0393 9796 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:34:48.0394 9796 AsyncMac - ok
18:34:48.0409 9796 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:34:48.0410 9796 atapi - ok
18:34:48.0466 9796 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:34:48.0469 9796 AudioEndpointBuilder - ok
18:34:48.0558 9796 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:34:48.0561 9796 Audiosrv - ok
18:34:48.0600 9796 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:34:48.0601 9796 AxInstSV - ok
18:34:48.0625 9796 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:34:48.0628 9796 b06bdrv - ok
18:34:48.0672 9796 [ 15BCC5D933510D146B1EAFEC0448A0CE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:34:48.0674 9796 b57nd60x - ok
18:34:48.0722 9796 [ 94F2DC372163D520D7B1DAD78AE40B5E ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
18:34:48.0723 9796 BCM42RLY - ok
18:34:48.0822 9796 [ 684320E13CFF66CBAC085654E26ED712 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
18:34:48.0841 9796 BCM43XX - ok
18:34:48.0900 9796 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:34:48.0901 9796 BDESVC - ok
18:34:48.0916 9796 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:34:48.0917 9796 Beep - ok
18:34:49.0018 9796 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:34:49.0021 9796 BFE - ok
18:34:49.0142 9796 [ 1B63F2B7CA6B5290CC124CDD07520BC9 ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
18:34:49.0144 9796 BingDesktopUpdate - ok
18:34:49.0185 9796 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:34:49.0191 9796 BITS - ok
18:34:49.0207 9796 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:34:49.0208 9796 blbdrive - ok
18:34:49.0291 9796 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:34:49.0293 9796 Bonjour Service - ok
18:34:49.0321 9796 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:34:49.0322 9796 bowser - ok
18:34:49.0339 9796 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:34:49.0340 9796 BrFiltLo - ok
18:34:49.0355 9796 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:34:49.0356 9796 BrFiltUp - ok
18:34:49.0388 9796 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
18:34:49.0389 9796 Browser - ok
18:34:49.0404 9796 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:34:49.0405 9796 Brserid - ok
18:34:49.0421 9796 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:34:49.0422 9796 BrSerWdm - ok
18:34:49.0438 9796 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:34:49.0439 9796 BrUsbMdm - ok
18:34:49.0458 9796 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:34:49.0458 9796 BrUsbSer - ok
18:34:49.0511 9796 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:34:49.0512 9796 BthEnum - ok
18:34:49.0525 9796 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:34:49.0526 9796 BTHMODEM - ok
18:34:49.0550 9796 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:34:49.0552 9796 BthPan - ok
18:34:49.0571 9796 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:34:49.0574 9796 BTHPORT - ok
18:34:49.0609 9796 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:34:49.0610 9796 bthserv - ok
18:34:49.0618 9796 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:34:49.0619 9796 BTHUSB - ok
18:34:49.0645 9796 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
18:34:49.0646 9796 btusbflt - ok
18:34:49.0710 9796 [ BDA4E1060947FB60585E6CEC32B18353 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:34:49.0712 9796 ccEvtMgr - ok
18:34:49.0789 9796 [ A454A9BAA25B8C8E76735DD86BD4B017 ] CcmExec C:\Windows\system32\CCM\CcmExec.exe
18:34:49.0794 9796 CcmExec - ok
18:34:49.0802 9796 [ BDA4E1060947FB60585E6CEC32B18353 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:34:49.0805 9796 ccSetMgr - ok
18:34:49.0874 9796 [ B111CDDFB3024B7BFD54A18D84277F0F ] cdfdrv C:\Windows\system32\DRIVERS\cdfdrv.sys
18:34:49.0875 9796 cdfdrv - ok
18:34:49.0910 9796 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:34:49.0911 9796 cdfs - ok
18:34:49.0973 9796 [ 45AC3A82E538BF7CD1FDCC539EA7FC30 ] CdfSvc C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe
18:34:49.0975 9796 CdfSvc - ok
18:34:50.0021 9796 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:34:50.0022 9796 cdrom - ok
18:34:50.0078 9796 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:34:50.0084 9796 CertPropSvc - ok
18:34:50.0126 9796 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:34:50.0127 9796 circlass - ok
18:34:50.0165 9796 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:34:50.0167 9796 CLFS - ok
18:34:50.0230 9796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:34:50.0231 9796 clr_optimization_v2.0.50727_32 - ok
18:34:50.0320 9796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:34:50.0324 9796 clr_optimization_v4.0.30319_32 - ok
18:34:50.0337 9796 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:34:50.0338 9796 CmBatt - ok
18:34:50.0371 9796 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:34:50.0374 9796 cmdide - ok
18:34:50.0429 9796 [ 6427525D76F61D0C519B008D3680E8E7 ] CNG C:\Windows\system32\Drivers\cng.sys
18:34:50.0436 9796 CNG - ok
18:34:50.0473 9796 [ 4EB6222BE3C3C8071F4A9CA076241D1D ] cnnctfy2 C:\Windows\system32\DRIVERS\cnnctfy2.sys
18:34:50.0474 9796 cnnctfy2 - ok
18:34:50.0495 9796 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:34:50.0496 9796 Compbatt - ok
18:34:50.0529 9796 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:34:50.0532 9796 CompositeBus - ok
18:34:50.0547 9796 COMSysApp - ok
18:34:50.0642 9796 [ 4DBC76CFC9A53D7F39BFC2DC8D505B0D ] Connectify C:\Program Files\Connectify\ConnectifyService.exe
18:34:50.0643 9796 Connectify - ok
18:34:50.0655 9796 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:34:50.0657 9796 crcdisk - ok
18:34:50.0705 9796 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:34:50.0709 9796 CryptSvc - ok
18:34:50.0744 9796 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
18:34:50.0751 9796 CSC - ok
18:34:50.0786 9796 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
18:34:50.0795 9796 CscService - ok
18:34:50.0847 9796 [ 636E8EE0E6372DBFC156248DD2C73D60 ] ctxpidmn C:\Windows\system32\DRIVERS\ctxpidmn.sys
18:34:50.0850 9796 ctxpidmn - ok
18:34:50.0871 9796 [ AA5433F207F30B6EC9D9EDF8301EB266 ] CtxSbx C:\Windows\system32\DRIVERS\CtxSbx.sys
18:34:50.0876 9796 CtxSbx - ok
18:34:50.0915 9796 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
18:34:50.0918 9796 CVirtA - ok
18:34:51.0032 9796 [ 8B8B082010775093081DEBE9621BEDF0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
18:34:51.0043 9796 CVPND - ok
18:34:51.0085 9796 [ 720482888C3778F26EEB83D286A6CDC3 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
18:34:51.0091 9796 CVPNDRVA - ok
18:34:51.0110 9796 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:34:51.0114 9796 DcomLaunch - ok
18:34:51.0143 9796 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:34:51.0148 9796 defragsvc - ok
18:34:51.0183 9796 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:34:51.0186 9796 DfsC - ok
18:34:51.0202 9796 dgderdrv - ok
18:34:51.0255 9796 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:34:51.0261 9796 Dhcp - ok
18:34:51.0355 9796 [ 4F26BB00747D41E7C0FE8EBB2900F862 ] DirMngr C:\Program Files\GNU\GnuPG\dirmngr.exe
18:34:51.0358 9796 DirMngr - ok
18:34:51.0378 9796 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:34:51.0382 9796 discache - ok
18:34:51.0410 9796 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:34:51.0413 9796 Disk - ok
18:34:51.0460 9796 [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
18:34:51.0464 9796 DNE - ok
18:34:51.0506 9796 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:34:51.0511 9796 Dnscache - ok
18:34:51.0547 9796 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:34:51.0552 9796 dot3svc - ok
18:34:51.0588 9796 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:34:51.0593 9796 DPS - ok
18:34:51.0627 9796 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:34:51.0629 9796 drmkaud - ok
18:34:51.0676 9796 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:34:51.0696 9796 DXGKrnl - ok
18:34:51.0724 9796 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:34:51.0727 9796 EapHost - ok
18:34:51.0809 9796 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:34:51.0889 9796 ebdrv - ok
18:34:51.0954 9796 [ 579A6B6135D32B857FAF0E3A974535D8 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:34:51.0961 9796 eeCtrl - ok
18:34:51.0991 9796 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:34:51.0994 9796 EFS - ok
18:34:52.0055 9796 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:34:52.0064 9796 ehRecvr - ok
18:34:52.0084 9796 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:34:52.0087 9796 ehSched - ok
18:34:52.0139 9796 [ B8EAC99B14772BDC36CA963AED109FA2 ] ElRawDisk C:\Windows\system32\drivers\rsdrv.sys
18:34:52.0141 9796 ElRawDisk - ok
18:34:52.0165 9796 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:34:52.0172 9796 elxstor - ok
18:34:52.0226 9796 [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv C:\Windows\system32\epmntdrv.sys
18:34:52.0229 9796 epmntdrv - ok
18:34:52.0298 9796 [ 028D50F059BD0D2CCB209E9011B9A9A4 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:34:52.0301 9796 EraserUtilRebootDrv - ok
18:34:52.0333 9796 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:34:52.0336 9796 ErrDev - ok
18:34:52.0410 9796 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
18:34:52.0412 9796 EuGdiDrv - ok
18:34:52.0446 9796 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:34:52.0457 9796 EventSystem - ok
18:34:52.0508 9796 [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
18:34:52.0514 9796 ewusbmbb - ok
18:34:52.0562 9796 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
18:34:52.0565 9796 ew_hwusbdev - ok
18:34:52.0608 9796 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:34:52.0612 9796 exfat - ok
18:34:52.0639 9796 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:34:52.0643 9796 fastfat - ok
18:34:52.0689 9796 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:34:52.0698 9796 Fax - ok
18:34:52.0709 9796 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:34:52.0711 9796 fdc - ok
18:34:52.0734 9796 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:34:52.0736 9796 fdPHost - ok
18:34:52.0746 9796 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:34:52.0749 9796 FDResPub - ok
18:34:52.0758 9796 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:34:52.0761 9796 FileInfo - ok
18:34:52.0773 9796 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:34:52.0775 9796 Filetrace - ok
18:34:52.0779 9796 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:34:52.0780 9796 flpydisk - ok
18:34:52.0797 9796 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:34:52.0801 9796 FltMgr - ok
18:34:52.0849 9796 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:34:52.0874 9796 FontCache - ok
18:34:52.0928 9796 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:34:52.0929 9796 FontCache3.0.0.0 - ok
18:34:52.0939 9796 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:34:52.0942 9796 FsDepends - ok
18:34:52.0978 9796 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
18:34:52.0981 9796 FsUsbExDisk - ok
18:34:53.0013 9796 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:34:53.0014 9796 Fs_Rec - ok
18:34:53.0056 9796 [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
18:34:53.0061 9796 FTDIBUS - ok
18:34:53.0075 9796 [ 48BFD1BA45C9C9E7AB339E25ABFBA1D2 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
18:34:53.0078 9796 FTSER2K - ok
18:34:53.0107 9796 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:34:53.0111 9796 fvevol - ok
18:34:53.0147 9796 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:34:53.0151 9796 gagp30kx - ok
18:34:53.0189 9796 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:34:53.0190 9796 GEARAspiWDM - ok
18:34:53.0238 9796 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:34:53.0256 9796 gpsvc - ok
18:34:53.0263 9796 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:34:53.0264 9796 hcw85cir - ok
18:34:53.0297 9796 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:34:53.0303 9796 HdAudAddService - ok
18:34:53.0322 9796 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:34:53.0325 9796 HDAudBus - ok
18:34:53.0363 9796 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
18:34:53.0365 9796 HECI - ok
18:34:53.0371 9796 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:34:53.0373 9796 HidBatt - ok
18:34:53.0390 9796 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:34:53.0392 9796 HidBth - ok
18:34:53.0425 9796 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:34:53.0428 9796 HidIr - ok
18:34:53.0443 9796 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:34:53.0445 9796 hidserv - ok
18:34:53.0485 9796 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:34:53.0487 9796 HidUsb - ok
18:34:53.0524 9796 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:34:53.0528 9796 hkmsvc - ok
18:34:53.0540 9796 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:34:53.0545 9796 HomeGroupListener - ok
18:34:53.0575 9796 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:34:53.0580 9796 HomeGroupProvider - ok
18:34:53.0612 9796 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:34:53.0614 9796 HpSAMD - ok
18:34:53.0654 9796 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
18:34:53.0663 9796 HsfXAudioService - ok
18:34:53.0713 9796 [ 227C3BA25012752BB7450235392C719F ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:34:53.0739 9796 HSF_DPV - ok
18:34:53.0767 9796 [ 4DF5C76302DC2F8F3465966C8426A292 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:34:53.0772 9796 HSXHWAZL - ok
18:34:53.0815 9796 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:34:53.0823 9796 HTTP - ok
18:34:53.0859 9796 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
18:34:53.0862 9796 huawei_enumerator - ok
18:34:53.0932 9796 [ F547F862B8907F1BCBD9B72A72A6449E ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:34:53.0937 9796 hwdatacard - ok
18:34:54.0016 9796 HWDeviceService.exe - ok
18:34:54.0053 9796 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:34:54.0054 9796 hwpolicy - ok
18:34:54.0129 9796 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:34:54.0132 9796 i8042prt - ok
18:34:54.0164 9796 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:34:54.0166 9796 iaStor - ok
18:34:54.0194 9796 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:34:54.0200 9796 iaStorV - ok
18:34:54.0305 9796 [ 38106C7BD34EAE89D2769AC0BA2E846B ] Idea Net Setter. RunOuc C:\Program Files\Idea Net Setter\UpdateDog\ouc.exe
18:34:54.0310 9796 Idea Net Setter. RunOuc - ok
18:34:54.0375 9796 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:34:54.0380 9796 idsvc - ok
18:34:54.0602 9796 [ 40F8A0F85BCE94F766808AEEE8F96FA8 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:34:54.0776 9796 igfx - ok
18:34:54.0803 9796 ihmphnev - ok
18:34:54.0842 9796 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:34:54.0844 9796 iirsp - ok
18:34:54.0897 9796 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:34:54.0914 9796 IKEEXT - ok
18:34:54.0950 9796 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:34:54.0954 9796 Impcd - ok
18:34:55.0003 9796 [ 987A2CC8EC0E86CAA2D8068B1ED7B441 ] InstallFilterService C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
18:34:55.0004 9796 InstallFilterService - ok
18:34:55.0049 9796 [ 58AD25D624AF3A05DA5BE3E5739F01BF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:34:55.0055 9796 IntcDAud - ok
18:34:55.0069 9796 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:34:55.0072 9796 intelide - ok
18:34:55.0098 9796 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:34:55.0101 9796 intelppm - ok
18:34:55.0131 9796 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:34:55.0134 9796 IPBusEnum - ok
18:34:55.0145 9796 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:34:55.0147 9796 IpFilterDriver - ok
18:34:55.0197 9796 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:34:55.0205 9796 iphlpsvc - ok
18:34:55.0238 9796 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:34:55.0241 9796 IPMIDRV - ok
18:34:55.0251 9796 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:34:55.0254 9796 IPNAT - ok
18:34:55.0315 9796 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:34:55.0320 9796 iPod Service - ok
18:34:55.0337 9796 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:34:55.0339 9796 IRENUM - ok
18:34:55.0354 9796 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:34:55.0357 9796 isapnp - ok
18:34:55.0372 9796 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:34:55.0377 9796 iScsiPrt - ok
18:34:55.0433 9796 [ 994EBB45C4B438E1F6EA0B958AE9B9A3 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
18:34:55.0435 9796 ivusb - ok
18:34:55.0459 9796 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:34:55.0463 9796 kbdclass - ok
18:34:55.0482 9796 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:34:55.0486 9796 kbdhid - ok
18:34:55.0507 9796 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:34:55.0508 9796 KeyIso - ok
18:34:55.0551 9796 [ F4647BB23DB9038A7536CF6B68F4207F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:34:55.0554 9796 KSecDD - ok
18:34:55.0568 9796 [ E73CAE53BBB72BA26918492C6B4C229D ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:34:55.0573 9796 KSecPkg - ok
18:34:55.0594 9796 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:34:55.0597 9796 KtmRm - ok
18:34:55.0615 9796 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:34:55.0621 9796 LanmanServer - ok
18:34:55.0661 9796 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:34:55.0665 9796 LanmanWorkstation - ok
18:34:55.0822 9796 [ 9E25FFBA1EE26ABFE7B9319F8EF3F771 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:34:55.0850 9796 LiveUpdate - ok
18:34:55.0890 9796 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:34:55.0892 9796 lltdio - ok
18:34:55.0921 9796 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:34:55.0924 9796 lltdsvc - ok
18:34:55.0939 9796 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:34:55.0942 9796 lmhosts - ok
18:34:55.0988 9796 LMIInfo - ok
18:34:56.0040 9796 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
18:34:56.0041 9796 lmimirr - ok
18:34:56.0059 9796 LMIRfsClientNP - ok
18:34:56.0134 9796 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
18:34:56.0135 9796 LMIRfsDriver - ok
18:34:56.0158 9796 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:34:56.0161 9796 LSI_FC - ok
18:34:56.0184 9796 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:34:56.0187 9796 LSI_SAS - ok
18:34:56.0205 9796 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:34:56.0207 9796 LSI_SAS2 - ok
18:34:56.0218 9796 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:34:56.0221 9796 LSI_SCSI - ok
18:34:56.0242 9796 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:34:56.0244 9796 luafv - ok
18:34:56.0302 9796 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:34:56.0304 9796 MBAMProtector - ok
18:34:56.0377 9796 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:34:56.0381 9796 MBAMService - ok
18:34:56.0424 9796 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
18:34:56.0427 9796 MBAMSwissArmy - ok
18:34:56.0581 9796 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:34:56.0584 9796 Mcx2Svc - ok
18:34:56.0613 9796 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:34:56.0614 9796 mdmxsdk - ok
18:34:56.0641 9796 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:34:56.0643 9796 megasas - ok
18:34:56.0674 9796 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:34:56.0679 9796 MegaSR - ok
18:34:56.0776 9796 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:34:56.0779 9796 Microsoft Office Groove Audit Service - ok
18:34:56.0807 9796 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:34:56.0811 9796 MMCSS - ok
18:34:56.0826 9796 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:34:56.0829 9796 Modem - ok
18:34:56.0850 9796 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:34:56.0851 9796 monitor - ok
18:34:56.0871 9796 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:34:56.0874 9796 mouclass - ok
18:34:56.0914 9796 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:34:56.0917 9796 mouhid - ok
18:34:56.0953 9796 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:34:56.0956 9796 mountmgr - ok
18:34:56.0985 9796 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:34:56.0988 9796 mpio - ok
18:34:57.0006 9796 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:34:57.0009 9796 mpsdrv - ok
18:34:57.0049 9796 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:34:57.0066 9796 MpsSvc - ok
18:34:57.0095 9796 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:34:57.0098 9796 MRxDAV - ok
18:34:57.0169 9796 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:34:57.0176 9796 mrxsmb - ok
18:34:57.0240 9796 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:34:57.0247 9796 mrxsmb10 - ok
18:34:57.0282 9796 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:34:57.0286 9796 mrxsmb20 - ok
18:34:57.0300 9796 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
18:34:57.0302 9796 msahci - ok
18:34:57.0320 9796 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:34:57.0322 9796 msdsm - ok
18:34:57.0339 9796 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:34:57.0342 9796 MSDTC - ok
18:34:57.0358 9796 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:34:57.0359 9796 Msfs - ok
18:34:57.0372 9796 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:34:57.0374 9796 mshidkmdf - ok
18:34:57.0410 9796 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:34:57.0411 9796 msisadrv - ok
18:34:57.0438 9796 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:34:57.0440 9796 MSiSCSI - ok
18:34:57.0445 9796 msiserver - ok
18:34:57.0470 9796 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:34:57.0472 9796 MSKSSRV - ok
18:34:57.0481 9796 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:34:57.0483 9796 MSPCLOCK - ok
18:34:57.0492 9796 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:34:57.0494 9796 MSPQM - ok
18:34:57.0513 9796 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:34:57.0517 9796 MsRPC - ok
18:34:57.0524 9796 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:34:57.0525 9796 mssmbios - ok
18:34:57.0535 9796 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:34:57.0537 9796 MSTEE - ok
18:34:57.0553 9796 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:34:57.0555 9796 MTConfig - ok
18:34:57.0570 9796 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:34:57.0572 9796 Mup - ok
18:34:57.0609 9796 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:34:57.0616 9796 napagent - ok
18:34:57.0646 9796 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:34:57.0651 9796 NativeWifiP - ok
18:34:57.0793 9796 [ 862F55824AC81295837B0AB63F91071F ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120311.017\NAVENG.SYS
18:34:57.0798 9796 NAVENG - ok
18:34:57.0843 9796 [ 529D571B551CB9DA44237389B936F1AE ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120311.017\NAVEX15.SYS
18:34:57.0877 9796 NAVEX15 - ok
18:34:57.0897 9796 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:34:57.0914 9796 NDIS - ok
18:34:57.0942 9796 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:34:57.0945 9796 NdisCap - ok
18:34:57.0963 9796 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:34:57.0964 9796 NdisTapi - ok
18:34:58.0000 9796 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:34:58.0002 9796 Ndisuio - ok
18:34:58.0036 9796 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:34:58.0039 9796 NdisWan - ok
18:34:58.0073 9796 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:34:58.0076 9796 NDProxy - ok
18:34:58.0109 9796 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
18:34:58.0111 9796 Netaapl - ok
18:34:58.0125 9796 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:34:58.0131 9796 NetBIOS - ok
18:34:58.0193 9796 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:34:58.0197 9796 NetBT - ok
18:34:58.0205 9796 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:34:58.0207 9796 Netlogon - ok
18:34:58.0251 9796 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:34:58.0256 9796 Netman - ok
18:34:58.0273 9796 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:34:58.0280 9796 netprofm - ok
18:34:58.0307 9796 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:34:58.0308 9796 NetTcpPortSharing - ok
18:34:58.0341 9796 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:34:58.0343 9796 nfrd960 - ok
18:34:58.0380 9796 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:34:58.0385 9796 NlaSvc - ok
18:34:58.0434 9796 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
18:34:58.0436 9796 nmwcd - ok
18:34:58.0487 9796 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
18:34:58.0490 9796 nmwcdc - ok
18:34:58.0533 9796 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
18:34:58.0537 9796 nmwcdnsu - ok
18:34:58.0561 9796 [ D23257682D349A5E2E4507ED33DECC16 ] nmwcdnsuc C:\Windows\system32\drivers\nmwcdnsuc.sys
18:34:58.0563 9796 nmwcdnsuc - ok
18:34:58.0577 9796 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:34:58.0580 9796 Npfs - ok
18:34:58.0601 9796 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:34:58.0604 9796 nsi - ok
18:34:58.0611 9796 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:34:58.0612 9796 nsiproxy - ok
18:34:58.0666 9796 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:34:58.0692 9796 Ntfs - ok
18:34:58.0706 9796 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:34:58.0707 9796 Null - ok
18:34:58.0737 9796 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:34:58.0740 9796 nvraid - ok
18:34:58.0764 9796 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:34:58.0768 9796 nvstor - ok
18:34:58.0785 9796 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:34:58.0788 9796 nv_agp - ok
18:34:58.0900 9796 [ C456ED2D576B0FB20754A7EDE3D4C058 ] NWSAPAutoWorkstationUpdateSvc C:\Program Files\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
18:34:58.0904 9796 NWSAPAutoWorkstationUpdateSvc - ok
18:34:58.0984 9796 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:34:58.0987 9796 odserv - ok
18:34:59.0002 9796 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:34:59.0005 9796 ohci1394 - ok
18:34:59.0032 9796 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:34:59.0033 9796 ose - ok
18:34:59.0067 9796 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:34:59.0074 9796 p2pimsvc - ok
18:34:59.0091 9796 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:34:59.0098 9796 p2psvc - ok
18:34:59.0136 9796 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:34:59.0139 9796 Parport - ok
18:34:59.0164 9796 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:34:59.0167 9796 partmgr - ok
18:34:59.0177 9796 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:34:59.0178 9796 Parvdm - ok
18:34:59.0196 9796 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:34:59.0201 9796 PcaSvc - ok
18:34:59.0218 9796 pccsmcfd - ok
18:34:59.0254 9796 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:34:59.0258 9796 pci - ok
18:34:59.0276 9796 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:34:59.0278 9796 pciide - ok
18:34:59.0295 9796 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:34:59.0300 9796 pcmcia - ok
18:34:59.0309 9796 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:34:59.0311 9796 pcw - ok
18:34:59.0334 9796 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:34:59.0344 9796 PEAUTH - ok
18:34:59.0374 9796 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:34:59.0400 9796 PeerDistSvc - ok
18:34:59.0462 9796 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:34:59.0497 9796 pla - ok
18:34:59.0549 9796 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:34:59.0556 9796 PlugPlay - ok
18:34:59.0567 9796 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:34:59.0571 9796 PNRPAutoReg - ok
18:34:59.0587 9796 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:34:59.0590 9796 PNRPsvc - ok
18:34:59.0611 9796 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:34:59.0617 9796 PolicyAgent - ok
18:34:59.0657 9796 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:34:59.0661 9796 Power - ok
18:34:59.0691 9796 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:34:59.0694 9796 PptpMiniport - ok
18:34:59.0788 9796 [ 2A4514A9233D35A355F569FF8B8F6240 ] prepdrvr C:\Windows\system32\CCM\prepdrv.sys
18:34:59.0791 9796 prepdrvr - ok
18:34:59.0810 9796 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:34:59.0813 9796 Processor - ok
18:34:59.0839 9796 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
18:34:59.0844 9796 ProfSvc - ok
18:34:59.0856 9796 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:34:59.0858 9796 ProtectedStorage - ok
18:34:59.0873 9796 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:34:59.0876 9796 Psched - ok
18:34:59.0929 9796 [ 681AE4F1927FE0FDEEE2863F1684088D ] pwdrvio C:\Windows\system32\pwdrvio.sys
18:34:59.0932 9796 pwdrvio - ok
18:34:59.0978 9796 [ BC60895CE021309EBD887D2F22055654 ] pwdspio C:\Windows\system32\pwdspio.sys
18:34:59.0981 9796 pwdspio - ok
18:35:00.0019 9796 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:35:00.0047 9796 ql2300 - ok
18:35:00.0078 9796 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:35:00.0081 9796 ql40xx - ok
18:35:00.0107 9796 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:35:00.0113 9796 QWAVE - ok
18:35:00.0130 9796 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:35:00.0133 9796 QWAVEdrv - ok
18:35:00.0240 9796 [ 2294BB505B9790B7C211475EBAB81269 ] RadeHlprSvc C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe
18:35:00.0242 9796 RadeHlprSvc - ok
18:35:00.0271 9796 [ B1C266440058E771A3F2036EF1C9A43C ] RadeSvc C:\Program Files\Citrix\Streaming Client\RadeSvc.exe
18:35:00.0277 9796 RadeSvc - ok
18:35:00.0291 9796 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:35:00.0294 9796 RasAcd - ok
18:35:00.0324 9796 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:35:00.0326 9796 RasAgileVpn - ok
18:35:00.0336 9796 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:35:00.0341 9796 RasAuto - ok
18:35:00.0357 9796 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:35:00.0360 9796 Rasl2tp - ok
18:35:00.0412 9796 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:35:00.0419 9796 RasMan - ok
18:35:00.0434 9796 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:35:00.0436 9796 RasPppoe - ok
18:35:00.0457 9796 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:35:00.0460 9796 RasSstp - ok
18:35:00.0480 9796 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:35:00.0485 9796 rdbss - ok
18:35:00.0496 9796 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:35:00.0498 9796 rdpbus - ok
18:35:00.0529 9796 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:35:00.0530 9796 RDPCDD - ok
18:35:00.0551 9796 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:35:00.0555 9796 RDPDR - ok
18:35:00.0577 9796 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:35:00.0578 9796 RDPENCDD - ok
18:35:00.0588 9796 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:35:00.0589 9796 RDPREFMP - ok
18:35:00.0622 9796 [ 244C83332F44589AE98FC347F11B2693 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:35:00.0627 9796 RDPWD - ok
18:35:00.0661 9796 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:35:00.0665 9796 rdyboost - ok
18:35:00.0699 9796 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:35:00.0703 9796 RemoteAccess - ok
18:35:00.0721 9796 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:35:00.0725 9796 RemoteRegistry - ok
18:35:00.0759 9796 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:35:00.0762 9796 RFCOMM - ok
18:35:00.0790 9796 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:35:00.0793 9796 RpcEptMapper - ok
18:35:00.0816 9796 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:35:00.0819 9796 RpcLocator - ok
18:35:00.0857 9796 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:35:00.0861 9796 RpcSs - ok
18:35:00.0881 9796 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:35:00.0884 9796 rspndr - ok
18:35:00.0915 9796 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:35:00.0918 9796 s3cap - ok
18:35:00.0930 9796 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:35:00.0932 9796 SamSs - ok
18:35:01.0064 9796 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
18:35:01.0079 9796 SBAMSvc - ok
18:35:01.0130 9796 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
18:35:01.0133 9796 sbapifs - ok
18:35:01.0189 9796 [ 1AFD7178AB9C4FCE2D332DA7AA474FA6 ] sbhips C:\Windows\system32\drivers\sbhips.sys
18:35:01.0192 9796 sbhips - ok
18:35:01.0217 9796 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:35:01.0220 9796 sbp2port - ok
18:35:01.0247 9796 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
18:35:01.0249 9796 SBRE - ok
18:35:01.0272 9796 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:35:01.0278 9796 SCardSvr - ok
18:35:01.0302 9796 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:35:01.0306 9796 scfilter - ok
18:35:01.0353 9796 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:35:01.0373 9796 Schedule - ok
18:35:01.0410 9796 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:35:01.0411 9796 SCPolicySvc - ok
18:35:01.0430 9796 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:35:01.0433 9796 sdbus - ok
18:35:01.0445 9796 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:35:01.0449 9796 SDRSVC - ok
18:35:01.0545 9796 [ D98E936BDD4A6CFE39535F3696D0EC6F ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
18:35:01.0555 9796 SDScannerService - ok
18:35:01.0614 9796 [ 2D5088524613D1ED55D20195AF42DDC7 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
18:35:01.0624 9796 SDUpdateService - ok
18:35:01.0664 9796 [ 59DCE6783F9ED27EB72C81466E363BF8 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
18:35:01.0665 9796 SDWSCService - ok
18:35:01.0689 9796 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:35:01.0690 9796 secdrv - ok
18:35:01.0710 9796 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:35:01.0713 9796 seclogon - ok
18:35:01.0727 9796 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:35:01.0730 9796 SENS - ok
18:35:01.0759 9796 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:35:01.0762 9796 SensrSvc - ok
18:35:01.0791 9796 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:35:01.0793 9796 Serenum - ok
18:35:01.0811 9796 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:35:01.0815 9796 Serial - ok
18:35:01.0848 9796 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:35:01.0850 9796 sermouse - ok
18:35:01.0896 9796 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:35:01.0900 9796 SessionEnv - ok
18:35:01.0911 9796 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:35:01.0914 9796 sffdisk - ok
18:35:01.0927 9796 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:35:01.0930 9796 sffp_mmc - ok
18:35:01.0944 9796 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:35:01.0946 9796 sffp_sd - ok
18:35:01.0962 9796 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:35:01.0964 9796 sfloppy - ok
18:35:02.0008 9796 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:35:02.0014 9796 SharedAccess - ok
18:35:02.0058 9796 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:35:02.0065 9796 ShellHWDetection - ok
18:35:02.0077 9796 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:35:02.0079 9796 sisagp - ok
18:35:02.0098 9796 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:35:02.0100 9796 SiSRaid2 - ok
18:35:02.0111 9796 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:35:02.0113 9796 SiSRaid4 - ok
18:35:02.0144 9796 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:35:02.0147 9796 Smb - ok
18:35:02.0228 9796 [ 16176075021462D37EDABB98DEA753D0 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
18:35:02.0277 9796 SmcService - ok
18:35:02.0307 9796 smstsmgr - ok
18:35:02.0341 9796 [ 1C48F2DF2CF97504169E63C37A2818B2 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
18:35:02.0343 9796 SNAC - ok
18:35:02.0394 9796 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:35:02.0397 9796 SNMPTRAP - ok
18:35:02.0467 9796 [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:35:02.0473 9796 SPBBCDrv - ok
18:35:02.0488 9796 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:35:02.0489 9796 spldr - ok
18:35:02.0527 9796 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
18:35:02.0530 9796 Spooler - ok
18:35:02.0618 9796 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:35:02.0700 9796 sppsvc - ok
18:35:02.0752 9796 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:35:02.0758 9796 sppuinotify - ok
18:35:02.0796 9796 [ 620BBCC5C4C4407447866793C36E1215 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
18:35:02.0804 9796 SRTSP - ok
18:35:02.0820 9796 [ 995E15DE499CA58445E39A2FBA7D170E ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
18:35:02.0828 9796 SRTSPL - ok
18:35:02.0845 9796 [ 1B63F794F283B974A79084514DF206A0 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
18:35:02.0848 9796 SRTSPX - ok
18:35:02.0892 9796 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:35:02.0898 9796 srv - ok
18:35:02.0913 9796 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:35:02.0918 9796 srv2 - ok
18:35:02.0951 9796 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:35:02.0956 9796 SrvHsfHDA - ok
18:35:02.0983 9796 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:35:03.0009 9796 SrvHsfV92 - ok
18:35:03.0037 9796 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:35:03.0054 9796 SrvHsfWinac - ok
18:35:03.0076 9796 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:35:03.0079 9796 srvnet - ok
18:35:03.0115 9796 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
18:35:03.0119 9796 sscdbus - ok
18:35:03.0156 9796 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:35:03.0158 9796 sscdmdfl - ok
18:35:03.0175 9796 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
18:35:03.0178 9796 sscdmdm - ok
18:35:03.0207 9796 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:35:03.0212 9796 SSDPSRV - ok
18:35:03.0224 9796 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:35:03.0228 9796 SstpSvc - ok
18:35:03.0355 9796 [ 7AEFC130355AA99307B31EE678614380 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
18:35:03.0357 9796 STacSV - ok
18:35:03.0413 9796 [ A5B83C8050572622E5C43B5B3326A129 ] stdflt C:\Windows\system32\DRIVERS\stdfltn.sys
18:35:03.0414 9796 stdflt - ok
18:35:03.0440 9796 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:35:03.0443 9796 stexstor - ok
18:35:03.0498 9796 [ EC4B4125BA14F7436B1740F63F7BFF21 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
18:35:03.0506 9796 STHDA - ok
18:35:03.0548 9796 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:35:03.0568 9796 StiSvc - ok
18:35:03.0593 9796 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:35:03.0595 9796 storflt - ok
18:35:03.0628 9796 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
18:35:03.0632 9796 StorSvc - ok
18:35:03.0653 9796 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:35:03.0656 9796 storvsc - ok
18:35:03.0668 9796 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:35:03.0670 9796 swenum - ok
18:35:03.0697 9796 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:35:03.0704 9796 swprv - ok
18:35:03.0741 9796 [ DC358448CD60F6739C58361A0A5FDA0B ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
18:35:03.0751 9796 Symantec AntiVirus - ok
18:35:03.0789 9796 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
18:35:03.0792 9796 SymEvent - ok
18:35:03.0805 9796 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
18:35:03.0806 9796 SYMREDRV - ok
18:35:03.0827 9796 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
18:35:03.0832 9796 SYMTDI - ok
18:35:03.0880 9796 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:35:03.0906 9796 SysMain - ok
18:35:03.0943 9796 [ C8F9EB4AC42740D036B0B9F0809B335B ] SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys
18:35:03.0946 9796 SysPlant - ok
18:35:03.0970 9796 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:35:03.0974 9796 TabletInputService - ok
18:35:04.0012 9796 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:35:04.0018 9796 TapiSrv - ok
18:35:04.0034 9796 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:35:04.0038 9796 TBS - ok
18:35:04.0091 9796 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:35:04.0117 9796 Tcpip - ok
18:35:04.0166 9796 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:35:04.0173 9796 TCPIP6 - ok
18:35:04.0219 9796 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:35:04.0222 9796 tcpipreg - ok
18:35:04.0277 9796 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:35:04.0279 9796 TDPIPE - ok
18:35:04.0309 9796 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:35:04.0310 9796 TDTCP - ok
18:35:04.0348 9796 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:35:04.0351 9796 tdx - ok
18:35:04.0490 9796 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
18:35:04.0505 9796 TeamViewer7 - ok
18:35:04.0561 9796 [ 8F9BF086FED2C7C076A7A4B8E8A24FE9 ] Teefer3 C:\Windows\system32\DRIVERS\Teefer3.sys
18:35:04.0564 9796 Teefer3 - ok
18:35:04.0572 9796 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:35:04.0575 9796 TermDD - ok
18:35:04.0624 9796 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:35:04.0634 9796 TermService - ok
18:35:04.0661 9796 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:35:04.0667 9796 Themes - ok
18:35:04.0688 9796 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:35:04.0691 9796 THREADORDER - ok
18:35:04.0708 9796 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:35:04.0712 9796 TrkWks - ok
18:35:04.0771 9796 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:35:04.0775 9796 TrustedInstaller - ok
18:35:04.0845 9796 [ 2EBD9DD2FC48D7252E226746D2894D40 ] TsLwWfF C:\Windows\system32\DRIVERS\TsLwWfF.sys
18:35:04.0846 9796 TsLwWfF - ok
18:35:04.0855 9796 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:35:04.0858 9796 tssecsrv - ok
18:35:04.0902 9796 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:35:04.0904 9796 TsUsbFlt - ok
18:35:04.0943 9796 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:35:04.0948 9796 tunnel - ok
18:35:05.0041 9796 [ E6E4F2901D2714D5697E51C6EA91D798 ] tvncserver_Pointdev C:\Windows\Pointdev\VNC\tvnserver.exe
18:35:05.0049 9796 tvncserver_Pointdev - ok
18:35:05.0081 9796 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:35:05.0084 9796 uagp35 - ok
18:35:05.0112 9796 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:35:05.0117 9796 udfs - ok
18:35:05.0219 9796 [ 5340AAA8E1C84686C01964694C2D52C9 ] UDisk Monitor C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
18:35:05.0223 9796 UDisk Monitor - ok
18:35:05.0257 9796 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:35:05.0261 9796 UI0Detect - ok
18:35:05.0297 9796 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:35:05.0299 9796 uliagpkx - ok
18:35:05.0339 9796 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
18:35:05.0341 9796 umbus - ok
18:35:05.0365 9796 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:35:05.0368 9796 UmPass - ok
18:35:05.0408 9796 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
18:35:05.0415 9796 UmRdpService - ok
18:35:05.0434 9796 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:35:05.0442 9796 upnphost - ok
18:35:05.0493 9796 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
18:35:05.0496 9796 upperdev - ok
18:35:05.0526 9796 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:35:05.0529 9796 USBAAPL - ok
18:35:05.0541 9796 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:35:05.0544 9796 usbccgp - ok
18:35:05.0575 9796 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:35:05.0578 9796 usbcir - ok
18:35:05.0590 9796 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:35:05.0593 9796 usbehci - ok
18:35:05.0610 9796 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:35:05.0615 9796 usbhub - ok
18:35:05.0629 9796 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:35:05.0631 9796 usbohci - ok
18:35:05.0636 9796 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:35:05.0638 9796 usbprint - ok
18:35:05.0679 9796 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
18:35:05.0681 9796 usbser - ok
18:35:05.0696 9796 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
18:35:05.0698 9796 UsbserFilt - ok
18:35:05.0711 9796 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:35:05.0714 9796 USBSTOR - ok
18:35:05.0727 9796 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:35:05.0730 9796 usbuhci - ok
18:35:05.0768 9796 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:35:05.0775 9796 usbvideo - ok
18:35:05.0808 9796 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:35:05.0811 9796 UxSms - ok
18:35:05.0823 9796 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:35:05.0825 9796 VaultSvc - ok
18:35:05.0858 9796 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:35:05.0860 9796 vdrvroot - ok
18:35:05.0898 9796 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:35:05.0908 9796 vds - ok
18:35:05.0942 9796 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:35:05.0944 9796 vga - ok
18:35:05.0965 9796 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:35:05.0966 9796 VgaSave - ok
18:35:06.0008 9796 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
18:35:06.0013 9796 vhdmp - ok
18:35:06.0044 9796 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:35:06.0047 9796 viaagp - ok
18:35:06.0062 9796 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:35:06.0065 9796 ViaC7 - ok
18:35:06.0076 9796 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:35:06.0079 9796 viaide - ok
18:35:06.0090 9796 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:35:06.0094 9796 vmbus - ok
18:35:06.0111 9796 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:35:06.0113 9796 VMBusHID - ok
18:35:06.0129 9796 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:35:06.0132 9796 volmgr - ok
18:35:06.0151 9796 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:35:06.0157 9796 volmgrx - ok
18:35:06.0173 9796 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:35:06.0179 9796 volsnap - ok
18:35:06.0291 9796 [ 3B98AB9849754CB88265111422441DF7 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
18:35:06.0295 9796 vpnagent - ok
18:35:06.0333 9796 [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
18:35:06.0335 9796 vpnva - ok
18:35:06.0364 9796 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:35:06.0368 9796 vsmraid - ok
18:35:06.0424 9796 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:35:06.0459 9796 VSS - ok
18:35:06.0473 9796 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:35:06.0474 9796 vwifibus - ok
18:35:06.0490 9796 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:35:06.0492 9796 vwififlt - ok
18:35:06.0503 9796 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:35:06.0504 9796 vwifimp - ok
18:35:06.0528 9796 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:35:06.0534 9796 W32Time - ok
18:35:06.0548 9796 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:35:06.0551 9796 WacomPen - ok
18:35:06.0567 9796 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:35:06.0570 9796 WANARP - ok
18:35:06.0574 9796 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:35:06.0576 9796 Wanarpv6 - ok
18:35:06.0647 9796 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:35:06.0654 9796 WatAdminSvc - ok
18:35:06.0690 9796 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:35:06.0716 9796 wbengine - ok
18:35:06.0729 9796 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:35:06.0735 9796 WbioSrvc - ok
18:35:06.0769 9796 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:35:06.0777 9796 wcncsvc - ok
18:35:06.0787 9796 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:35:06.0791 9796 WcsPlugInService - ok
18:35:06.0799 9796 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:35:06.0802 9796 Wd - ok
18:35:06.0848 9796 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
18:35:06.0851 9796 WDC_SAM - ok
18:35:06.0874 9796 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:35:06.0877 9796 Wdf01000 - ok
18:35:06.0895 9796 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:35:06.0899 9796 WdiServiceHost - ok
18:35:06.0903 9796 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:35:06.0906 9796 WdiSystemHost - ok
18:35:06.0951 9796 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:35:06.0958 9796 WebClient - ok
18:35:06.0970 9796 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:35:06.0977 9796 Wecsvc - ok
18:35:06.0989 9796 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:35:06.0993 9796 wercplsupport - ok
18:35:07.0015 9796 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:35:07.0019 9796 WerSvc - ok
18:35:07.0043 9796 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:35:07.0044 9796 WfpLwf - ok
18:35:07.0061 9796 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:35:07.0063 9796 WIMMount - ok
18:35:07.0112 9796 [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:35:07.0121 9796 winachsf - ok
18:35:07.0219 9796 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:35:07.0223 9796 WinDefend - ok
18:35:07.0229 9796 WinHttpAutoProxySvc - ok
18:35:07.0294 9796 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:35:07.0298 9796 Winmgmt - ok
18:35:07.0343 9796 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:35:07.0368 9796 WinRM - ok
18:35:07.0412 9796 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:35:07.0415 9796 WinUsb - ok
18:35:07.0447 9796 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:35:07.0473 9796 Wlansvc - ok
18:35:07.0517 9796 [ 7FFF34AE69DFB80F7B190ABA31E00610 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
18:35:07.0518 9796 wltrysvc - ok
18:35:07.0539 9796 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:35:07.0540 9796 WmiAcpi - ok
18:35:07.0561 9796 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:35:07.0565 9796 wmiApSrv - ok
18:35:07.0652 9796 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:35:07.0682 9796 WMPNetworkSvc - ok
18:35:07.0703 9796 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:35:07.0708 9796 WPCSvc - ok
18:35:07.0754 9796 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:35:07.0758 9796 WPDBusEnum - ok
18:35:07.0787 9796 [ D81EF0D8716500A573CD82185EF3E42D ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
18:35:07.0790 9796 WPS - ok
18:35:07.0821 9796 [ FF983A25AE6F7D3F87F26BF51F02A201 ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
18:35:07.0826 9796 WpsHelper - ok
18:35:07.0847 9796 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:35:07.0850 9796 ws2ifsl - ok
18:35:07.0865 9796 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:35:07.0870 9796 wscsvc - ok
18:35:07.0876 9796 WSearch - ok
18:35:07.0954 9796 [ 3026418A50C5B4761BEFA632CEDB7406 ] wuauserv C:\Windows\system32\wuaueng.dll
18:35:08.0013 9796 wuauserv - ok
18:35:08.0026 9796 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:35:08.0029 9796 WudfPf - ok
18:35:08.0065 9796 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:35:08.0070 9796 WUDFRd - ok
18:35:08.0095 9796 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:35:08.0099 9796 wudfsvc - ok
18:35:08.0112 9796 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:35:08.0118 9796 WwanSvc - ok
18:35:08.0135 9796 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
18:35:08.0136 9796 XAudio - ok
18:35:08.0176 9796 [ 0032C7CD295FB084862785F219970329 ] ztemtusbser C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
18:35:08.0178 9796 ztemtusbser - ok
18:35:08.0234 9796 ================ Scan global ===============================
18:35:08.0273 9796 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:35:08.0306 9796 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:35:08.0316 9796 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:35:08.0338 9796 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:35:08.0363 9796 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:35:08.0367 9796 [Global] - ok
18:35:08.0368 9796 ================ Scan MBR ==================================
18:35:08.0379 9796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:35:08.0885 9796 \Device\Harddisk0\DR0 - ok
18:35:08.0885 9796 ================ Scan VBR ==================================
18:35:08.0888 9796 [ E75C5627759C3134F60C9F0EBE92EC35 ] \Device\Harddisk0\DR0\Partition1
18:35:08.0891 9796 \Device\Harddisk0\DR0\Partition1 - ok
18:35:08.0938 9796 [ 0719D258C5517088D3DC289527F187B6 ] \Device\Harddisk0\DR0\Partition2
18:35:08.0941 9796 \Device\Harddisk0\DR0\Partition2 - ok
18:35:08.0945 9796 [ 3FD734B7167884D4E34B2507225E2048 ] \Device\Harddisk0\DR0\Partition3
18:35:08.0947 9796 \Device\Harddisk0\DR0\Partition3 - ok
18:35:08.0972 9796 [ 6977B29A0916F9924CDC50434E2BE1A9 ] \Device\Harddisk0\DR0\Partition4
18:35:08.0975 9796 \Device\Harddisk0\DR0\Partition4 - ok
18:35:08.0975 9796 ============================================================
18:35:08.0975 9796 Scan finished
18:35:08.0975 9796 ============================================================
18:35:08.0987 5352 Detected object count: 0
18:35:08.0987 5352 Actual detected object count: 0


aswMBRaswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 18:31:59
-----------------------------
18:31:59.647 OS Version: Windows 6.1.7601 Service Pack 1
18:31:59.647 Number of processors: 4 586 0x2505
18:31:59.651 ComputerName: YH2148L UserName:
18:32:00.105 Initialize success
18:48:23.736 AVAST engine defs: 12090900
18:48:33.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:48:33.671 Disk 0 Vendor: ST925041 D005 Size: 238475MB BusType: 3
18:48:33.687 Disk 0 MBR read successfully
18:48:33.691 Disk 0 MBR scan
18:48:33.747 Disk 0 Windows 7 default MBR code
18:48:33.754 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 149 MB offset 63
18:48:33.777 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8118 MB offset 307200
18:48:33.800 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 50940 MB offset 16932864
18:48:33.811 Disk 0 Partition - 00 0F Extended LBA 179265 MB offset 121258620
18:48:33.835 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 67836 MB offset 121258683
18:48:33.847 Disk 0 Partition - 00 05 Extended 111426 MB offset 260194241
18:48:33.875 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 111426 MB offset 260194304
18:48:33.890 Disk 0 scanning sectors +488394752
18:48:34.327 Disk 0 scanning C:\Windows\system32\drivers
18:48:57.362 Service scanning
18:49:29.456 Modules scanning
18:49:37.176 Disk 0 trace - called modules:
18:49:37.199 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll iaStor.sys
18:49:37.204 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87a32030]
18:49:37.210 3 CLASSPNP.SYS[897ad59e] -> nt!IofCallDriver -> [0x87a31760]
18:49:37.215 5 stdfltn.sys[8980170c] -> nt!IofCallDriver -> [0x862e6958]
18:49:37.220 7 ACPI.sys[890963d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x862b0028]
18:49:38.298 AVAST engine scan C:\Windows
18:49:41.194 AVAST engine scan C:\Windows\system32
18:50:43.107 File: C:\Windows\system32\hdwwiz4.dll **INFECTED** Win32:Malware-gen
18:55:00.642 AVAST engine scan C:\Windows\system32\drivers
18:55:21.891 AVAST engine scan C:\Users\Kiran.madhu
19:16:22.005 AVAST engine scan C:\ProgramData
19:19:57.278 Scan finished successfully
19:20:14.611 Disk 0 MBR has been saved successfully to "C:\Users\Kiran.madhu\Desktop\MBR.dat"
19:20:14.650 The log file has been saved successfully to "C:\Users\Kiran.madhu\Desktop\aswMBR.txt"
19:20:51.366 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
19:20:51.374 The log file has been saved successfully to "C:\aswMBR.txt"


i will post ESET online scanner shortly...

#4 Kiran Madhu

Kiran Madhu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 09 September 2012 - 12:16 PM

find the ESET LOg



C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application
C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application
C:\Users\Kiran.madhu\Downloads\VeohWebPlayerSetup_eng.exe multiple threats
C:\Users\Kiran.madhu\Downloads\ERW2.8.1\WirelessNetView.exe a variant of Win32/PSWTool.WirelessNetView.A application
G:\downloads\cnet2_iArtworkSetup_msi.exe a variant of Win32/InstallCore.D application
G:\downloads\installer_transcend_jetflash_2a_ts1gjf2a_mformat_utility.exe multiple threats
G:\downloads\Nuvva_Nena (1).exe multiple threats
G:\downloads\Nuvva_Nena.exe multiple threats
G:\downloads\OrbitSetup4.1.02.exe Win32/OpenCandy application
G:\downloads\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi application
G:\kiran\Bootable USB Windows ( XP Vista Win 7) Maker 2011\OPTION - 2 for XP and Vista\MULTI_CONTENT\wintools\othertools\ProduKey.exe Win32/PSWTool.ProductKey.126 application

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:26 PM

Posted 09 September 2012 - 12:17 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#6 Kiran Madhu

Kiran Madhu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 09 September 2012 - 11:32 PM

Please find below log

MBAM
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.09.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
kiran.madhu :: YH2148L [administrator]

Protection: Enabled

9/10/2012 12:24:43 AM
mbam-log-2012-09-10 (09-19-20).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 444913
Time elapsed: 1 hour(s), 40 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Kiran.madhu\Downloads\ERW2.8.1\scanport.exe (Backdoor.Agent.Gen) -> No action taken.

(end)

mini toolbox
MiniToolBox by Farbar Version: 23-07-2012
Ran by kiran.madhu (administrator) on 10-09-2012 at 09:37:12
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

10.6.20.4 yashsapecc6.sapyash.com
10.6.20.26 yhsapidscrm.sapyash.com
10.255.30.88 saperpdev01.xtium.com saperpdev01
10.255.30.86 saperpqa01.xtium.com saperpqa01
10.255.30.90 saperpprod01.xtium.com saperpprod01
10.61.4.145 VECCSANDBOX.RPEGA.COM VECCSANDBOX

10.255.30.89 sappidev01.xtium.com sappidev01
10.255.30.87 sappiqa01.xtium.com sappiqa01
10.255.30.91 sappiprod01.xtium.com sappiprod01
10.61.4.51 VPISANDBOX.RPEGA.com VPISANDBOX



10.6.20.31 yashcpgone.sapyash.com YASHCPGONE

10.6.20.19 yashsappi7 yashsappi7.sapyash.com
10.6.20.42 hydmiisrv hydmiisrv.sapyash.com

198.22.153.242 ra-guest.pega.com

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15259 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Connected)
Cisco Systems VPN Adapter = Local Area Connection 3 (Hardware not present)
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows = Local Area Connection 3 (Hardware not present)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=10.6.0.1 publish=Yes
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Bluetooth Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 3" forwarding=enabled advertise=enabled mtu=1300 metric=1 nud=enabled
set interface interface="Local Area Connection 3" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection" address=10.6.18.67 mask=255.255.0.0
add address name="Wireless Network Connection 2" address=192.168.129.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : YH2148L
Primary Dns Suffix . . . . . . . : Yash.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Yash.com

PPP adapter Reliance Netconnect+:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Reliance Netconnect+
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 115.240.84.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 220.226.100.40
220.226.6.104
NetBIOS over Tcpip. . . . . . . . : Disabled

Wireless LAN adapter Wireless Network Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 1C-65-9D-69-0E-EB
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9de6:c15c:a56f:af8b%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.129.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 891053469
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-AD-70-D3-F0-4D-A2-9A-72-8B
DNS Servers . . . . . . . . . . . : 192.168.129.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 1C-65-9D-69-0E-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 1C-65-9D-4E-BF-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : F0-4D-A2-9A-72-8B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0873C878-879E-4708-B713-88F50DB32A04}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{89C13DBF-BC8B-4FB9-92E2-1834A3E86118}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:73f0:5474::73f0:5474(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 220.226.100.40
220.226.6.104
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{40CEAC80-F058-4994-B9E2-888E9A5B3233}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8c2:b5d:8c0f:f258(Preferred)
Link-local IPv6 Address . . . . . : fe80::8c2:b5d:8c0f:f258%33(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{641B4E40-1548-485C-B6B8-6B31EDA263E2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0AE41EAE-969D-4380-9059-5A522BCE5B40}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 220.226.100.40

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 220.226.100.40

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 220.226.100.40

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=12ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 12ms, Average = 7ms
===========================================================================
Interface List
78...........................Reliance Netconnect+
14...1c 65 9d 69 0e eb ......Microsoft Virtual WiFi Miniport Adapter
13...1c 65 9d 69 0e eb ......DW1501 Wireless-N WLAN Half-Mini Card
11...1c 65 9d 4e bf 7f ......Bluetooth Device (Personal Area Network)
10...f0 4d a2 9a 72 8b ......Broadcom NetXtreme 57xx Gigabit Controller
1...........................Software Loopback Interface 1
38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
42...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
41...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
39...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
33...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
40...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 On-link 115.240.84.116 41
115.240.84.116 255.255.255.255 On-link 115.240.84.116 296
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
192.168.129.0 255.255.255.0 On-link 192.168.129.1 4486
192.168.129.1 255.255.255.255 On-link 192.168.129.1 4486
192.168.129.255 255.255.255.255 On-link 192.168.129.1 4486
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 192.168.129.1 4487
224.0.0.0 240.0.0.0 On-link 115.240.84.116 41
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 192.168.129.1 4486
255.255.255.255 255.255.255.255 On-link 115.240.84.116 296
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.6.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
41 1140 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
33 58 2001::/32 On-link
33 306 2001:0:4137:9e76:8c2:b5d:8c0f:f258/128
On-link
41 1040 2002::/16 On-link
41 296 2002:73f0:5474::73f0:5474/128
On-link
14 261 fe80::/64 On-link
33 306 fe80::/64 On-link
33 306 fe80::8c2:b5d:8c0f:f258/128
On-link
14 261 fe80::9de6:c15c:a56f:af8b/128
On-link
1 306 ff00::/8 On-link
33 306 ff00::/8 On-link
14 261 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 50 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 51 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 52 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 53 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 54 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 55 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 56 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 57 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 58 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 59 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/10/2012 09:28:29 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/10/2012 09:28:29 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/10/2012 09:28:29 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (09/10/2012 09:19:25 AM) (Source: RasClient) (User: )
Description: CoId={F6C4954E-ABAD-4797-BEF8-386B21FB8E72}: The user YASH\kiran.madhu dialed a connection named Reliance Netconnect+ which has failed. The error code returned on failure is 680.

Error: (09/10/2012 09:19:01 AM) (Source: RasClient) (User: )
Description: CoId={B40084A1-CE65-4C26-8635-4DA2A4F60511}: The user YASH\kiran.madhu dialed a connection named Reliance Netconnect+ which has failed. The error code returned on failure is 633.

Error: (09/10/2012 09:18:43 AM) (Source: RasClient) (User: )
Description: CoId={A455876A-5151-4C60-9929-454AA0037691}: The user YASH\kiran.madhu dialed a connection named Reliance Netconnect+ which has failed. The error code returned on failure is 633.

Error: (09/10/2012 00:22:52 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/10/2012 00:22:52 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/10/2012 00:22:52 AM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (09/09/2012 07:15:43 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (09/10/2012 09:35:12 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/10/2012 09:34:26 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.

Error: (09/10/2012 09:34:23 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/10/2012 09:34:19 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/10/2012 09:33:29 AM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (09/10/2012 09:31:27 AM) (Source: Microsoft-Windows-GroupPolicy) (User: YASH)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/10/2012 09:30:27 AM) (Source: ipnathlp) (User: )
Description: 192.168.129.1192.168.2.0255.255.255.0

Error: (09/10/2012 09:29:27 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service depends on the Security Center service which failed to start because of the following error:
%%1058

Error: (09/10/2012 09:29:06 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/10/2012 09:29:05 AM) (Source: Service Control Manager) (User: )
Description: The Idea Net Setter. OUC service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (07/31/2012 02:09:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28618 seconds with 480 seconds of active time. This session ended with a crash.

Error: (07/27/2012 00:34:05 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1691 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/11/2012 07:24:12 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 26774 seconds with 1320 seconds of active time. This session ended with a crash.

Error: (07/04/2012 02:28:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28794 seconds with 4080 seconds of active time. This session ended with a crash.

Error: (06/29/2012 01:22:31 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37066 seconds with 1440 seconds of active time. This session ended with a crash.

Error: (06/15/2012 09:03:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71834 seconds with 1380 seconds of active time. This session ended with a crash.

Error: (06/08/2012 10:48:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 107459 seconds with 2460 seconds of active time. This session ended with a crash.

Error: (05/30/2012 03:06:24 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32865 seconds with 1080 seconds of active time. This session ended with a crash.

Error: (05/22/2012 00:49:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 29340 seconds with 6120 seconds of active time. This session ended with a crash.

Error: (05/04/2012 02:44:12 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: , Microsoft Office Version: 12.0.6612.1000. This session lasted 29000 seconds with 1800 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
AccelerometerP11 (Version: 2.00.00.12)
Ad-Aware Antivirus (Version: 10.2.21.3698)
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Bing Desktop (Version: 1.0.45.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.14)
Cisco AnyConnect VPN Client (Version: 2.5.3055)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cisco Systems VPN Client 5.0.04.0300 (Version: 5.0.4)
Citrix Offline Plug-in (Version: 6.6.0.16)
CommView for WiFi (Version: 6.3)
Compare & Find Differences Between Two Text Files Software
Conexant HDA D330 MDC V.92 Modem (Version: 7.80.4.0)
Configuration Manager Client (Version: 4.00.6487.2000)
Connectify (Version: 3.2.0.22201)
Dell Touchpad (Version: 7.1007.101.210)
DW WLAN Card Utility (Version: 5.60.48.35)
EASEUS Partition Master 9.1.1 Home Edition
ESET Online Scanner v3
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Google Chrome (Version: 21.0.1180.89)
Google Talk (remove only)
Google Talk Plugin (Version: 3.5.1.8982)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Gpg4win (2.1.0) (Version: 2.1.0)
Idea Net Setter (Version: 21.005.11.00.356)
IDT Audio (Version: 1.0.6292.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2281)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8117.416)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.107)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Lync 2010 (Version: 4.0.7577.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Communicator Web Access Plug-in (x86) (Version: 3.5.6907.236)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (Version: 9.0)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (Version: 10.0.40219.1)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows NT Resource Kit 4.0 Support Tools
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4.0 redistributable (Version: 4.0.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.69.0)
Nokia Suite (Version: 3.3.89.0)
Octoshape Streaming Services
Reliance Netconnect - Broadband+ (Version: 11.030.01.04.114)
Reliance Netconnect+ (Version: 11.030.01.20.114)
SAP Download Manager (Version: 1.1.3.0)
SAP GUI for Windows 7.20 (Version: 7.20 Compilation 3)
SAP Service Connector (Version: 2.00.0000)
SAP Tutor Personal Player
SAPSetup Automatic Workstation Update Service
Spybot - Search & Destroy (Version: 2.0.10)
swMSM (Version: 12.0.0.1)
Symantec Endpoint Protection (Version: 11.0.7101.1056)
TagTuner 2.0
TeamViewer 7 (Version: 7.0.13989)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
vcredist_x86 (Version: 1.0.0)
VLC media player 2.0.1 (Version: 2.0.1)
VLC Streamer 2.56
WebEx
Windows 7 USB/DVD Download Tool (Version: 1.0.30)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WinZip 15.5 (Version: 15.5.9510)
YTD Toolbar v6.2 (Version: 6.2)
YTD Video Downloader 3.9

========================= Memory info: ===================================

Percentage of memory in use: 72%
Total physical RAM: 1909.85 MB
Available physical RAM: 534.41 MB
Total Pagefile: 14409.85 MB
Available Pagefile: 11451.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.04 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:49.75 GB) (Free:1.88 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:108.81 GB) (Free:78.57 GB) NTFS
5 Drive g: () (Fixed) (Total:66.25 GB) (Free:1.37 GB) NTFS

========================= Users: ========================================

User accounts for \\YH2148L

Administrator Ctx_StreamingSvc Guest
yashtemp


**** End of log ****


FSS
Farbar Service Scanner Version: 06-08-2012
Ran by kiran.madhu (administrator) on 10-09-2012 at 09:42:48
Running from "C:\Users\Kiran.madhu\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
WAN connected
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

adware cleaner


# AdwCleaner v2.001 - Logfile created 09/10/2012 at 09:47:48
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : kiran.madhu - YH2148L
# Boot Mode : Normal
# Running from : C:\Users\Kiran.madhu\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\divya.kaamala\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\divya.kaamala\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\divya.kaamala\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Kiran.madhu\AppData\Local\Conduit
Folder Deleted : C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\User Data\Default\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Folder Deleted : C:\Users\Kiran.madhu\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Kiran.madhu\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kiran.madhu\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Kiran.madhu\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Kiran.madhu\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fealnpfjifonchkodiffbdkfaipmpkhe
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\SweetIm
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-3513259985-2938440104-392464288-1004\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Kiran.madhu\AppData\Roaming\Mozilla\Firefox\Profiles\7l9drvsg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Kiran.madhu\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4048 octets] - [10/09/2012 09:46:06]
AdwCleaner[S1].txt - [4460 octets] - [10/09/2012 09:47:48]

########## EOF - C:\AdwCleaner[S1].txt - [4520 octets] ##########

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:26 PM

Posted 10 September 2012 - 02:02 AM

Do you still have redirects? Which browser?

Press Windows+R key and type

services.msc and click ok

Right click on your security center service-properties

Change the startup type to automatic

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#8 Kiran Madhu

Kiran Madhu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 10 September 2012 - 02:21 AM

Yes still error exists.

Please find the below link i got

http://click.clickshield.net/ads-clicktrack/click/jump1.do?sid=CsW9OOY2alQ%2BUmVifOnrfSLK5SeG7PI1SPxliBW%2BOmQ%3D&affiliate=57628&subid=652_19010_2052&rc=0&terms=puravankara+venezia&stm=2012-09-10-00-12-24

I have started the service now and set to automatic.

RKILL

Rkill 2.3.10 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/10/2012 12:45:35 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\ProgramData\DatacardService\HWDeviceService.exe (PID: 2452) [AU-HEUR]
* C:\ProgramData\Idea Net Setter\OnlineUpdate\ouc.exe (PID: 2632) [AU-HEUR]
* C:\ProgramData\DatacardService\DCSHelper.exe (PID: 3604) [AU-HEUR]
* C:\Users\Kiran.madhu\AppData\Roaming\Reliance Netconnect\ouc.exe (PID: 3824) [UP-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

* Advanced Explorer Setting Removed: HideIcons [HKCU]

Backup Registry file created at:
C:\Users\Kiran.madhu\Desktop\rkill\rkill-09-10-2012-12-45-56.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Disabled

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/10/2012 12:46:12 PM
Execution time: 0 hours(s), 0 minute(s), and 36 seconds(s)

Autoruns

"HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup" "" "" ""
+ "Default Domain Policy" "" "" "File not found: \\hydsccmsrv01\Client\SMS_DomainLogin.bat"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Ad-Aware Antivirus" "Ad-Aware Antivirus Launcher" "Lavasoft Limited" "c:\program files\ad-aware antivirus\adawarelauncher.exe"
+ "Ad-Aware Browsing Protection" "Ad-Aware Browsing Protection" "Lavasoft" "c:\programdata\ad-aware browsing protection\adawarebp.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\delltpad\apoint.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "BingDesktop" "Bing Desktop application" "Microsoft Corp." "c:\program files\microsoft\bingdesktop\bingdesktop.exe"
+ "Broadcom Wireless Manager UI" "DW WLAN Card Wireless Network Tray Applet" "Dell Inc." "c:\program files\dell\dw wlan card\wltray.exe"
+ "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files\common files\symantec shared\ccapp.exe"
+ "Communicator" "Microsoft Lync 2010" "Microsoft Corporation" "c:\program files\microsoft lync\communicator.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Malwarebytes' Anti-Malware" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamgui.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SDTray" "Spybot - Search & Destroy tray access" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy 2\sdtray.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "VPN Client.lnk" "" "" "c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\icon3e5562ed7.ico"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Connectify" "Connectify" "Connectify" "c:\program files\connectify\connectify.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\kiran.madhu\appdata\local\google\update\googleupdate.exe"
+ "HW_OPENEYE_OUC_Reliance Netconnect" "Online Update Clinet" "Huawei Technologies Co., Ltd." "c:\program files\reliance netconnect+\updatedog\ouc.exe"
+ "Octoshape Streaming Services" "Main program for Octoshape client" "Octoshape ApS" "c:\users\kiran.madhu\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe"
+ "Spybot-S&D Cleaning" "Search results cleaner" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy 2\sdcleaner.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "saphtmlp" "SAP HTML Pluggable Protocol" "SAP, Walldorf" "c:\program files\sap\frontend\sapgui\saphtmlp.dll"
+ "sapr3" "SAP HTML Pluggable Protocol" "SAP, Walldorf" "c:\program files\sap\frontend\sapgui\saphtmlp.dll"
+ "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ ".TagTuner" "" "" "c:\program files\tagtuner\tagtuner32.dll"
+ "GpgEX" "" "" "c:\program files\gnu\gnupg\gpgex.dll"
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll"
+ "SDECon32" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy 2\sdecon32.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "AdAwareContextMenu" "Ad-Aware Antivirus Shell Extension" "Lavasoft Limited" "c:\program files\ad-aware antivirus\adawareshellextension.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ ".TagTuner" "" "" "c:\program files\tagtuner\tagtuner32.dll"
+ "GpgEX" "" "" "c:\program files\gnu\gnupg\gpgex.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "SDECon32" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy 2\sdecon32.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing, S.L." "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "Lync Browser Helper" "Microsoft Lync 2010" "Microsoft Corporation" "c:\program files\microsoft lync\ochelper.dll"
+ "Plugin Class" "SAP Tutor Player" "SAP AG" "c:\program files\sap\sap tutor\free_playerie.dll"
+ "Spybot-S&D IE Protection" "Blocks URLs that could install spyware, malware etc." "Safer-Networking Ltd." "c:\program files\spybot - search & destroy 2\sdhelper.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"Task Scheduler" "" "" ""
+ "\aakwi" "" "" "c:\windows\system32\hdwwiz4.dll"
+ "\Ad-Aware Antivirus Scheduled Scan" "Ad-Aware Antivirus Launcher" "Lavasoft Limited" "c:\program files\ad-aware antivirus\adawarelauncher.exe"
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-531195880-3687168959-1048678610-14738Core" "" "" "File not found: C:\Users\Kiran.madhu\AppData\Local\Facebook\Update\FacebookUpdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-531195880-3687168959-1048678610-14738UA" "" "" "File not found: C:\Users\Kiran.madhu\AppData\Local\Facebook\Update\FacebookUpdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-531195880-3687168959-1048678610-14738Core" "Google Installer" "Google Inc." "c:\users\kiran.madhu\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-531195880-3687168959-1048678610-14738UA" "Google Installer" "Google Inc." "c:\users\kiran.madhu\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\RealUpgradeLogonTaskS-1-5-21-531195880-3687168959-1048678610-14738" "" "" "File not found: C:\Program Files\Real\RealUpgrade\RealUpgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-531195880-3687168959-1048678610-14738" "" "" "File not found: C:\Program Files\Real\RealUpgrade\RealUpgrade.exe"
+ "\RunAsStdUser Task" "" "" "File not found: d:\Program Files\MATLAB\R2010a\MATLAB R2010a.lnk"
+ "\RunAsStdUser Task for VeohWebPlayer" "" "" "File not found: C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
+ "\Safer-Networking\Spybot - Search and Destroy\Check for updates" "Update" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy 2\sdupdate.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Ad-Aware Service" "Ad-Aware Service" "Lavasoft Limited" "c:\program files\ad-aware antivirus\adawareservice.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AESTFilters" "Andrea filters APO access service (32-bit)" "Andrea Electronics Corporation" "c:\program files\idt\wdm\aestsrv.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "BingDesktopUpdate" "Bing Desktop Update Service" "Microsoft Corp." "c:\program files\microsoft\bingdesktop\bingdesktopupdater.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe"
+ "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe"
+ "CdfSvc" "Manages and controls Citrix diagnostic trace sessions on the system." "Citrix Systems, Inc." "c:\program files\common files\citrix\system32\cdfsvc.exe"
+ "Connectify" "Turns your computer into a WiFi hotspot" "" "c:\program files\connectify\connectifyservice.exe"
+ "CVPND" "Cisco Systems VPN Client" "Cisco Systems, Inc." "c:\program files\cisco systems\vpn client\cvpnd.exe"
+ "DirMngr" "" "" "c:\program files\gnu\gnupg\dirmngr.exe"
+ "HsfXAudioService" "User-mode gate for HSF Modem" "Conexant Systems, Inc." "c:\windows\system32\xaudio32.dll"
+ "HWDeviceService.exe" "Service for runing Mobile applications autorun." "" "c:\programdata\datacardservice\hwdeviceservice.exe"
+ "Idea Net Setter. RunOuc" "" "" "c:\program files\idea net setter\updatedog\ouc.exe"
+ "InstallFilterService" "This service installs the FF filter on IDE disks found in the system" "" "c:\program files\stmicroelectronics\accelerometerp11\installfilterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files\symantec\liveupdate\lucomserver_3_3.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe"
+ "NWSAPAutoWorkstationUpdateSvc" "SAPSetup Automatic Workstation Update Service" "SAP AG" "c:\program files\sap\sapsetup\setup\updater\nwsapautoworkstationupdateservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "RadeHlprSvc" "This service manages the Citrix Offline Plug-in." "Citrix Systems, Inc." "c:\program files\citrix\streaming client\radehlprsvc.exe"
+ "RadeSvc" "This service manages the Citrix Offline Plug-in." "Citrix Systems, Inc." "c:\program files\citrix\streaming client\radesvc.exe"
+ "SBAMSvc" "Manages your antispyware and antivirus application" "GFI Software" "c:\program files\ad-aware antivirus\sbamsvc.exe"
+ "SDScannerService" "Offers malware scanning services to Spybot-S&D modules." "Safer-Networking Ltd." "c:\program files\spybot - search & destroy 2\sdfssvc.exe"
+ "SDUpdateService" "Downloads Spybot updates and installs them." "Safer-Networking Ltd." "c:\program files\spybot - search & destroy 2\sdupdsvc.exe"
+ "SDWSCService" "Integrates Spybot into the Windows Security Center." "Safer-Networking Ltd." "c:\program files\spybot - search & destroy 2\sdwscsvc.exe"
+ "SmcService" "Provides communication with the Symantec Endpoint Protection Manager. It also provides network threat protection and application and device control for the client." "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\smc.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv.exe"
+ "Symantec AntiVirus" "Provides virus-scanning for Symantec Endpoint Protection." "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\rtvscan.exe"
+ "TeamViewer7" "TeamViewer Remote Software" "TeamViewer GmbH" "c:\program files\teamviewer\version7\teamviewer_service.exe"
+ "tvncserver_Pointdev" "TightVNC Server for Windows" "GlavSoft LLC." "c:\windows\pointdev\vnc\tvnserver.exe"
+ "UDisk Monitor" "" "" "c:\program files\reliance netconnect+\bin\monserviceudisk.exe"
+ "vpnagent" "Cisco AnyConnect VPN Agent for Windows" "Cisco Systems, Inc." "c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe"
+ "wltrysvc" "Provides automatic configuration for the 802.11 adapter using the Broadcom supplicant." "Dell Inc." "c:\program files\dell\dw wlan card\wltrysvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Acceler" "Accelerometer Port I/O" "ST Microelectronics" "c:\windows\system32\drivers\accelern.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BCM42RLY" "Broadcom iLine10™ PCI Network Adapter Proxy Protocol Driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm42rly.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl6.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btusbflt" "Widcomm Bluetooth USB Filter for Windows XP" "Broadcom Corporation." "c:\windows\system32\drivers\btusbflt.sys"
+ "cdfdrv" "Citrix Diagnostic Driver" "Citrix Systems, Inc." "c:\windows\system32\drivers\cdfdrv.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "cnnctfy2" "Connectify LightWeight Filter" "Connectify" "c:\windows\system32\drivers\cnnctfy2.sys"
+ "ctxpidmn" "Citrix Sandbox Main Driver" "Citrix Systems, Inc." "c:\windows\system32\drivers\ctxpidmn.sys"
+ "CtxSbx" "Citrix Sandbox Filter Driver" "Citrix Systems, Inc." "c:\windows\system32\drivers\ctxsbx.sys"
+ "CVirtA" "Cisco Systems VPN Adapter" "Cisco Systems, Inc." "c:\windows\system32\drivers\cvirta.sys"
+ "CVPNDRVA" "Cisco Systems VPN Client IPSec Driver" "Cisco Systems, Inc." "c:\windows\system32\drivers\cvpndrva.sys"
+ "dgderdrv" "" "" "File not found: System32\drivers\dgderdrv.sys"
+ "DNE" "Deterministic Network Enhancer" "Deterministic Networks, Inc." "c:\windows\system32\drivers\dne2000.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "ElRawDisk" "RawDisk Driver. Allows write access to files and raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008." "EldoS Corporation" "c:\windows\system32\drivers\rsdrv.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "epmntdrv" "" "" "c:\windows\system32\epmntdrv.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "EuGdiDrv" "" "" "c:\windows\system32\eugdidrv.sys"
+ "ew_hwusbdev" "USB Modem/Serial Device Driver" "Huawei Technologies Co., Ltd." "c:\windows\system32\drivers\ew_hwusbdev.sys"
+ "ewusbmbb" "USB NDIS Miniport Driver" "Huawei Technologies Co., Ltd." "c:\windows\system32\drivers\ewusbwwan.sys"
+ "FsUsbExDisk" "" "" "c:\windows\system32\fsusbexdisk.sys"
+ "FTDIBUS" "FTDIBUS USB Driver" "FTDI Ltd." "c:\windows\system32\drivers\ftdibus.sys"
+ "FTSER2K" "FTDIBUS Serial Device Driver" "FTDI Ltd." "c:\windows\system32\drivers\ftser2k.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECI" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\heci.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_dpv.sys"
+ "HSXHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsxhwazl.sys"
+ "huawei_enumerator" "ew_jubusenum Driver" "Huawei Technologies Co., Ltd." "c:\windows\system32\drivers\ew_jubusenum.sys"
+ "hwdatacard" "USB Modem/Serial Device Driver" "Huawei Technologies Co., Ltd." "c:\windows\system32\drivers\ewusbmdm.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x86" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "ihmphnev" "" "" "File not found: C:\Windows\system32\drivers\ihmphnev.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "ivusb" "Initio Default Vendor Specific Device Driver" "Initio Corporation" "c:\windows\system32\drivers\ivusb.sys"
+ "LMIInfo" "" "" "File not found: C:\Program Files\LogMeIn\x86\RaInfo.sys"
+ "lmimirr" "LogMeIn Mirror Miniport Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmimirr.sys"
+ "LMIRfsDriver" "LogMeIn Rfs Drivemap Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmirfsdriver.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20120311.017\naveng.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20120311.017\navex15.sys"
+ "Netaapl" "Apple Mobile Device Ethernet" "Apple Inc." "c:\windows\system32\drivers\netaapl.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nmwcd" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmb.sys"
+ "nmwcdc" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmbo.sys"
+ "nmwcdnsu" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\nmwcdnsu.sys"
+ "nmwcdnsuc" "Nokia USB Phone Generic Client" "Nokia" "c:\windows\system32\drivers\nmwcdnsuc.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "pccsmcfd" "" "" "File not found: system32\DRIVERS\pccsmcfd.sys"
+ "pwdrvio" "" "" "c:\windows\system32\pwdrvio.sys"
+ "pwdspio" "" "" "c:\windows\system32\pwdspio.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "sbapifs" "GFI Active Protection Filter Driver" "GFI Software" "c:\windows\system32\drivers\sbapifs.sys"
+ "sbhips" "GFI Firewall SDK Host Intrusion Prevention System Driver" "GFI Software" "c:\windows\system32\drivers\sbhips.sys"
+ "SBRE" "GFI Anti-Rootkit Driver" "GFI Software" "c:\windows\system32\drivers\sbredrv.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Serial" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\serial.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SPBBCDrv" "SPBBC Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtsp.sys"
+ "SRTSPL" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspl.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspx.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl3.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt3.sys"
+ "sscdbus" "SAMSUNG USB Composite Device Driver" "MCCI" "c:\windows\system32\drivers\sscdbus.sys"
+ "sscdmdfl" "SAMSUNG CDMA Modem Filter" "MCCI" "c:\windows\system32\drivers\sscdmdfl.sys"
+ "sscdmdm" "SAMSUNG CDMA Modem Drivers" "MCCI" "c:\windows\system32\drivers\sscdmdm.sys"
+ "stdflt" "Disk Filter Driver for Accelerometer" "ST Microelectronics" "c:\windows\system32\drivers\stdfltn.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent.sys"
+ "SYMREDRV" "Redirector Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symredrv.sys"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\symtdi.sys"
+ "Teefer3" "Teefer3 Service" "Symantec Corporation" "c:\windows\system32\drivers\teefer3.sys"
+ "TsLwWfF" "WiFi Capture Driver" "TamoSoft" "c:\windows\system32\drivers\tslwwff.sys"
+ "upperdev" "Filter Driver for Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\usbser_lowerflt.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "UsbserFilt" "Filter Driver for Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\usbser_lowerfltj.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vpnva" "Cisco AnyConnect VPN Client Virtual Miniport Adapter for Windows" "Cisco Systems, Inc." "c:\windows\system32\drivers\vpnva.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_cnxt.sys"
+ "WPS" "Symantec CMC Firewall WPS" "Symantec Corporation" "c:\windows\system32\drivers\wpsdrvnt.sys"
+ "WpsHelper" "Symantec Intrusion Detection - WpsHelper" "Symantec Corporation" "c:\windows\system32\drivers\wpshelper.sys"
+ "XAudio" "Modem Audio Device Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio32.sys"
+ "ztemtusbser" "USB Modem/Serial Device Driver" "ZTEMT Incorporated" "c:\windows\system32\drivers\ct_ztemt_u_usbser.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AVS Video Out" "AVSVideoOutFilter DirectShow Filter" "Online Media Technologies Ltd" "c:\program files\common files\avsmedia\activex\avsvideooutfilter3.ax"
+ "Emuzed AAC/AAC+ Decoder TFilter" "Emuzed AAC/AAC+ Decoder Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\emzaacdecfilter.dll"
+ "Emuzed AMR/3GPP/MP4/MP3 Multiplexer-Filter" "Emuzed MP4/3GP2/AMR/QCP Multiplexer/Sink Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\ezdmp4muxfilter.dll"
+ "Emuzed AMR/QCP/3GPP/MP4/3G2 Source Filter" "Emuzed MP4/3GP2/AMR/QCP Source Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\emzmp4source.dll"
+ "Emuzed H264 Video Decoder-Filter" "Emuzed H.264 Video Transform Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\ezdh264dectfilter.dll"
+ "Emuzed MP3 Source/Decoder Filter" "Emuzed MP3 Source/Decoder Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\emzmp3sourcefilter.dll"
+ "Emuzed MP4SP/H263 Video Decoder-Filter" "Emuzed MP4SP/H.263 Video Transform Filter" "Emuzed Inc. " "c:\program files\common files\nokia\codecs\emzdecmp4_h263.dll"
+ "Nokia H264Dec HP/MP Filter" "NokiaH264HPMPDecTFilter" "Nokia" "c:\program files\common files\nokia\codecs\nokiah264hpmpdectfilter.dll"
+ "Nokia MPEG4ASP Decoder Filter" "MPEG4ASP H263 Decoder Filter" "Nokia" "c:\program files\common files\nokia\codecs\nokiadecmp4asp_h263.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls" "" "" ""
+ "C:\PROGRA~1\Citrix\system32\radeaphook.dll C:\PROGRA~1\Citrix\system32\ctxsbxhook.dll" "Citrix XenApp API Hook DLL" "Citrix Systems, Inc." "c:\program files\citrix\system32\radeaphook.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "LogMeInCredProv" "LogMeIn Remote Control Helper" "LogMeIn, Inc." "c:\windows\system32\lmiinit.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "SDWinLogon" "" "" "File not found: SDWinLogon.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "KM Language Monitor" "KM language monitor" "KYOCERA MITA Corporation" "c:\windows\system32\kmpjlmn.dll"
+ "LogMeIn Printer Port Monitor" "RemotelyAnywhere Printer Port Monitor" "LogMeIn, Inc." "c:\windows\system32\lmiport.dll"
+ "PCL hpf3lw73" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3lw73.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "BCMLogon" "DW WLAN Card Logon Provider" "Dell Inc." "c:\windows\system32\bcmlogon.dll"
+ "LMIRfsClientNP" "LogMeIn Virtual Disk Network" "LogMeIn, Inc." "c:\windows\system32\lmirfsclientnp.dll"
+ "SnacNp" "Symantec SNAC Network Provider" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\snacnp.dll"

Forgot to mention browser i used chrome.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:26 PM

Posted 10 September 2012 - 02:23 AM

Download

Hosts fixit

Run it,restart the PC

Which browser is redirecting

#10 Kiran Madhu

Kiran Madhu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 10 September 2012 - 03:18 AM

i have applied hot fix.. still same error. i having issue in both Google chrome and IExplorer

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:26 PM

Posted 10 September 2012 - 04:51 AM

Launch Autoruns and uncheck this entry
"Task Scheduler" "" "" ""
+ "\aakwi" "" "" "c:\windows\system32\hdwwiz4.dll"

Restart the PC ,copy this file to desktop

c:\windows\system32\hdwwiz4.dll

Now go to

https://www.virustotal.com/

Click on BROWSE

Select the file copied to desktop

Click on SCAN

Post the generated report link here

#12 Kiran Madhu

Kiran Madhu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 10 September 2012 - 05:37 AM

Please find the link https://www.virustotal.com/file/db4e6e4496c4580a0ab022a770f64a7b00243b0cbeed8a22354d30de9e4deb5c/analysis/1347273356/

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:26 PM

Posted 10 September 2012 - 06:40 AM

c:\windows\system32\hdwwiz4.dll


I want you to remove this file ,restart the PC and see if you're still redirected

#14 Kiran Madhu

Kiran Madhu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 10 September 2012 - 08:16 AM

I am unable to delete it as its in System directory.

Please let know how to delete it.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:26 PM

Posted 10 September 2012 - 09:07 AM

Click on startmenu and type

cmd

Right click on it and select run as administrator and run this command

cd c:\windows\system32
takeown /a /f hdwwiz4.dll
cacls hdwwiz4.dll /g administrators:f
attrib -s -h -r hdwwiz4.dll


Now delete the file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users