Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect bug that seems to be im memory


  • Please log in to reply
15 replies to this topic

#1 workitsolutions

workitsolutions

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 13 November 2012 - 03:50 PM

Hello,
First off I only have access to this machine remotely but I am able to force a restart in safe mode if needed.
The machine is a Dell machine with Windows XP SP3
The issue is Google search redirects to random sites.
Up to this point I have run Malwarebytes, TDSSKiller, ESET, TDDSFix from Symantec and the machine is running Kaspersky 2012
The only thing that shows an error is aswMBR. Everything else shows clean.
Although it shows an error I do not see any way to fix the error.
Posted Image


Any thoughts I am actually stumped on this one?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 13 November 2012 - 08:55 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 workitsolutions

workitsolutions
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 13 November 2012 - 10:57 PM

1st result
21:50:06.0001 4592 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:50:06.0470 4592 ============================================================
21:50:06.0470 4592 Current date / time: 2012/11/13 21:50:06.0470
21:50:06.0470 4592 SystemInfo:
21:50:06.0470 4592
21:50:06.0470 4592 OS Version: 5.1.2600 ServicePack: 3.0
21:50:06.0470 4592 Product type: Workstation
21:50:06.0470 4592 ComputerName: TIERRASF-406
21:50:06.0470 4592 UserName: raj
21:50:06.0470 4592 Windows directory: C:\WINDOWS
21:50:06.0470 4592 System windows directory: C:\WINDOWS
21:50:06.0470 4592 Processor architecture: Intel x86
21:50:06.0470 4592 Number of processors: 2
21:50:06.0470 4592 Page size: 0x1000
21:50:06.0470 4592 Boot type: Normal boot
21:50:06.0470 4592 ============================================================
21:50:06.0908 4592 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:50:06.0923 4592 ============================================================
21:50:06.0923 4592 \Device\Harddisk0\DR0:
21:50:06.0939 4592 MBR partitions:
21:50:06.0939 4592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x25419CFC
21:50:06.0939 4592 ============================================================
21:50:06.0970 4592 C: <-> \Device\Harddisk0\DR0\Partition1
21:50:06.0970 4592 ============================================================
21:50:06.0970 4592 Initialize success
21:50:06.0970 4592 ============================================================
21:50:34.0015 4044 ============================================================
21:50:34.0015 4044 Scan started
21:50:34.0015 4044 Mode: Manual; TDLFS;
21:50:34.0015 4044 ============================================================
21:50:34.0171 4044 ================ Scan system memory ========================
21:50:34.0171 4044 System memory - ok
21:50:34.0171 4044 ================ Scan services =============================
21:50:34.0359 4044 Abiosdsk - ok
21:50:34.0374 4044 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:50:34.0374 4044 abp480n5 - ok
21:50:34.0406 4044 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:50:34.0406 4044 ACPI - ok
21:50:34.0484 4044 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:50:34.0484 4044 ACPIEC - ok
21:50:34.0640 4044 [ 49B83FE580B448314F83085E0A19E705 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
21:50:34.0640 4044 AcrSch2Svc - ok
21:50:34.0671 4044 [ 307F5E03B02A3022D664C36D1EA25F2C ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:50:34.0671 4044 ADIHdAudAddService - ok
21:50:34.0718 4044 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:50:34.0718 4044 AdobeFlashPlayerUpdateSvc - ok
21:50:34.0734 4044 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:50:34.0749 4044 adpu160m - ok
21:50:34.0765 4044 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:50:34.0765 4044 aec - ok
21:50:34.0812 4044 [ DF139E5866C19E0B3217EF210198D875 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
21:50:34.0812 4044 afcdp - ok
21:50:34.0937 4044 [ 30346435058C56903C9F07BC7CABC9EA ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
21:50:34.0952 4044 afcdpsrv - ok
21:50:34.0984 4044 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:50:34.0984 4044 AFD - ok
21:50:34.0999 4044 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
21:50:34.0999 4044 agp440 - ok
21:50:35.0015 4044 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:50:35.0015 4044 agpCPQ - ok
21:50:35.0015 4044 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:50:35.0015 4044 Aha154x - ok
21:50:35.0031 4044 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:50:35.0031 4044 aic78u2 - ok
21:50:35.0031 4044 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:50:35.0031 4044 aic78xx - ok
21:50:35.0046 4044 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:50:35.0062 4044 Alerter - ok
21:50:35.0077 4044 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:50:35.0077 4044 ALG - ok
21:50:35.0140 4044 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
21:50:35.0140 4044 AliIde - ok
21:50:35.0140 4044 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:50:35.0140 4044 alim1541 - ok
21:50:35.0156 4044 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:50:35.0156 4044 amdagp - ok
21:50:35.0156 4044 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
21:50:35.0156 4044 amsint - ok
21:50:35.0234 4044 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:50:35.0234 4044 Apple Mobile Device - ok
21:50:35.0281 4044 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:50:35.0281 4044 AppMgmt - ok
21:50:35.0281 4044 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
21:50:35.0281 4044 asc - ok
21:50:35.0296 4044 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:50:35.0296 4044 asc3350p - ok
21:50:35.0296 4044 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:50:35.0296 4044 asc3550 - ok
21:50:35.0515 4044 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:50:35.0515 4044 aspnet_state - ok
21:50:35.0531 4044 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:50:35.0531 4044 AsyncMac - ok
21:50:35.0562 4044 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:50:35.0562 4044 atapi - ok
21:50:35.0577 4044 Atdisk - ok
21:50:35.0624 4044 [ 6A35387E02B57062B8EB1BAC131116E6 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
21:50:35.0624 4044 Ati HotKey Poller - ok
21:50:35.0702 4044 [ FB3F4C60D58D11FB7C7CEC927315B0AE ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:50:35.0718 4044 ati2mtag - ok
21:50:35.0718 4044 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:50:35.0718 4044 Atmarpc - ok
21:50:35.0749 4044 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:50:35.0765 4044 AudioSrv - ok
21:50:35.0781 4044 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:50:35.0781 4044 audstub - ok
21:50:35.0874 4044 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
21:50:35.0874 4044 AVP - ok
21:50:35.0906 4044 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:50:35.0906 4044 Beep - ok
21:50:35.0937 4044 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:50:35.0937 4044 BITS - ok
21:50:36.0031 4044 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:50:36.0031 4044 Bonjour Service - ok
21:50:36.0077 4044 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:50:36.0077 4044 Browser - ok
21:50:36.0109 4044 [ AA7E8990BD4762F3E0C3D21AA1655468 ] cbfs3 C:\WINDOWS\system32\drivers\cbfs3.sys
21:50:36.0109 4044 cbfs3 - ok
21:50:36.0124 4044 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:50:36.0124 4044 cbidf - ok
21:50:36.0140 4044 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:50:36.0140 4044 cbidf2k - ok
21:50:36.0140 4044 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:50:36.0140 4044 cd20xrnt - ok
21:50:36.0171 4044 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:50:36.0171 4044 Cdaudio - ok
21:50:36.0187 4044 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:50:36.0187 4044 Cdfs - ok
21:50:36.0296 4044 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:50:36.0296 4044 Cdrom - ok
21:50:36.0296 4044 Changer - ok
21:50:36.0327 4044 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:50:36.0327 4044 CiSvc - ok
21:50:36.0343 4044 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:50:36.0343 4044 ClipSrv - ok
21:50:36.0374 4044 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:36.0374 4044 clr_optimization_v2.0.50727_32 - ok
21:50:36.0437 4044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:50:36.0437 4044 clr_optimization_v4.0.30319_32 - ok
21:50:36.0437 4044 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:50:36.0437 4044 CmdIde - ok
21:50:36.0452 4044 COMSysApp - ok
21:50:36.0452 4044 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:50:36.0452 4044 Cpqarray - ok
21:50:36.0499 4044 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:50:36.0499 4044 CryptSvc - ok
21:50:36.0546 4044 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:50:36.0546 4044 dac2w2k - ok
21:50:36.0546 4044 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:50:36.0546 4044 dac960nt - ok
21:50:36.0577 4044 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:50:36.0593 4044 DcomLaunch - ok
21:50:36.0624 4044 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:50:36.0624 4044 Dhcp - ok
21:50:36.0640 4044 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:50:36.0640 4044 Disk - ok
21:50:36.0702 4044 dmadmin - ok
21:50:36.0749 4044 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:50:36.0765 4044 dmboot - ok
21:50:36.0765 4044 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:50:36.0765 4044 dmio - ok
21:50:36.0765 4044 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:50:36.0765 4044 dmload - ok
21:50:36.0780 4044 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:50:36.0796 4044 dmserver - ok
21:50:36.0890 4044 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:50:36.0890 4044 DMusic - ok
21:50:36.0921 4044 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:50:36.0921 4044 Dnscache - ok
21:50:36.0952 4044 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:50:36.0952 4044 Dot3svc - ok
21:50:36.0952 4044 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:50:36.0952 4044 dpti2o - ok
21:50:36.0984 4044 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:50:36.0984 4044 drmkaud - ok
21:50:37.0030 4044 [ C08A912BC3257859516D2B71F5E29802 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
21:50:37.0030 4044 e1kexpress - ok
21:50:37.0046 4044 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:50:37.0046 4044 EapHost - ok
21:50:37.0046 4044 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:50:37.0046 4044 ERSvc - ok
21:50:37.0093 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:50:37.0093 4044 Eventlog - ok
21:50:37.0155 4044 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
21:50:37.0155 4044 EventSystem - ok
21:50:37.0202 4044 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:50:37.0202 4044 Fastfat - ok
21:50:37.0234 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:50:37.0249 4044 FastUserSwitchingCompatibility - ok
21:50:37.0265 4044 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
21:50:37.0265 4044 Fax - ok
21:50:37.0265 4044 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:50:37.0280 4044 Fdc - ok
21:50:37.0280 4044 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:50:37.0280 4044 Fips - ok
21:50:37.0327 4044 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:50:37.0343 4044 FLEXnet Licensing Service - ok
21:50:37.0343 4044 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:50:37.0343 4044 Flpydisk - ok
21:50:37.0437 4044 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:50:37.0437 4044 FltMgr - ok
21:50:37.0468 4044 [ E20D64EDF74D80874837B16506D58166 ] fltsrv C:\WINDOWS\system32\DRIVERS\fltsrv.sys
21:50:37.0468 4044 fltsrv - ok
21:50:37.0562 4044 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:50:37.0562 4044 FontCache3.0.0.0 - ok
21:50:37.0577 4044 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:50:37.0577 4044 Fs_Rec - ok
21:50:37.0577 4044 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:50:37.0577 4044 Ftdisk - ok
21:50:37.0609 4044 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:50:37.0609 4044 GEARAspiWDM - ok
21:50:37.0624 4044 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:50:37.0624 4044 Gpc - ok
21:50:37.0687 4044 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:50:37.0687 4044 gupdate - ok
21:50:37.0702 4044 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:50:37.0702 4044 gupdatem - ok
21:50:37.0718 4044 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:50:37.0718 4044 HDAudBus - ok
21:50:37.0749 4044 [ 88A67C34E37186665E916FD347B50D19 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
21:50:37.0749 4044 HECI - ok
21:50:37.0812 4044 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:50:37.0812 4044 helpsvc - ok
21:50:37.0827 4044 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:50:37.0827 4044 HidServ - ok
21:50:37.0859 4044 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:50:37.0859 4044 hidusb - ok
21:50:37.0874 4044 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:50:37.0874 4044 hkmsvc - ok
21:50:37.0890 4044 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
21:50:37.0890 4044 hpn - ok
21:50:37.0905 4044 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:50:37.0905 4044 HTTP - ok
21:50:37.0937 4044 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:50:37.0937 4044 HTTPFilter - ok
21:50:37.0952 4044 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
21:50:37.0952 4044 i2omgmt - ok
21:50:38.0030 4044 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:50:38.0030 4044 i2omp - ok
21:50:38.0109 4044 [ 52E8A3CC8269ADB27D25182284C5E650 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:50:38.0109 4044 IAANTMON - ok
21:50:38.0155 4044 [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
21:50:38.0155 4044 iaStor - ok
21:50:38.0233 4044 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:50:38.0249 4044 idsvc - ok
21:50:38.0265 4044 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:50:38.0280 4044 Imapi - ok
21:50:38.0312 4044 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:50:38.0312 4044 ImapiService - ok
21:50:38.0312 4044 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:50:38.0312 4044 ini910u - ok
21:50:38.0327 4044 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
21:50:38.0327 4044 IntelIde - ok
21:50:38.0327 4044 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:50:38.0327 4044 intelppm - ok
21:50:38.0405 4044 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:50:38.0405 4044 Ip6Fw - ok
21:50:38.0405 4044 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:50:38.0405 4044 IpFilterDriver - ok
21:50:38.0421 4044 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:50:38.0421 4044 IpInIp - ok
21:50:38.0437 4044 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:50:38.0437 4044 IpNat - ok
21:50:38.0530 4044 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:50:38.0546 4044 iPod Service - ok
21:50:38.0562 4044 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:50:38.0562 4044 IPSec - ok
21:50:38.0562 4044 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:50:38.0562 4044 IRENUM - ok
21:50:38.0593 4044 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:50:38.0593 4044 isapnp - ok
21:50:38.0702 4044 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:50:38.0702 4044 JavaQuickStarterService - ok
21:50:38.0733 4044 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:50:38.0733 4044 Kbdclass - ok
21:50:38.0749 4044 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:50:38.0749 4044 kbdhid - ok
21:50:38.0765 4044 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys
21:50:38.0765 4044 KL1 - ok
21:50:38.0765 4044 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
21:50:38.0765 4044 kl2 - ok
21:50:38.0812 4044 [ 5D92A03045A6A98708975B3D77B39A36 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
21:50:38.0812 4044 KLIF - ok
21:50:38.0858 4044 [ 96A7EC308A93DA26DFE481308BAAC2A2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
21:50:38.0858 4044 klim5 - ok
21:50:38.0921 4044 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
21:50:38.0937 4044 klmouflt - ok
21:50:38.0937 4044 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:50:38.0937 4044 kmixer - ok
21:50:38.0952 4044 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:50:38.0952 4044 KSecDD - ok
21:50:38.0983 4044 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
21:50:38.0983 4044 LanmanServer - ok
21:50:39.0015 4044 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:50:39.0015 4044 lanmanworkstation - ok
21:50:39.0062 4044 lbrtfdc - ok
21:50:39.0093 4044 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:50:39.0093 4044 LmHosts - ok
21:50:39.0218 4044 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:50:39.0218 4044 MDM - ok
21:50:39.0233 4044 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:50:39.0233 4044 Messenger - ok
21:50:39.0265 4044 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:50:39.0265 4044 mnmdd - ok
21:50:39.0280 4044 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:50:39.0296 4044 mnmsrvc - ok
21:50:39.0296 4044 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:50:39.0296 4044 Modem - ok
21:50:39.0312 4044 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:50:39.0312 4044 Mouclass - ok
21:50:39.0327 4044 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:50:39.0327 4044 mouhid - ok
21:50:39.0358 4044 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:50:39.0358 4044 MountMgr - ok
21:50:39.0358 4044 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:50:39.0358 4044 mraid35x - ok
21:50:39.0437 4044 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:50:39.0437 4044 MRxDAV - ok
21:50:39.0499 4044 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:50:39.0515 4044 MRxSmb - ok
21:50:39.0546 4044 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:50:39.0546 4044 MSDTC - ok
21:50:39.0593 4044 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:50:39.0593 4044 Msfs - ok
21:50:39.0593 4044 MSIServer - ok
21:50:39.0624 4044 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:50:39.0624 4044 MSKSSRV - ok
21:50:39.0780 4044 [ 49AAB9D55319DB55A7D36167656D412A ] msoidsvc C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
21:50:39.0796 4044 msoidsvc - ok
21:50:39.0796 4044 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:50:39.0796 4044 MSPCLOCK - ok
21:50:39.0796 4044 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:50:39.0812 4044 MSPQM - ok
21:50:39.0827 4044 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:50:39.0827 4044 mssmbios - ok
21:50:39.0827 4044 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:50:39.0827 4044 Mup - ok
21:50:40.0015 4044 [ 480C23D6AABD7AF9941027BE63AA09F3 ] MySecureBackupService C:\Program Files\My Secure Backup\MySecureBackup.exe
21:50:40.0046 4044 MySecureBackupService - ok
21:50:40.0077 4044 [ CBBBBCACE1ABDA7336410DF4AB3C74D7 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
21:50:40.0077 4044 NAL - ok
21:50:40.0108 4044 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:50:40.0108 4044 napagent - ok
21:50:40.0155 4044 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:50:40.0155 4044 NDIS - ok
21:50:40.0186 4044 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:50:40.0186 4044 NdisTapi - ok
21:50:40.0186 4044 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:50:40.0186 4044 Ndisuio - ok
21:50:40.0202 4044 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:50:40.0202 4044 NdisWan - ok
21:50:40.0218 4044 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:50:40.0218 4044 NDProxy - ok
21:50:40.0249 4044 [ 949941E4DE88DF1FAF49A4B3CFFB756F ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
21:50:40.0265 4044 Net Driver HPZ12 - ok
21:50:40.0265 4044 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:50:40.0265 4044 NetBIOS - ok
21:50:40.0280 4044 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:50:40.0280 4044 NetBT - ok
21:50:40.0358 4044 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:50:40.0358 4044 NetDDE - ok
21:50:40.0358 4044 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:50:40.0358 4044 NetDDEdsdm - ok
21:50:40.0390 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:50:40.0390 4044 Netlogon - ok
21:50:40.0390 4044 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:50:40.0390 4044 Netman - ok
21:50:40.0421 4044 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:50:40.0436 4044 NetTcpPortSharing - ok
21:50:40.0546 4044 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:50:40.0546 4044 Nla - ok
21:50:40.0561 4044 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:50:40.0561 4044 Npfs - ok
21:50:40.0593 4044 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:50:40.0624 4044 Ntfs - ok
21:50:40.0624 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:50:40.0624 4044 NtLmSsp - ok
21:50:40.0655 4044 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:50:40.0655 4044 NtmsSvc - ok
21:50:40.0671 4044 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:50:40.0671 4044 Null - ok
21:50:40.0671 4044 NvtSp50 - ok
21:50:40.0686 4044 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:50:40.0686 4044 NwlnkFlt - ok
21:50:40.0702 4044 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:50:40.0702 4044 NwlnkFwd - ok
21:50:40.0858 4044 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:50:40.0874 4044 odserv - ok
21:50:40.0905 4044 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:50:40.0905 4044 ose - ok
21:50:41.0077 4044 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:50:41.0171 4044 osppsvc - ok
21:50:41.0202 4044 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:50:41.0202 4044 Parport - ok
21:50:41.0202 4044 Partizan - ok
21:50:41.0233 4044 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:50:41.0233 4044 PartMgr - ok
21:50:41.0265 4044 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:50:41.0265 4044 ParVdm - ok
21:50:41.0265 4044 PBADRV - ok
21:50:41.0265 4044 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:50:41.0265 4044 PCI - ok
21:50:41.0265 4044 PCIDump - ok
21:50:41.0280 4044 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:50:41.0280 4044 PCIIde - ok
21:50:41.0280 4044 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:50:41.0280 4044 Pcmcia - ok
21:50:41.0358 4044 PDCOMP - ok
21:50:41.0358 4044 PDFRAME - ok
21:50:41.0358 4044 PDRELI - ok
21:50:41.0374 4044 PDRFRAME - ok
21:50:41.0374 4044 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
21:50:41.0374 4044 perc2 - ok
21:50:41.0374 4044 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:50:41.0374 4044 perc2hib - ok
21:50:41.0436 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:50:41.0436 4044 PlugPlay - ok
21:50:41.0483 4044 [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
21:50:41.0483 4044 Pml Driver HPZ12 - ok
21:50:41.0483 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:50:41.0483 4044 PolicyAgent - ok
21:50:41.0483 4044 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:50:41.0483 4044 PptpMiniport - ok
21:50:41.0561 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:50:41.0561 4044 ProtectedStorage - ok
21:50:41.0577 4044 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:50:41.0577 4044 PSched - ok
21:50:41.0577 4044 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:50:41.0577 4044 Ptilink - ok
21:50:41.0624 4044 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:50:41.0624 4044 PxHelp20 - ok
21:50:41.0624 4044 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:50:41.0624 4044 ql1080 - ok
21:50:41.0702 4044 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:50:41.0702 4044 Ql10wnt - ok
21:50:41.0702 4044 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:50:41.0702 4044 ql12160 - ok
21:50:41.0702 4044 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:50:41.0702 4044 ql1240 - ok
21:50:41.0718 4044 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:50:41.0718 4044 ql1280 - ok
21:50:41.0733 4044 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:50:41.0733 4044 RasAcd - ok
21:50:41.0764 4044 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:50:41.0764 4044 RasAuto - ok
21:50:41.0858 4044 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:50:41.0858 4044 Rasl2tp - ok
21:50:41.0874 4044 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:50:41.0874 4044 RasMan - ok
21:50:41.0889 4044 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:50:41.0889 4044 RasPppoe - ok
21:50:41.0889 4044 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:50:41.0889 4044 Raspti - ok
21:50:41.0936 4044 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:50:41.0936 4044 Rdbss - ok
21:50:41.0936 4044 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:50:41.0936 4044 RDPCDD - ok
21:50:42.0030 4044 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:50:42.0030 4044 rdpdr - ok
21:50:42.0061 4044 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:50:42.0061 4044 RDPWD - ok
21:50:42.0077 4044 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:50:42.0077 4044 RDSessMgr - ok
21:50:42.0093 4044 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:50:42.0093 4044 redbook - ok
21:50:42.0108 4044 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:50:42.0108 4044 RemoteAccess - ok
21:50:42.0139 4044 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:50:42.0139 4044 RemoteRegistry - ok
21:50:42.0155 4044 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
21:50:42.0155 4044 RpcLocator - ok
21:50:42.0186 4044 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
21:50:42.0186 4044 RpcSs - ok
21:50:42.0218 4044 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:50:42.0218 4044 RSVP - ok
21:50:42.0280 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:50:42.0280 4044 SamSs - ok
21:50:42.0311 4044 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:50:42.0311 4044 SCardSvr - ok
21:50:42.0327 4044 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:50:42.0343 4044 Schedule - ok
21:50:42.0358 4044 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:50:42.0358 4044 Secdrv - ok
21:50:42.0358 4044 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:50:42.0358 4044 seclogon - ok
21:50:42.0436 4044 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:50:42.0436 4044 SENS - ok
21:50:42.0452 4044 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:50:42.0452 4044 Serenum - ok
21:50:42.0452 4044 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:50:42.0452 4044 Serial - ok
21:50:42.0561 4044 [ B6401608579B6431994425BA7653F774 ] SFAUDIO C:\WINDOWS\system32\drivers\sfaudio.sys
21:50:42.0561 4044 SFAUDIO - ok
21:50:42.0577 4044 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:50:42.0577 4044 Sfloppy - ok
21:50:42.0624 4044 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:50:42.0624 4044 SharedAccess - ok
21:50:42.0624 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:50:42.0624 4044 ShellHWDetection - ok
21:50:42.0639 4044 Simbad - ok
21:50:42.0718 4044 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:50:42.0718 4044 sisagp - ok
21:50:42.0733 4044 [ 851310C1B742D2DF2D334603836FFDF5 ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
21:50:42.0733 4044 snapman - ok
21:50:42.0749 4044 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:50:42.0749 4044 Sparrow - ok
21:50:42.0764 4044 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:50:42.0764 4044 splitter - ok
21:50:42.0796 4044 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:50:42.0796 4044 Spooler - ok
21:50:42.0889 4044 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:50:42.0889 4044 sr - ok
21:50:42.0936 4044 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:50:42.0936 4044 srservice - ok
21:50:42.0968 4044 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:50:42.0983 4044 Srv - ok
21:50:42.0999 4044 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:50:42.0999 4044 SSDPSRV - ok
21:50:43.0046 4044 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:50:43.0046 4044 stisvc - ok
21:50:43.0077 4044 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:50:43.0077 4044 stllssvr - ok
21:50:43.0093 4044 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:50:43.0093 4044 swenum - ok
21:50:43.0202 4044 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:50:43.0202 4044 swmidi - ok
21:50:43.0202 4044 SwPrv - ok
21:50:43.0218 4044 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
21:50:43.0218 4044 symc810 - ok
21:50:43.0233 4044 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:50:43.0233 4044 symc8xx - ok
21:50:43.0233 4044 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:50:43.0233 4044 sym_hi - ok
21:50:43.0233 4044 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:50:43.0233 4044 sym_u3 - ok
21:50:43.0686 4044 [ 1D8C612D6589430AD8F981F615B7C528 ] syncagentsrv C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe
21:50:43.0717 4044 syncagentsrv - ok
21:50:43.0733 4044 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:50:43.0733 4044 sysaudio - ok
21:50:43.0749 4044 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:50:43.0749 4044 SysmonLog - ok
21:50:43.0780 4044 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:50:43.0796 4044 TapiSrv - ok
21:50:43.0827 4044 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:50:43.0827 4044 Tcpip - ok
21:50:43.0842 4044 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:50:43.0842 4044 TDPIPE - ok
21:50:43.0905 4044 [ 6345E3829FD130A144454F9F5C2A3B9E ] tdrpman C:\WINDOWS\system32\DRIVERS\tdrpman.sys
21:50:43.0905 4044 tdrpman - ok
21:50:43.0936 4044 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:50:43.0936 4044 TDTCP - ok
21:50:43.0952 4044 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:50:43.0952 4044 TermDD - ok
21:50:43.0967 4044 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:50:43.0967 4044 TermService - ok
21:50:43.0983 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:50:43.0983 4044 Themes - ok
21:50:44.0014 4044 [ A8C31102F448231596168FFC9F568B9A ] tib_mounter C:\WINDOWS\system32\DRIVERS\tib_mounter.sys
21:50:44.0030 4044 tib_mounter - ok
21:50:44.0077 4044 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:50:44.0077 4044 TlntSvr - ok
21:50:44.0077 4044 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
21:50:44.0077 4044 TosIde - ok
21:50:44.0077 4044 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:50:44.0092 4044 TrkWks - ok
21:50:44.0108 4044 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:50:44.0108 4044 Udfs - ok
21:50:44.0124 4044 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
21:50:44.0124 4044 ultra - ok
21:50:44.0155 4044 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:50:44.0155 4044 Update - ok
21:50:44.0171 4044 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:50:44.0186 4044 upnphost - ok
21:50:44.0186 4044 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:50:44.0186 4044 UPS - ok
21:50:44.0280 4044 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
21:50:44.0280 4044 USBAAPL - ok
21:50:44.0296 4044 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:50:44.0296 4044 usbccgp - ok
21:50:44.0327 4044 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:50:44.0327 4044 usbehci - ok
21:50:44.0342 4044 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:50:44.0342 4044 usbhub - ok
21:50:44.0374 4044 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:50:44.0374 4044 usbscan - ok
21:50:44.0452 4044 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:50:44.0452 4044 USBSTOR - ok
21:50:44.0452 4044 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:50:44.0452 4044 usbuhci - ok
21:50:44.0467 4044 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:50:44.0467 4044 VgaSave - ok
21:50:44.0483 4044 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:50:44.0483 4044 viaagp - ok
21:50:44.0499 4044 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
21:50:44.0499 4044 ViaIde - ok
21:50:44.0608 4044 [ 26B75DCB58B006867EFD659E845CD65E ] vididr C:\WINDOWS\system32\DRIVERS\vididr.sys
21:50:44.0608 4044 vididr - ok
21:50:44.0608 4044 [ 40AFA68F81F90636D1300099E9CFC8CE ] vidsflt C:\WINDOWS\system32\DRIVERS\vidsflt.sys
21:50:44.0608 4044 vidsflt - ok
21:50:44.0608 4044 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:50:44.0608 4044 VolSnap - ok
21:50:44.0655 4044 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:50:44.0655 4044 VSS - ok
21:50:44.0671 4044 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
21:50:44.0671 4044 w32time - ok
21:50:44.0764 4044 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:50:44.0764 4044 Wanarp - ok
21:50:44.0780 4044 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
21:50:44.0780 4044 WDC_SAM - ok
21:50:44.0780 4044 WDICA - ok
21:50:44.0811 4044 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:50:44.0811 4044 wdmaud - ok
21:50:44.0842 4044 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:50:44.0842 4044 WebClient - ok
21:50:44.0967 4044 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:50:44.0967 4044 winmgmt - ok
21:50:45.0014 4044 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
21:50:45.0030 4044 WinRM - ok
21:50:45.0046 4044 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:50:45.0046 4044 WmdmPmSN - ok
21:50:45.0092 4044 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:50:45.0092 4044 Wmi - ok
21:50:45.0124 4044 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:50:45.0124 4044 WmiAcpi - ok
21:50:45.0202 4044 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:50:45.0202 4044 WmiApSrv - ok
21:50:45.0264 4044 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:50:45.0280 4044 WMPNetworkSvc - ok
21:50:45.0420 4044 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:50:45.0436 4044 WPFFontCache_v0400 - ok
21:50:45.0467 4044 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:50:45.0467 4044 wscsvc - ok
21:50:45.0499 4044 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:50:45.0499 4044 wuauserv - ok
21:50:45.0514 4044 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:50:45.0530 4044 WudfPf - ok
21:50:45.0545 4044 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:50:45.0545 4044 WudfRd - ok
21:50:45.0545 4044 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:50:45.0561 4044 WudfSvc - ok
21:50:45.0592 4044 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:50:45.0592 4044 WZCSVC - ok
21:50:45.0608 4044 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:50:45.0608 4044 xmlprov - ok
21:50:45.0624 4044 ================ Scan global ===============================
21:50:45.0639 4044 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:50:45.0733 4044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:50:45.0733 4044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:50:45.0764 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:50:45.0764 4044 [Global] - ok
21:50:45.0764 4044 ================ Scan MBR ==================================
21:50:45.0780 4044 [ 4400B71F7BE62771CD6F028B3E032761 ] \Device\Harddisk0\DR0
21:50:46.0061 4044 \Device\Harddisk0\DR0 - ok
21:50:46.0061 4044 ================ Scan VBR ==================================
21:50:46.0061 4044 [ CD251FFA88FDE6E5238CEA84BDACE0FC ] \Device\Harddisk0\DR0\Partition1
21:50:46.0077 4044 \Device\Harddisk0\DR0\Partition1 - ok
21:50:46.0077 4044 ============================================================
21:50:46.0077 4044 Scan finished
21:50:46.0077 4044 ============================================================
21:50:46.0077 4916 Detected object count: 0
21:50:46.0077 4916 Actual detected object count: 0



2nd Result
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-13 21:56:06
-----------------------------
21:56:06.429 OS Version: Windows 5.1.2600 Service Pack 3
21:56:06.429 Number of processors: 2 586 0x170A
21:56:06.429 ComputerName: TIERRASF-406 UserName: raj
21:56:13.616 Initialze error C0000034 - driver not loaded
21:56:23.662 AVAST engine defs: 12111201
21:56:30.615 Service scanning
21:56:35.536 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
21:56:35.536 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
21:56:35.646 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
21:56:35.661 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
21:56:43.598 Modules scanning
21:56:43.598 Disk 0 trace - called modules:
21:56:43.598
21:56:44.364 AVAST engine scan C:\WINDOWS
21:56:46.942 AVAST engine scan C:\WINDOWS\system32
21:56:58.456 File: C:\WINDOWS\system32\gdi325.dll **INFECTED** Win32:Malware-gen
21:57:07.221 File: C:\WINDOWS\system32\mouset.dll **INFECTED** Win32:Malware-gen
21:58:30.069 AVAST engine scan C:\WINDOWS\system32\drivers
21:58:35.771 AVAST engine scan C:\Documents and Settings\raj
22:04:24.682 AVAST engine scan C:\Documents and Settings\All Users
22:07:15.759 Scan finished successfully
22:17:43.916 The log file has been saved successfully to "C:\Documents and Settings\raj\Desktop\aswMBR.txt"


3rd Result

C:\WINDOWS\system32\gdi325.dll a variant of Win32/Kryptik.AKCO trojan cleaned by deleting - quarantined
Operating memory probably a variant of Win32/Ponmocup.AA trojan

Result

Posted Image

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 14 November 2012 - 12:08 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 workitsolutions

workitsolutions
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 14 November 2012 - 09:32 AM

Result 1
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.13.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
raj :: TIERRASF-406 [administrator]

11/14/2012 12:16:25 AM
mbam-log-2012-11-14 (09-09-02).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 381534
Time elapsed: 1 hour(s), 21 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP34\A0002087.exe (Trojan.Agent) -> Deleted.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP58\A0004512.exe (PUP.MyWebSearch) -> Deleted.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP58\A0004513.dll (PUP.MyWebSearch) -> Deleted.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP58\A0004515.dll (PUP.MyWebSearch) -> Deleted.

(end)




Result 2
MiniToolBox by Farbar Version: 10-11-2012 02
Ran by raj (administrator) on 14-11-2012 at 00:20:07
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82567LM-3 Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=static addr=192.168.40.77 mask=255.255.255.0
set address name="Local Area Connection" gateway=192.168.40.1 gwmetric=0
set dns name="Local Area Connection" source=static addr=192.168.40.6 register=PRIMARY
set wins name="Local Area Connection" source=static addr=none


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : TierraSF-406

Primary Dns Suffix . . . . . . . : tengwpb.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : tengwpb.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82567LM-3 Gigabit Network Connection

Physical Address. . . . . . . . . : 00-26-B9-86-B4-69

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.40.77

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.40.1

DNS Servers . . . . . . . . . . . : 192.168.40.6

Server: tsfdc1.tengwpb.local
Address: 192.168.40.6

Name: google.com
Addresses: 74.125.134.138, 74.125.134.139, 74.125.134.100, 74.125.134.101
74.125.134.102, 74.125.134.113



Pinging google.com [74.125.134.139] with 32 bytes of data:



Reply from 74.125.134.139: bytes=32 time=41ms TTL=46

Reply from 74.125.134.139: bytes=32 time=31ms TTL=46



Ping statistics for 74.125.134.139:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 41ms, Average = 36ms

Server: tsfdc1.tengwpb.local
Address: 192.168.40.6

Name: yahoo.com
Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=109ms TTL=43

Reply from 72.30.38.140: bytes=32 time=124ms TTL=43



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 109ms, Maximum = 124ms, Average = 116ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 26 b9 86 b4 69 ...... Intel® 82567LM-3 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.40.1 192.168.40.77 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.40.77 192.168.40.77 20
192.168.40.0 255.255.255.0 192.168.40.77 192.168.40.77 10
192.168.40.77 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.40.255 255.255.255.255 192.168.40.77 192.168.40.77 10
224.0.0.0 240.0.0.0 192.168.40.77 192.168.40.77 10
255.255.255.255 255.255.255.255 192.168.40.77 192.168.40.77 1
Default Gateway: 192.168.40.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 U:\Windows\System32\mswsock.dll [File Not found] ()
Catalog5 02 U:\Windows\System32\winrnr.dll [File Not found] ()
Catalog5 03 U:\Windows\System32\mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 02 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 03 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 04 U:\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 05 U:\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 06 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 07 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 08 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 09 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 10 U:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 11 U:\Windows\system32\mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/13/2012 11:49:58 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (11/13/2012 11:49:58 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (11/13/2012 11:49:57 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service SMSvcHost 4.0.0.0 (SMSvcHost 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (11/13/2012 11:49:57 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (11/13/2012 11:49:57 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ServiceModelService 4.0.0.0 (ServiceModelService 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (11/13/2012 11:49:57 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (11/13/2012 11:49:57 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ServiceModelOperation 4.0.0.0 (ServiceModelOperation 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (11/13/2012 11:49:57 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.

Error: (11/13/2012 11:49:57 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ServiceModelEndpoint 4.0.0.0 (ServiceModelEndpoint 4.0.0.0) failed. The
Error code is the first DWORD in Data section.

Error: (11/13/2012 11:49:57 PM) (Source: LoadPerf) (User: )
Description: The performance strings in the Performance registry value is corrupted when
process Performance extension counter provider. BaseIndex value from Performance
registry is the first DWORD in Data section, LastCounter value is the second
DWORD in Data section, and LastHelp value is the third DWORD in Data section.


System errors:
=============
Error: (11/14/2012 00:01:56 AM) (Source: TermServDevices) (User: )
Description: Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/14/2012 00:01:56 AM) (Source: TermServDevices) (User: )
Description: Driver Samsung Universal Print Driver required for printer Samsung Universal Print Driver is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/14/2012 00:01:50 AM) (Source: TermServDevices) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/14/2012 00:01:49 AM) (Source: TermServDevices) (User: )
Description: Driver EPSON Artisan 720 Series required for printer Artisan 720(Network) is unknown. Contact the administrator to install the driver before you log in again.

Error: (11/13/2012 11:58:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PBADRV

Error: (11/13/2012 11:55:11 PM) (Source: DCOM) (User: TENGWPB)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (11/13/2012 11:55:11 PM) (Source: DCOM) (User: TENGWPB)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (11/13/2012 11:55:11 PM) (Source: DCOM) (User: TENGWPB)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (11/13/2012 11:55:11 PM) (Source: DCOM) (User: TENGWPB)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.

Error: (11/13/2012 11:55:11 PM) (Source: DCOM) (User: TENGWPB)
Description: The server {1EF75F33-893B-4E8F-9655-C3D602BA4897} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (04/13/2011 02:38:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15626 seconds with 780 seconds of active time. This session ended with a crash.

Error: (11/24/2010 09:34:47 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 665477 seconds with 13260 seconds of active time. This session ended with a crash.

Error: (06/16/2010 11:41:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4353 seconds with 2460 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.4)
Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.5.1)
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Apple Application Support (Version: 2.3)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.008.0717.2342)
ATI Display Driver (Version: 8.513.1-080717a1-067419C-Dell)
BioAPI Framework (Version: 1.0.1)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center Core Implementation (Version: 2008.0717.2343.40629)
Catalyst Control Center Graphics Full Existing (Version: 2008.0717.2343.40629)
Catalyst Control Center Graphics Full New (Version: 2008.0717.2343.40629)
Catalyst Control Center Graphics Light (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization French (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization German (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Italian (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Japanese (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Korean (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Polish (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Portuguese (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Spanish (Version: 2008.0717.2343.40629)
Catalyst Control Center Localization Thai (Version: 2008.0717.2343.40629)
ccc-core-preinstall (Version: 2008.0717.2343.40629)
ccc-core-static (Version: 2008.0717.2343.40629)
ccc-utility (Version: 2008.0717.2343.40629)
CCC Help Chinese Standard (Version: 2008.0717.2342.40629)
CCC Help Chinese Traditional (Version: 2008.0717.2342.40629)
CCC Help English (Version: 2008.0717.2342.40629)
CCC Help French (Version: 2008.0717.2342.40629)
CCC Help German (Version: 2008.0717.2342.40629)
CCC Help Italian (Version: 2008.0717.2342.40629)
CCC Help Japanese (Version: 2008.0717.2342.40629)
CCC Help Korean (Version: 2008.0717.2342.40629)
CCC Help Polish (Version: 2008.0717.2342.40629)
CCC Help Portuguese (Version: 2008.0717.2342.40629)
CCC Help Spanish (Version: 2008.0717.2342.40629)
CCC Help Thai (Version: 2008.0717.2342.40629)
CCleaner (Version: 2.31)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (Version: 1.4.7)
ESET Online Scanner v3
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
GoToMeeting 5.2.0.952 (Version: 5.2.0.952)
Intel® Network Connections 14.8.43.0 (Version: 14.8.43.0)
Intel® Matrix Storage Manager
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.7.2)
Java™ 6 Update 37 (Version: 6.0.370)
Kaspersky Anti-Virus 2012 (Version: 12.0.0.374)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MFCLOC (Version: 1.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Lync 2010 (Version: 4.0.7577.4356)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Online Services Sign-in Assistant (Version: 7.250.4287.0)
Microsoft Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
My Secure Backup (Version: 3.16)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PowerDVD DX (Version: 8.2.5024)
QuickTime (Version: 7.73.80.64)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
ST Microelectronics TPM Driver Installer (Version: 1.04.15)
True Image 2013 (Version: 16.0.5551)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951618-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
UPEK TouchChip Fingerprint Reader (Version: 1.1.0)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15) (Version: 05/24/2007 1.00.04.15)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 3325.52 MB
Available physical RAM: 2356.08 MB
Total Pagefile: 5202.02 MB
Available Pagefile: 4226.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.62 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:243.23 GB) NTFS
7 Drive j: (TSFRAID) (Network) (Total:3224.87 GB) (Free:2797.85 GB) NTFS
8 Drive m: (TSFRAID) (Network) (Total:3224.87 GB) (Free:2797.85 GB) NTFS
9 Drive n: (tierrasf) (Network) (Total:500 GB) (Free:500 GB) FAT32
10 Drive u: (TSFRAID) (Network) (Total:3224.87 GB) (Free:2797.85 GB) NTFS

========================= Users: ========================================

User accounts for \\TIERRASF-406

Administrator Guest HelpAssistant
SUPPORT_388945a0

========================= Restore Points ==================================

20-09-2012 16:33:22 System Checkpoint
21-09-2012 16:39:16 System Checkpoint
22-09-2012 07:00:13 Software Distribution Service 3.0
23-09-2012 07:20:36 System Checkpoint
24-09-2012 08:20:33 System Checkpoint
25-09-2012 09:20:30 System Checkpoint
26-09-2012 10:20:23 System Checkpoint
27-09-2012 11:21:22 System Checkpoint
28-09-2012 12:20:09 System Checkpoint
29-09-2012 13:20:02 System Checkpoint
30-09-2012 13:33:28 System Checkpoint
01-10-2012 17:07:01 System Checkpoint
02-10-2012 17:19:45 System Checkpoint
03-10-2012 18:19:39 System Checkpoint
04-10-2012 20:40:02 System Checkpoint
05-10-2012 21:20:37 System Checkpoint
06-10-2012 22:44:22 System Checkpoint
07-10-2012 23:20:13 System Checkpoint
08-10-2012 23:21:40 System Checkpoint
10-10-2012 00:20:04 System Checkpoint
11-10-2012 01:19:38 System Checkpoint
11-10-2012 07:00:19 Software Distribution Service 3.0
12-10-2012 07:23:31 System Checkpoint
13-10-2012 08:23:23 System Checkpoint
14-10-2012 09:23:17 System Checkpoint
15-10-2012 10:23:13 System Checkpoint
16-10-2012 11:05:57 System Checkpoint
17-10-2012 12:05:44 System Checkpoint
18-10-2012 13:05:38 System Checkpoint
19-10-2012 14:03:35 System Checkpoint
20-10-2012 14:05:51 System Checkpoint
21-10-2012 15:06:51 System Checkpoint
22-10-2012 18:07:52 System Checkpoint
23-10-2012 18:44:04 System Checkpoint
24-10-2012 14:10:06 Removed Microsoft Silverlight
24-10-2012 14:16:34 Removed Ask Toolbar.
25-10-2012 14:21:55 System Checkpoint
26-10-2012 15:20:28 System Checkpoint
27-10-2012 15:20:43 System Checkpoint
28-10-2012 16:19:09 System Checkpoint
29-10-2012 20:18:07 System Checkpoint
30-10-2012 20:18:53 System Checkpoint
31-10-2012 21:18:45 System Checkpoint
01-11-2012 21:30:23 System Checkpoint
02-11-2012 22:18:29 System Checkpoint
03-11-2012 22:42:24 System Checkpoint
04-11-2012 23:18:19 System Checkpoint
05-11-2012 19:18:47 Installed Java™ 6 Update 37
05-11-2012 19:19:12 Installed Java Runtime Environment
06-11-2012 20:20:48 System Checkpoint
07-11-2012 16:24:03 Removed Ask Toolbar.
08-11-2012 17:23:08 System Checkpoint
09-11-2012 03:02:34 Software Distribution Service 3.0
10-11-2012 03:06:53 System Checkpoint
11-11-2012 04:20:07 System Checkpoint
12-11-2012 04:52:48 System Checkpoint
12-11-2012 20:46:16 Removed Acronis True Image Home
14-11-2012 01:14:32 System Checkpoint
14-11-2012 02:13:39 Removed Safari
14-11-2012 04:42:22 Software Distribution Service 3.0

**** End of log ****

Result 3
Farbar Service Scanner Version: 09-11-2012
Ran by raj (administrator) on 14-11-2012 at 00:26:21
Running from "C:\Documents and Settings\raj\Local Settings\Temporary Internet Files\Content.IE5\RW71ZFGA"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) kl2(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000800000004000000010000000200000003000000050000000600000007000000


**** End of log ****



Result 4


# AdwCleaner v2.007 - Logfile created 11/14/2012 at 09:19:47
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : raj - TIERRASF-406
# Boot Mode : Normal
# Running from : C:\Documents and Settings\raj\Local Settings\Temporary Internet Files\Content.IE5\CY1UOVUG\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\raj\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1529 octets] - [12/11/2012 18:00:41]
AdwCleaner[R2].txt - [1017 octets] - [14/11/2012 09:19:12]
AdwCleaner[S1].txt - [1601 octets] - [12/11/2012 18:01:38]
AdwCleaner[S2].txt - [62 octets] - [14/11/2012 09:19:45]

########## EOF - U:\AdwCleaner[S2].txt - [62 octets] ##########

Result 5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.0.9 (11.13.2012)
OS: Microsoft Windows XP x86
Ran by raj on Wed 11/14/2012 at 9:25:06.07
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/14/2012 at 9:30:54.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Final result same issue

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 14 November 2012 - 09:45 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Please run ASWMBR again and post the new log

#7 workitsolutions

workitsolutions
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 14 November 2012 - 04:15 PM

Result 1
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/14/2012 03:37:58 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/14/2012 03:38:20 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)

Result 2
"HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Shutdown" "" "" ""
+ "Local Group Policy" "Acronis Scheduler Helper" "Acronis" "c:\program files\common files\acronis\schedule2\schedhlp.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acronis Scheduler2 Service" "Acronis Scheduler Helper" "Acronis" "c:\program files\common files\acronis\schedule2\schedhlp.exe"
+ "AcronisTibMounterMonitor" "Acronis TIB Monitor" "Acronis" "c:\program files\common files\acronis\tibmounter\tibmountermonitor.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "AVP" "Kaspersky Anti-Virus" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
+ "ChangeTPMAuth" "" "" "File not found: C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12"
+ "Communicator" "Microsoft Lync 2010" "Microsoft Corporation" "c:\program files\microsoft lync\communicator.exe"
+ "IAAnotif" "Event Monitor User Notification Tool" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
+ "Local Group Policy" "Acronis Scheduler Helper" "Acronis" "c:\program files\common files\acronis\schedule2\schedhlp.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "TrueImageMonitor.exe" "Acronis True Image Monitor" "Acronis" "c:\program files\acronis\trueimagehome\trueimagemonitor.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
+ "My Secure Backup.lnk" "My Secure Backup Monitor" "My Secure Backup, Inc." "c:\program files\my secure backup\mysecurebackup.exe"
"C:\Documents and Settings\raj\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\documents and settings\raj\application data\dropbox\bin\dropbox.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
+ "0" "" "" "File not found: About:Home"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" "" "" ""
+ "Virtual Storage Mount Notification" "CbFs Mount Notifier" "EldoS Corporation" "c:\windows\system32\cbfsmntntf3.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" "" "" ""
+ "EldosMountNotificator" "CbFs Mount Notifier" "EldoS Corporation" "c:\windows\system32\cbfsmntntf3.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\raj\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "ContextMenuPublicShare" "Sync Shell Extension" "." "c:\program files\my secure backup\monitor_shellext.dll"
+ "Kaspersky Anti-Virus" "Windows Shell Extension" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky anti-virus 2012\shellex.dll"
+ "VersionsPageShellExt" "Versions Page" "Acronis" "c:\program files\acronis\trueimagehome\versions_page.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "VersionsPageShellExt Class" "Versions Page" "Acronis" "c:\program files\acronis\trueimagehome\versions_page.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\raj\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Kaspersky Anti-Virus" "Windows Shell Extension" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky anti-virus 2012\shellex.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\raj\application data\dropbox\bin\dropboxext.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "Kaspersky Anti-Virus" "Windows Shell Extension" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky anti-virus 2012\shellex.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "VersionsPageShellExt" "Versions Page" "Acronis" "c:\program files\acronis\trueimagehome\versions_page.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "VersionsPageShellExt Class" "Versions Page" "Acronis" "c:\program files\acronis\trueimagehome\versions_page.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "AcronisSyncError" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
+ "AcronisSyncInProgress" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
+ "AcronisSyncOk" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\raj\application data\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\raj\application data\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\raj\application data\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\documents and settings\raj\application data\dropbox\bin\dropboxext.14.dll"
+ "EldosIconOverlay" "CbFs Mount Notifier" "EldoS Corporation" "c:\windows\system32\cbfsmntntf3.dll"
+ "MySecureBackup1_Complete" "Sync Shell Extension" "." "c:\program files\my secure backup\monitor_shellext.dll"
+ "MySecureBackup2_InProgress" "Sync Shell Extension" "." "c:\program files\my secure backup\monitor_shellext.dll"
+ "MySecureBackup3_Conflicted" "Sync Shell Extension" "." "c:\program files\my secure backup\monitor_shellext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "FilterBHO Class" "WebToolBar component" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll"
+ "IEVkbdBHO Class" "IE Virtual Keyboard" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "JQSIEStartDetectorImpl Class" "Java™ Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
+ "Lync Browser Helper" "Microsoft Lync 2010" "Microsoft Corporation" "c:\program files\microsoft lync\ochelper.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Virtual Storage Mount Notification" "CbFs Mount Notifier" "EldoS Corporation" "c:\windows\system32\cbfsmntntf3.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiefavclient.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Virtual Keyboard" "IE Virtual Keyboard" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky anti-virus 2012\ievkbd.dll"
+ "Lync add-on" "Microsoft Lync 2010" "Microsoft Corporation" "c:\program files\microsoft lync\ochelper.dll"
+ "URLs c&heck" "WebToolBar component" "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky anti-virus 2012\klwtbbho.dll"
+ "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
"Task Scheduler" "" "" ""
+ "Adobe Flash Player Updater.job" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "RealUpgradeLogonTaskS-1-5-21-1060284298-1078081533-839522115-1114.job" "" "" "File not found: C:\Program Files\Real\RealUpgrade\realupgrade.exe /logoncheck"
+ "RealUpgradeScheduledTaskS-1-5-21-1060284298-1078081533-839522115-1114.job" "" "" "File not found: C:\Program Files\Real\RealUpgrade\realupgrade.exe /scheduledcheck"
+ "ttslck.job" "" "" "c:\windows\system32\mouset.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AcrSch2Svc" "Provides scheduling for Acronis components' tasks." "Acronis" "c:\program files\common files\acronis\schedule2\schedul2.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "afcdpsrv" "Provides nonstop backup for partitions of the computer." "Acronis" "c:\program files\common files\acronis\cdp\afcdpsrv.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "AVP" "Provides computer protection against viruses, dangerous software, network attacks, internet fraud and spam." "Kaspersky Lab ZAO" "c:\program files\kaspersky lab\kaspersky anti-virus 2012\avp.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "IAANTMON" "RAID Monitor" "Intel Corporation" "c:\program files\intel\intel matrix storage manager\iaantmon.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "msoidsvc" "Enables authentication to Microsoft Online Services." "Microsoft Corp." "c:\program files\common files\microsoft shared\microsoft online services\msoidsvc.exe"
+ "MySecureBackupService" "My Secure Backup Service" "My Secure Backup, Inc." "c:\program files\my secure backup\mysecurebackup.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "stllssvr" "SureThing Labelflash Disc Printer Service Module" "MicroVision Development, Inc." "c:\program files\common files\surething shared\stllssvr.exe"
+ "syncagentsrv" "Acronis Sync Agent Service" "Acronis" "c:\program files\common files\acronis\syncagent\syncagentsrv.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ADIHdAudAddService" "High Definition Audio Function Driver" "Analog Devices, Inc." "c:\windows\system32\drivers\adihdaud.sys"
+ "afcdp" "Acronis File Level CDP Helper" "Acronis" "c:\windows\system32\drivers\afcdp.sys"
+ "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
+ "cbfs3" "Callback File System Driver" "EldoS Corporation" "c:\windows\system32\drivers\cbfs3.sys"
+ "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
+ "e1kexpress" "Intel® Gigabit Adapter NDIS 5.x driver" "Intel Corporation" "c:\windows\system32\drivers\e1k5132.sys"
+ "fltsrv" "Acronis Storage Filter Management Driver" "Acronis" "c:\windows\system32\drivers\fltsrv.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "HDAudBus" "High Definition Audio Bus Driver v1.0a" "Windows ® Server 2003 DDK provider" "c:\windows\system32\drivers\hdaudbus.sys"
+ "HECI" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\heci.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "KL1" "Kaspersky Unified Driver" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\kl1.sys"
+ "kl2" "Kaspersky Unified Driver" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\kl2.sys"
+ "KLIF" "Kaspersky Lab Interceptor and Filter" "Kaspersky Lab" "c:\windows\system32\drivers\klif.sys"
+ "klim5" "Kaspersky Lab Intermediate Network Driver" "Kaspersky Lab ZAO" "c:\windows\system32\drivers\klim5.sys"
+ "klmouflt" "Kaspersky Lab Mouse Class Filter" "Kaspersky Lab" "c:\windows\system32\drivers\klmouflt.sys"
+ "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
+ "NAL" "Intel® Network Adapter Diagnostic Driver" "Intel Corporation " "c:\windows\system32\drivers\iqvw32.sys"
+ "NvtSp50" "" "" "File not found: System32\Drivers\NvtSp50.sys"
+ "Partizan" "" "" "File not found: system32\drivers\Partizan.sys"
+ "PBADRV" "PBADRV" "" "File not found: system32\DRIVERS\PBADRV.sys"
+ "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
+ "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
+ "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
+ "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
+ "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
+ "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SFAUDIO" "Sonic Focus DSP driver for ADI" "Sonic Focus, Inc" "c:\windows\system32\drivers\sfaudio.sys"
+ "snapman" "Acronis Snapshot API" "Acronis" "c:\windows\system32\drivers\snapman.sys"
+ "tdrpman" "Acronis Try&Decide Volume Filter Driver" "Acronis" "c:\windows\system32\drivers\tdrpman.sys"
+ "tib_mounter" "Acronis Backup Archive Explorer" "Acronis" "c:\windows\system32\drivers\tib_mounter.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "vididr" "Virtual Disk Driver Service" "Acronis" "c:\windows\system32\drivers\vididr.sys"
+ "vidsflt" "Acronis Virtual Disk Storage Filter" "Acronis" "c:\windows\system32\drivers\vidsflt.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam.sys"
+ "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.iac2" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch" "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claud.ax"
+ "CyberLink Audio Effect" "CyberLink Audio Effect Filter" "CyberLink Corporation" "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer" "CLAudSpa.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudspa.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\claudiocd.ax"
+ "CyberLink Demultiplexer" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\cldemuxer.ax"
+ "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clnavx.ax"
+ "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clline21.ax"
+ "Cyberlink SubTitle Importor" "CLSubTitle.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clsubtitle.ax"
+ "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clauts.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvidfx.ax"
+ "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\cyberlink\powerdvd dx\kernel\movie\clvsd.ax"
+ "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software" "Indeo® audio software" "Intel Corporation" "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter" "Intel Indeo® video 5.10" "Intel Corporation" "c:\windows\system32\ir50_32.dll"
+ "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
+ "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"
+ "klogon" "Logon Visualizer" "Kaspersky Lab ZAO" "c:\windows\system32\klogon.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "CbFs3" "Virtual Network Shares CallbackFS v3" "EldoS Corporation" "c:\windows\system32\cbfsnetrdr3.dll"

Result 3
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-14 15:43:59
-----------------------------
15:43:59.114 OS Version: Windows 5.1.2600 Service Pack 3
15:43:59.114 Number of processors: 2 586 0x170A
15:43:59.114 ComputerName: TIERRASF-406 UserName: raj
15:44:08.333 Initialze error C0000034 - driver not loaded
15:49:08.753 AVAST engine defs: 12111401
16:01:30.651 Service scanning
16:01:35.651 Service KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5
16:01:35.651 Service kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys **LOCKED** 5
16:01:35.776 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5
16:01:35.807 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5
16:01:43.354 Modules scanning
16:01:43.354 Disk 0 trace - called modules:
16:01:43.354
16:01:44.104 AVAST engine scan C:\WINDOWS
16:01:50.666 AVAST engine scan C:\WINDOWS\system32
16:02:10.352 File: C:\WINDOWS\system32\mouset.dll **INFECTED** Win32:Malware-gen
16:03:28.723 AVAST engine scan C:\WINDOWS\system32\drivers
16:03:34.239 AVAST engine scan C:\Documents and Settings\raj
16:09:37.345 AVAST engine scan C:\Documents and Settings\All Users
16:12:30.961 Scan finished successfully
16:15:01.485 The log file has been saved successfully to "C:\Documents and Settings\raj\Desktop\aswMBR.txt"

Final result same thing

#8 workitsolutions

workitsolutions
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 14 November 2012 - 04:27 PM

I should mention Malwarebytes did remove gdi325.dll which was showing up in the first screen shot.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 14 November 2012 - 04:37 PM

Go to https://www.virustotal.com/

Click on CHOOSE FILE and browse to

C:\WINDOWS\system32\mouset.dll and click ok

Click on SCAN IT option

Post the generated link here

#10 workitsolutions

workitsolutions
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 14 November 2012 - 05:05 PM

Here is the link

https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1352930593/

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 14 November 2012 - 05:06 PM

Please do similarly for this file

c:\windows\system32\cbfsmntntf3.dll

#12 workitsolutions

workitsolutions
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 14 November 2012 - 05:07 PM

I have a fresh Acronis image of the machine so we can be as intrusive as we need to be at this point.

#13 workitsolutions

workitsolutions
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 14 November 2012 - 05:08 PM

https://www.virustotal.com/file/5850c13247bdd36cb87439e9e336b08807bd181b0901e50144e8f95fbf86f320/analysis/1352930887/

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:48 PM

Posted 14 November 2012 - 05:39 PM

Press Windows+R Key and type

cmd and click ok and run these commands

cd \windows\system32
cacls mouset.dll /p guest:n


click Y

Restart the PC and let me know if you still have redirects

Edited by narenxp, 14 November 2012 - 05:39 PM.


#15 workitsolutions

workitsolutions
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:48 PM

Posted 14 November 2012 - 05:57 PM

Ok now we are talking. I ran this rebooted and tried IE and it is working as expected when using the Google search function. That was a tough one and I thank you very much for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users