Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google redirect virus and blue screen


  • Please log in to reply

#61
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
awesome.. Thanks very much for him and you ! .I am in the office right now, I will follow your instructions shortly and will let you know the result
  • 0

Advertisements


#62
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Your welcome and the epert is a she.. :thumbsup:
  • 0

#63
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I am running ubuntu on my office desktop with Win 7 VM which I used to create xPud bootable USB drive.. I first used my ubuntu to format the USB with FAT file system and then used the Win 7 VM to burn the image contents to it. But for some reason, after I select "Exit" at the end of installation, windows pops up a message saying the program might not have installed correctly...("If this program did not install correctly try reinstalling using settings that are compatible with this version of windows")

I will see if I can grab a non-VM win7 , if not I will have to try it after reaching home....
  • 0

#64
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
OK
  • 0

#65
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I tried creating xpud from 2 different win 7 computer...xpud seems to crash on boot...It says "loading boot" and then "/opt/media ready" and then it crashes...It just lands up in a blank screen doing nothing for more than 5 mins..

I tried FAT 32 USB formatting( tried both quick formatting and full formatting).. I tried in two different 1 GB USB drives..

Also I tried http://sourceforge.n...87.exe/download and also http://www.pendrivel...-easy-as-1-2-3/ ..Same result on using both of these installers...

what kinda filesystem xpud needs? I did not initiate a reboot of the computer after installation as mentioned in the instructions because of which win 7 ( in one of the computers that I tried) keeps saying "the program might not have installed correctly" ...

Please let me know if I am missing something...
  • 0

#66
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Can you boot Puppy Linux?
  • 0

#67
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I did not try it last night, but I double checked a few mins back.. I am able to boot in to puppy linux without any problems
  • 0

#68
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I did not try it last night, but I double checked a few mins back.. I am able to boot in to puppy linux without any problems
  • 0

#69
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
OK place the new mbr file on the USB drive with Puppy Linux

Boot up on Puppy Linux


Just open a terminal window on the flash drive (right click>Window>Terminal Here) where the MBRnew.txt resides.

Then in the terminal window type:

dd if=MBRnew.txt of=/dev/sda bs=512 count=1

Then press Enter

Then close the window, shutdown Puppy Linux and boot up Windows!
  • 0

#70
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I followed the instructions and this is the output from the command -
1+0 records in
1+0 records out
512 bytes(512 B) copied..

When I booted to windows again, I see blue screen.. I booted up in "Disable automatic restart on system failure" and the error codes are same as the one which I was seeing before -

0X0000007B (0XFFFFF880009A9928, 0XFFFFFFFFC0000034, 0X0000000000000000, 0X0000000000000000)

I restarted the computer after setting the SATA controller mode back to AHCI, and now I am able to successfully login to windows ............ :thumbsup: ....After a long struggle, finally made it..

Thanks a million, standing applause and hats off to you and the expert. You guys and your tech expertise really really rock !!!!!!
  • 0

Advertisements


#71
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Now let's check for malware.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt


How is your computer running?
  • 0

#72
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Computer runs ok except for the google redirect..After booting up yesterday I did not connect to internet (I did shut off my wireless adapter) and just listened to some songs on disk..

This morning, I connected to internet and I used chrome for that...First time when I typed gmail.com on the browser it redirected me to an ad..Then I closed it and typed gmail.com again and it was fine...

===========================aswMBR log =================================



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-15 08:52:38
-----------------------------
08:52:38.030 OS Version: Windows x64 6.1.7600
08:52:38.030 Number of processors: 4 586 0x2505
08:52:38.035 ComputerName: RAJAGOPALKUMAR UserName:
08:52:39.305 Initialize success
08:52:48.301 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
08:52:48.305 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
08:52:48.320 Disk 0 MBR read successfully
08:52:48.323 Disk 0 MBR scan
08:52:48.328 Disk 0 Windows 7 default MBR code
08:52:48.332 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:52:48.345 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 430758 MB offset 206848
08:52:48.383 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 882399232
08:52:48.413 Disk 0 scanning C:\windows\system32\drivers
08:52:55.225 Service scanning
08:54:00.401 Modules scanning
08:54:00.412 Disk 0 trace - called modules:
08:54:00.485 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:54:00.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d73060]
08:54:00.502 3 CLASSPNP.SYS[fffff88000e6743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004c62050]
08:54:00.510 Scan finished successfully
08:56:15.179 Disk 0 MBR has been saved successfully to "C:\Users\Rajagopal Kumar\Desktop\MBR.dat"
08:56:15.200 The log file has been saved successfully to "C:\Users\Rajagopal Kumar\Desktop\aswMBR.txt"

======================================================================================================================================

=======================================================OTL.txt========================================================================



OTL logfile created on: 8/15/2012 8:59:07 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Rajagopal Kumar\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 60.65% Memory free
7.60 Gb Paging File | 5.87 Gb Available in Paging File | 77.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.66 Gb Total Space | 320.35 Gb Free Space | 76.15% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 29.91 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: RAJAGOPALKUMAR | User Name: Rajagopal Kumar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/15 08:56:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rajagopal Kumar\Downloads\OTL.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/17 12:08:38 | 000,079,384 | ---- | M] (Google) -- C:\Users\Rajagopal Kumar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/03/18 13:57:49 | 000,453,240 | ---- | M] (http://www.express-files.com/) -- C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe
PRC - [2012/03/18 13:57:49 | 000,172,664 | ---- | M] (http://www.express-files.com/) -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe
PRC - [2012/03/01 00:35:31 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/02/03 18:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/06/01 13:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/09/08 08:51:50 | 003,122,440 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/02/18 00:26:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/01/15 17:38:46 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/23 17:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/09 14:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 14:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/11/11 16:36:54 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2009/07/14 14:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2009/07/13 18:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 21:09:00 | 000,438,296 | ---- | M] () -- C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/09 21:08:59 | 003,972,120 | ---- | M] () -- C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/09 21:07:39 | 000,554,520 | ---- | M] () -- C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/09 21:07:37 | 000,117,784 | ---- | M] () -- C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/09 21:07:22 | 000,140,328 | ---- | M] () -- C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/09 21:07:21 | 000,262,184 | ---- | M] () -- C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/09 21:07:19 | 002,386,984 | ---- | M] () -- C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 19:17:27 | 009,255,112 | ---- | M] () -- C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/06/14 08:32:32 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/14 08:32:18 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/06/14 01:37:01 | 018,000,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/14 01:36:36 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/14 01:36:31 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/14 01:36:18 | 003,858,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/14 01:36:16 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/12 03:32:47 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:31:33 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/12 03:31:25 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/12 03:31:18 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/12 03:31:17 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/12 03:31:00 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/05/12 03:23:06 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/12 03:20:42 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:20:30 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/12 03:07:23 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/12 03:07:19 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/12 03:07:18 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:07:12 | 009,091,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/12 03:07:01 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/03/01 00:35:37 | 000,115,137 | ---- | M] () -- C:\Users\Rajagopal Kumar\AppData\Local\Temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
MOD - [2012/03/01 00:35:31 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010/09/08 08:51:50 | 000,492,808 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/11 22:55:32 | 000,204,304 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/03/29 15:26:56 | 000,072,456 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe -- (UpekSrvc)
SRV:64bit: - [2010/02/18 00:26:38 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/10/21 16:47:08 | 000,047,632 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009/07/28 14:41:06 | 000,472,328 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/07/28 14:41:04 | 000,414,984 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/06/03 17:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/19 22:13:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/06/01 13:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/23 17:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/12/09 14:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 14:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/16 03:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/14 14:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 14:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/06/05 16:03:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/10 18:42:47 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/08/19 02:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/07/06 13:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/06/01 13:09:00 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/04/20 18:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/03/18 15:20:00 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/12 09:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/24 09:31:42 | 000,215,040 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs)
DRV:64bit: - [2010/02/22 16:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/20 07:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/02/10 13:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/15 18:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/14 20:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/14 20:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/14 20:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/12/17 10:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/12/08 16:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2009/11/29 22:56:00 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/10/21 16:47:00 | 000,023,568 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009/10/21 16:46:58 | 000,135,184 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009/10/19 00:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/09/17 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/15 10:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/07/21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 11:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/16 03:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 10:15:16 | 000,307,400 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/06/18 10:15:16 | 000,102,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/06/18 10:15:16 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/06/18 10:08:50 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/06 21:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/08/06 12:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/07/08 18:58:12 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys -- (A2DDA)
DRV - [2011/12/10 18:42:13 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111224.017\EX64.SYS -- (NAVEX15)
DRV - [2011/12/10 18:42:13 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/12/10 18:42:13 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/10 18:42:13 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111224.017\ENG64.SYS -- (NAVENG)
DRV - [2011/12/09 17:53:28 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111223.001\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/24 00:08:44 | 001,156,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/22 23:10:52 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=10-12-2011

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000000000000
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=10-12-2011
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@rooms.hp.com: C:\Program Files (x86)\Hewlett-Packard\HP Virutal Rooms Client Launcher Plugin\nphpvrl.dll ( )
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/12/14 23:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_10_1 [2012/08/15 08:43:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/04 23:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/14 21:42:36 | 000,000,000 | ---D | M]

[2011/11/25 17:49:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\Extensions
[2012/05/03 00:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\u8k2wabt.default\extensions
[2012/03/14 00:38:19 | 000,004,140 | ---- | M] () -- C:\Users\Rajagopal Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\u8k2wabt.default\searchplugins\youtube.xml
[2012/03/16 23:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/20 02:18:25 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\RAJAGOPAL KUMAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U8K2WABT.DEFAULT\EXTENSIONS\[email protected]
[2012/07/19 22:13:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/25 03:58:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/15 23:38:11 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/04/01 14:33:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/01 14:33:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.babylo...000000000000000
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.babylo...000000000000000
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rajagopal Kumar\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: TOEFL 1000 New Words = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceeicgdpllljlklonpkbhjighniifjij\3.5.23_0\
CHR - Extension: Google Search = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Type Scout = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj\4_0\
CHR - Extension: Cut the Rope = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\13_0\
CHR - Extension: Apple Shooter = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\3.0_0\
CHR - Extension: Apple Shooter = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingecjekeggadjbbklelffkgeppklgnm\4.0.0_0\
CHR - Extension: Typing Test - KeyHero = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm\1.4.0_0\
CHR - Extension: Island Runner = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kccnmldhohpnaahmlnafmfdigggmhaoc\2.3.1_0\
CHR - Extension: Type Fu = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.0_0\
CHR - Extension: Gmail = C:\Users\Rajagopal Kumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/10 00:07:38 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPRAService] C:\Program Files\RA2HP\HPRAService.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Lenovo\LenovoSecuritySolution FP\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [ExpressFiles] C:\Program Files (x86)\ExpressFiles\ExpressFiles.exe (http://www.express-files.com/)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [cdloader] C:\Users\Rajagopal Kumar\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: hp.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {AB01FF2E-A848-410C-B47B-CB467C476AD9} https://digitalbadge...om/hp/HPPKI.cab (HPPKI Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6C3609D-BB73-40DE-B001-61A836D7B5E0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll) - C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/10 14:42:13 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 21:42:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/06 23:53:38 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/05 16:14:45 | 000,000,000 | ---D | C] -- C:\New folder
[2012/07/28 19:23:51 | 000,000,000 | ---D | C] -- C:\Users\Rajagopal Kumar\AppData\Roaming\YourFileDownloader
[2012/07/24 20:47:25 | 000,000,000 | ---D | C] -- C:\Users\Rajagopal Kumar\AppData\Roaming\Malwarebytes
[2012/07/24 20:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/24 20:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/22 15:48:32 | 000,000,000 | ---D | C] -- C:\Users\Rajagopal Kumar\AppData\Local\Macromedia
[2012/07/16 23:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vim 7.3
[2012/07/16 23:14:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vim
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/15 08:56:15 | 000,000,512 | ---- | M] () -- C:\Users\Rajagopal Kumar\Desktop\MBR.dat
[2012/08/15 08:54:31 | 000,000,948 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000UA.job
[2012/08/15 08:54:28 | 000,002,472 | ---- | M] () -- C:\Users\Rajagopal Kumar\Desktop\Google Chrome.lnk
[2012/08/15 08:51:16 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 08:51:16 | 000,013,872 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/15 08:43:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/15 08:43:18 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 22:54:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000Core.job
[2012/08/14 21:43:03 | 000,746,794 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/14 21:43:03 | 000,638,730 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/14 21:43:03 | 000,111,746 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/14 21:38:17 | 184,832,288 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/07/21 00:37:07 | 006,917,056 | ---- | M] () -- C:\Users\Rajagopal Kumar\Desktop\Shauk Hai.mp3
[2012/07/19 01:44:29 | 000,001,168 | ---- | M] () -- C:\Users\Rajagopal Kumar\_viminfo
[2012/07/18 01:28:50 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2012/07/18 01:28:09 | 001,862,862 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\0502020.003\Cat.DB
[2012/07/16 23:18:33 | 000,000,357 | ---- | M] () -- C:\subaList
[2012/07/16 23:17:27 | 000,000,357 | ---- | M] () -- C:\subaList~
[2012/07/16 23:14:50 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\gVim Read only 7.3.lnk
[2012/07/16 23:14:50 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\gVim Easy 7.3.lnk
[2012/07/16 23:14:50 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\gVim 7.3.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/15 08:56:15 | 000,000,512 | ---- | C] () -- C:\Users\Rajagopal Kumar\Desktop\MBR.dat
[2012/07/21 00:30:31 | 006,917,056 | ---- | C] () -- C:\Users\Rajagopal Kumar\Desktop\Shauk Hai.mp3
[2012/07/16 23:17:24 | 000,000,357 | ---- | C] () -- C:\subaList~
[2012/07/16 23:17:24 | 000,000,357 | ---- | C] () -- C:\subaList
[2012/07/16 23:15:55 | 000,001,168 | ---- | C] () -- C:\Users\Rajagopal Kumar\_viminfo
[2012/07/16 23:14:50 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\gVim Read only 7.3.lnk
[2012/07/16 23:14:50 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\gVim Easy 7.3.lnk
[2012/07/16 23:14:50 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\gVim 7.3.lnk
[2012/07/08 13:51:42 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012/02/15 23:38:20 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2012/01/31 19:15:44 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/01/31 19:15:42 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/01/31 19:15:42 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/01/31 19:15:42 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/01/31 19:15:42 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011/12/10 14:20:04 | 000,009,300 | -HS- | C] () -- C:\Users\Rajagopal Kumar\AppData\Local\h4il76w5ag3ffl
[2011/12/10 14:20:04 | 000,009,300 | -HS- | C] () -- C:\ProgramData\h4il76w5ag3ffl
[2011/12/06 01:24:22 | 000,000,600 | ---- | C] () -- C:\Users\Rajagopal Kumar\AppData\Local\PUTTY.RND
[2011/11/23 12:34:04 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/15 17:26:24 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2011/03/15 17:26:24 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2011/03/15 17:26:23 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/03/15 17:26:22 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/03/15 17:26:21 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/02/09 21:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini
[2010/09/08 08:52:25 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2010/09/08 08:51:54 | 002,110,728 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2010/09/08 08:51:54 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2010/09/08 08:51:43 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2010/09/08 08:41:32 | 000,001,305 | ---- | C] () -- C:\windows\vm331Rmv.ini

========== LOP Check ==========

[2012/07/15 14:42:46 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\.purple
[2012/02/15 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\Babylon
[2012/08/15 08:46:31 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\ExpressFiles
[2012/05/30 10:31:16 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\mjusbsp
[2012/07/15 12:46:47 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\Nitro PDF
[2012/05/30 11:16:29 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\OpenCandy
[2012/05/30 11:22:18 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\PrimoPDF
[2011/11/23 09:20:30 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\Protector Suite
[2012/03/01 00:34:38 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\Samsung
[2012/02/19 00:34:41 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\TeamViewer
[2012/02/15 23:53:01 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\Thinstall
[2011/12/10 16:56:11 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\Tific
[2012/07/02 02:09:58 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\uTorrent
[2012/07/28 19:23:51 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\YourFileDownloader
[2012/07/13 20:36:04 | 000,032,626 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2012/04/14 13:29:23 | 000,000,094 | --S- | M] () MD5=10984DC1D5B3DF7C7F7EF86F673D8135 -- C:\cygwin\etc\services
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/07/27 13:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/07/07 01:15:11 | 000,000,351 | ---- | M] () MD5=ABE8358FCF33B21B069A35796484DF35 -- C:\Users\Rajagopal Kumar\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8XQFGH4Y\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.VIM >
[2010/10/27 08:44:14 | 000,000,459 | ---- | M] () MD5=193ED9B27B25456FBE50E6111B8E6770 -- C:\Program Files (x86)\Vim\vim73\ftplugin\services.vim
[2010/10/27 08:42:50 | 000,001,865 | ---- | M] () MD5=A17575F0BA54E8FB1148DDFC2361D776 -- C:\Program Files (x86)\Vim\vim73\syntax\services.vim

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< End of report >


=========================================================================================================================================


=======================================================Extras.txt=======================================================================


OTL Extras logfile created on: 8/15/2012 8:59:07 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Rajagopal Kumar\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 60.65% Memory free
7.60 Gb Paging File | 5.87 Gb Available in Paging File | 77.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420.66 Gb Total Space | 320.35 Gb Free Space | 76.15% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 29.91 Gb Free Space | 99.70% Space Free | Partition Type: NTFS

Computer Name: RAJAGOPALKUMAR | User Name: Rajagopal Kumar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0F841121-4DB6-4B31-839F-7F5AB3BB3423}" = Lenovo Security Solution FP
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{496549B1-74EF-4E42-87F5-AE2E37EB5F82}" = Perforce Visual Components
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EE61784-10C6-4B7C-A0B2-5BED17B05741}" = Oracle VM VirtualBox 4.1.18
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7B72A3FB-2563-4A83-B054-98C57415DFFA}" = Nitro Reader 2
"{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{9F150026-E7A4-47D9-B0E2-7666EEC54AA6}" = Remote Access to HP Network 6.2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"7341A1B43E7FE58942EB1E820A17C18305DFBCE6" = Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)
"85CE3A3657FAE5FD305B143E90E6FC89BA53001C" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vim 7.3" = Vim 7.3 (self-installing)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 (Beta)
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83A5D4E9-7FE6-336D-9525-F1C879496014}" = Google Talk Plugin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{C0847D30-4B8A-11E0-98C0-80E2DED72085}" = HP Virtual Rooms Client Launcher Plugin
"{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F493761C-E465-4B9E-9FC1-A312F161DE0A}" = Active Protection System
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Toolbar" = AOL Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"InstallShield_{EE43894E-FDCF-4A8C-BCD6-3AAA9A48B486}" = Kies mini
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton Security Suite
"Pidgin" = Pidgin
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AOL Toolbar" = AOL Toolbar
"ExpressFiles" = ExpressFiles
"Google Chrome" = Google Chrome
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2012 12:28:52 AM | Computer Name = RajagopalKumar | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 12:28:52 AM | Computer Name = RajagopalKumar | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 12:28:52 AM | Computer Name = RajagopalKumar | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 12:28:52 AM | Computer Name = RajagopalKumar | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 11:21:32 PM | Computer Name = RajagopalKumar | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 11:22:45 PM | Computer Name = RajagopalKumar | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/10/2012 11:22:45 PM | Computer Name = RajagopalKumar | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 6/11/2012 4:16:24 AM | Computer Name = RajagopalKumar | Source = Application Error | ID = 1000
Description = Faulting application name: LogonUI.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc8ba Faulting module name: ImageReog.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4a279cc4 Exception code: 0xc0000005 Fault offset: 0x0000000180006b10
Faulting
process id: 0x83c Faulting application start time: 0x01cd479502d688b9 Faulting application
path: C:\windows\system32\LogonUI.exe Faulting module path: ImageReog.dll Report
Id: bb3a0a41-b39d-11e1-b0ce-f07bcbf7ba3f

Error - 6/16/2012 5:07:50 PM | Computer Name = RajagopalKumar | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385,
time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7600.16385,
time stamp: 0x4a5be07e Exception code: 0xc0000005 Fault offset: 0x0000000000009604
Faulting
process id: 0x20c Faulting application start time: 0x01cd4b0cc411ce22 Faulting application
path: C:\windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll
Report
Id: 543fd18f-b7f7-11e1-88dc-f07bcbf7ba3f

Error - 6/20/2012 12:37:28 AM | Computer Name = RajagopalKumar | Source = RasClient | ID = 20227
Description =

Error - 7/11/2012 4:50:25 AM | Computer Name = RajagopalKumar | Source = Windows Search Service | ID = 3007
Description =

[ System Events ]
Error - 4/2/2012 5:22:38 AM | Computer Name = RajagopalKumar | Source = SCardSvr | ID = 610
Description =

Error - 4/2/2012 5:22:38 AM | Computer Name = RajagopalKumar | Source = SCardSvr | ID = 610
Description =

Error - 4/2/2012 5:23:45 AM | Computer Name = RajagopalKumar | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 4/2/2012 5:23:45 AM | Computer Name = RajagopalKumar | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 4/2/2012 5:23:58 AM | Computer Name = RajagopalKumar | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 4/2/2012 5:23:58 AM | Computer Name = RajagopalKumar | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
error: %%2

Error - 4/2/2012 5:24:31 AM | Computer Name = RajagopalKumar | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel®
Rapid Storage Technology service to connect.

Error - 4/2/2012 5:24:31 AM | Computer Name = RajagopalKumar | Source = Service Control Manager | ID = 7000
Description = The Intel® Rapid Storage Technology service failed to start due
to the following error: %%1053

Error - 4/2/2012 5:24:31 AM | Computer Name = RajagopalKumar | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/2/2012 5:24:55 AM | Computer Name = RajagopalKumar | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >

=========================================================================================================================================
  • 0

#73
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Step 1.

You have the P2P program uTorrent installed, this is a highway into your computer for malware.

Please uninstall uTorrent before the next steps.


Step 2.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000000000000
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    [2012/02/25 03:58:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/15 23:38:11 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    [2011/12/10 14:20:04 | 000,009,300 | -HS- | C] () -- C:\Users\Rajagopal Kumar\AppData\Local\h4il76w5ag3ffl
    [2011/12/10 14:20:04 | 000,009,300 | -HS- | C] () -- C:\ProgramData\h4il76w5ag3ffl
    [2012/02/15 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\Babylon
    [2012/05/30 11:16:29 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\OpenCandy
    [2012/07/02 02:09:58 | 000,000,000 | ---D | M] -- C:\Users\Rajagopal Kumar\AppData\Roaming\uTorrent
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 3.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to something problems. Simply reboot the computer.


Step 4.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 5.

Please post:

OTL fix log
ComboFix.txt
TDSSKiller log


Give me an update on the computer performance especially redirects.
  • 0

#74
rajagopal

rajagopal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
I uninstalled the P2P program..

I ran OTL on normal mode and right after pushing the FIX button, my computer froze and showed up a SYSTEM_SERVICE_EXCEPTION blue screen and did restart itself..
When it restarted it gave me Safe Mode , Safe Mode with * , Normal mode..I ran OTL in Safe mode with networking..

When running combo fix, it asked me rto disable microsoft security essentials even though the service has been completely stopped .. I double checked that the service is not running and then ran the Combo fix by clicking OK to the
warnings...
Also while it was running it popped up a message saying " a device attached to this machine is not working C:\System32\drivers\GFXui.exe (I think this is the right path.. But I am pretty sure about the file name though)

Also TDSKiller popped up a suspicious object and chose to skip..Please see below for the logs..

Did some searches from the address bar of chrome and all of them ended up in the right google search page instead of the redirects...

======================================================OTL Log==========================================================================


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
File C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
File C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\Users\Rajagopal Kumar\AppData\Local\h4il76w5ag3ffl not found.
File C:\ProgramData\h4il76w5ag3ffl not found.
C:\Users\Rajagopal Kumar\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Rajagopal Kumar\AppData\Roaming\OpenCandy\OpenCandy_23873ED31E234D029BA26799854D1922 folder moved successfully.
C:\Users\Rajagopal Kumar\AppData\Roaming\OpenCandy\OpenCandy_1EBF8203BA6546F298364CAE08848681 folder moved successfully.
C:\Users\Rajagopal Kumar\AppData\Roaming\OpenCandy\23873ED31E234D029BA26799854D1922 folder moved successfully.
C:\Users\Rajagopal Kumar\AppData\Roaming\OpenCandy\1EBF8203BA6546F298364CAE08848681 folder moved successfully.
C:\Users\Rajagopal Kumar\AppData\Roaming\OpenCandy folder moved successfully.
C:\Users\Rajagopal Kumar\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Rajagopal Kumar\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Rajagopal Kumar\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Rajagopal Kumar\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rajagopal Kumar\Downloads\cmd.bat deleted successfully.
C:\Users\Rajagopal Kumar\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rajagopal Kumar
->Temp folder emptied: 340803744 bytes
->Temporary Internet Files folder emptied: 186140504 bytes
->Java cache emptied: 389343 bytes
->FireFox cache emptied: 1116910048 bytes
->Google Chrome cache emptied: 7926290 bytes
->Flash cache emptied: 35711 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1708352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 227419408 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 9272337665 bytes

Total Files Cleaned = 10,637.00 mb

Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.57.0 log created on 08152012_183805



========================================================================================================================================



============================================================COMBO FIX LOG===============================================================


ComboFix 12-08-15.01 - Rajagopal Kumar 08/15/2012 19:02:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2658 [GMT -7:00]
Running from: c:\users\Rajagopal Kumar\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\muzapp.exe
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 01:30 . 2012-08-16 01:30 -------- d-----w- C:\_OTL
2012-08-07 06:53 . 2012-08-07 06:53 -------- d-----w- C:\FRST
2012-08-05 23:14 . 2012-08-05 23:14 -------- d-----w- C:\New folder
2012-07-29 02:23 . 2012-07-29 02:23 -------- d-----w- c:\users\Rajagopal Kumar\AppData\Roaming\YourFileDownloader
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-25 03:47 . 2012-08-04 05:06 -------- d-----w- c:\users\Rajagopal Kumar\AppData\Roaming\Malwarebytes
2012-07-25 03:47 . 2012-07-25 03:47 -------- d-----w- c:\programdata\Malwarebytes
2012-07-25 03:47 . 2012-08-05 05:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-22 22:48 . 2012-07-22 22:48 -------- d-----w- c:\users\Rajagopal Kumar\AppData\Local\Macromedia
2012-07-21 19:52 . 2012-07-21 19:52 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFC5D285-8484-497C-931C-0B0C7D578EC8}\offreg.dll
2012-07-21 07:01 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AFC5D285-8484-497C-931C-0B0C7D578EC8}\mpengine.dll
2012-07-20 05:22 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-17 06:14 . 2012-07-17 06:14 -------- d-----w- c:\program files (x86)\Vim
2012-07-17 05:35 . 2012-07-18 08:27 -------- d-----w- c:\windows\system32\drivers\N360x64\0502020.003
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 03:02 . 2012-07-11 08:54 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-11 06:04 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 06:04 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 06:04 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 06:04 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 06:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 23:03 . 2012-07-14 05:31 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-06-05 23:03 . 2012-07-14 05:31 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-06-05 23:03 . 2012-06-05 23:03 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-06-05 23:03 . 2012-06-05 23:03 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-06-05 23:02 . 2012-06-05 23:02 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-06-02 22:19 . 2012-06-19 06:02 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 06:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 06:02 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 06:02 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 06:02 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 06:02 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 06:02 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 06:02 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 06:02 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-11 08:50 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 08:50 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 08:50 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 08:50 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 08:50 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 08:50 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 08:50 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 08:50 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 08:50 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 08:50 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 08:50 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 08:50 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 08:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 08:50 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 08:50 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 08:50 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 08:50 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 08:50 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 08:50 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:38 . 2012-07-11 06:04 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 06:04 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 06:04 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 06:04 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 06:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 06:04 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 06:04 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 06:04 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 06:04 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2011-12-14 22:03 1189888 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2011-12-14 22:03 1189888 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2011-12-14 22:03 1189888 ----a-w- c:\program files\Perforce\p4exp.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-02-04 943504]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-01 21416]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"cdloader"="c:\users\Rajagopal Kumar\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-16 536576]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2009-11-11 167008]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2010-09-08 3122440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-02-04 3508624]
"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-03-18 453240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 164904]
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-2-18 1083680]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-30 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-16 39008]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-21 23568]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-07-09 23208]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-11-24 1156216]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111223.001\IDSvia64.sys [2011-12-10 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-06-05 224088]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-06-05 130904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-04-12 204304]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S2 UpekSrvc;Upek Service;c:\program files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe [2010-03-29 72456]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-06-01 609904]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-30 53800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-11 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-06-05 147288]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-06-05 166232]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-02-24 215040]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000Core.job
- c:\users\Rajagopal Kumar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 01:07]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2180650751-2005149398-3877183700-1000UA.job
- c:\users\Rajagopal Kumar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 01:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPCheckoutOverlay]
@="{80E008A4-EAE7-4867-AEB0-1A245F070F25}"
[HKEY_CLASSES_ROOT\CLSID\{80E008A4-EAE7-4867-AEB0-1A245F070F25}]
2011-12-14 22:03 1447424 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPSyncdOverlay]
@="{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}"
[HKEY_CLASSES_ROOT\CLSID\{ADF262C1-E8FE-49BE-AD63-F77CD4A6CCD9}]
2011-12-14 22:03 1447424 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\P4EXPUpdateOverlay]
@="{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}"
[HKEY_CLASSES_ROOT\CLSID\{C550CDA2-37D7-4838-A9D7-65ECB1EB5AB2}]
2011-12-14 22:03 1447424 ----a-w- c:\program files\Perforce\p4exp64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2010-03-29 22:25 5947656 ----a-w- c:\program files\Lenovo\LenovoSecuritySolution FP\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2010-03-29 22:25 5947656 ----a-w- c:\program files\Lenovo\LenovoSecuritySolution FP\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-09-08 15:51 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-06 908320]
"TpShocks"="c:\windows\System32\TpShocks.exe" [2009-09-02 231264]
"PSQLLauncher"="c:\program files\Lenovo\LenovoSecuritySolution FP\launcher.exe" [2010-03-29 84744]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-03-12 4448704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-12 7056832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-26 410648]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-04 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-04 483880]
"HPRAService"="c:\program files\RA2HP\HPRAService.exe" [2010-04-01 126464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: hp.com
TCP: DhcpNameServer = 10.23.0.1
FF - ProfilePath - c:\users\Rajagopal Kumar\AppData\Roaming\Mozilla\Firefox\Profiles\u8k2wabt.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.BabylonToolbar_i.babTrack, tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - f2f8102e000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.hardId - f2f8102e000000000000000000000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15386
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Malwarebytes' Anti-Malware - c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-MsMpSvc
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Default) - (no file)
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files (x86)\Malwarebytes' Anti-Malware\unins000.exe
AddRemove-ExpressFiles - c:\program files (x86)\ExpressFiles\uninstall.exe
.
.
"ImagePath"="system32\DRIVERS\btwrchid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\C:/Program Files/Perforce/P4VResources/p4d.exe]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\C:/Program Files/Perforce/P4VResources/p4ob.exe]
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2012-08-15 19:21:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 02:21
.
Pre-Run: 356,663,648,256 bytes free
Post-Run: 356,244,942,848 bytes free
.
- - End Of File - - 9235A7CD7DBEA833C2C880577C7B9CE1



========================================================================================================================================


======================================================TDSSKILLER LOG====================================================================

19:27:03.0052 3580 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
19:27:03.0788 3580 ============================================================
19:27:03.0789 3580 Current date / time: 2012/08/15 19:27:03.0788
19:27:03.0789 3580 SystemInfo:
19:27:03.0789 3580
19:27:03.0789 3580 OS Version: 6.1.7600 ServicePack: 0.0
19:27:03.0789 3580 Product type: Workstation
19:27:03.0789 3580 ComputerName: RAJAGOPALKUMAR
19:27:03.0789 3580 UserName: Rajagopal Kumar
19:27:03.0789 3580 Windows directory: C:\windows
19:27:03.0789 3580 System windows directory: C:\windows
19:27:03.0789 3580 Running under WOW64
19:27:03.0789 3580 Processor architecture: Intel x64
19:27:03.0789 3580 Number of processors: 4
19:27:03.0789 3580 Page size: 0x1000
19:27:03.0789 3580 Boot type: Normal boot
19:27:03.0789 3580 ============================================================
19:27:04.0503 3580 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:27:04.0513 3580 ============================================================
19:27:04.0513 3580 \Device\Harddisk0\DR0:
19:27:04.0513 3580 MBR partitions:
19:27:04.0513 3580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:27:04.0513 3580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x34953000
19:27:04.0513 3580 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34985800, BlocksNum 0x3C00000
19:27:04.0513 3580 ============================================================
19:27:04.0531 3580 C: <-> \Device\Harddisk0\DR0\Partition2
19:27:04.0642 3580 D: <-> \Device\Harddisk0\DR0\Partition3
19:27:04.0642 3580 ============================================================
19:27:04.0642 3580 Initialize success
19:27:04.0642 3580 ============================================================
19:27:16.0880 0936 ============================================================
19:27:16.0880 0936 Scan started
19:27:16.0881 0936 Mode: Manual; SigCheck; TDLFS;
19:27:16.0881 0936 ============================================================
19:27:17.0672 0936 ================ Scan services =============================
19:27:17.0833 0936 [ 0f348233bd4d326fa513cafb85a9306d ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
19:27:17.0949 0936 1394ohci - ok
19:27:18.0133 0936 [ 3044d0f3feb9ffe8bc953d8f34b5b504 ] A2DDA C:\Users\Rajagopal Kumar\Desktop\EmsisoftEmergencyKit\Run\a2ddax64.sys
19:27:18.0162 0936 A2DDA - ok
19:27:18.0257 0936 [ 5e8efeb338deb1f485420b090fe6c85e ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
19:27:18.0284 0936 ac.sharedstore - ok
19:27:18.0319 0936 [ b17fc92e0cbce7c0c3f657b866ec7704 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
19:27:18.0355 0936 ACPI - ok
19:27:18.0386 0936 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
19:27:18.0440 0936 AcpiPmi - ok
19:27:18.0505 0936 [ dc201246a14cb3b274df59faf539ab07 ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
19:27:18.0524 0936 ACPIVPC - ok
19:27:18.0676 0936 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:27:18.0696 0936 AdobeARMservice - ok
19:27:18.0815 0936 AdobeFlashPlayerUpdateSvc - ok
19:27:18.0870 0936 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
19:27:18.0910 0936 adp94xx - ok
19:27:18.0958 0936 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
19:27:18.0992 0936 adpahci - ok
19:27:19.0022 0936 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
19:27:19.0051 0936 adpu320 - ok
19:27:19.0078 0936 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:27:19.0173 0936 AeLookupSvc - ok
19:27:19.0246 0936 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\windows\system32\drivers\afd.sys
19:27:19.0316 0936 AFD - ok
19:27:19.0361 0936 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
19:27:19.0385 0936 agp440 - ok
19:27:19.0423 0936 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\windows\System32\alg.exe
19:27:19.0451 0936 ALG - ok
19:27:19.0520 0936 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
19:27:19.0542 0936 aliide - ok
19:27:19.0548 0936 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\windows\system32\DRIVERS\amdide.sys
19:27:19.0570 0936 amdide - ok
19:27:19.0595 0936 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
19:27:19.0645 0936 AmdK8 - ok
19:27:19.0666 0936 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
19:27:19.0706 0936 AmdPPM - ok
19:27:19.0754 0936 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:27:19.0780 0936 amdsata - ok
19:27:19.0823 0936 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
19:27:19.0853 0936 amdsbs - ok
19:27:19.0884 0936 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\windows\system32\drivers\amdxata.sys
19:27:19.0906 0936 amdxata - ok
19:27:19.0944 0936 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\windows\system32\drivers\appid.sys
19:27:20.0002 0936 AppID - ok
19:27:20.0035 0936 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:27:20.0112 0936 AppIDSvc - ok
19:27:20.0124 0936 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\windows\System32\appinfo.dll
19:27:20.0167 0936 Appinfo - ok
19:27:20.0239 0936 [ c484f8ceb1717c540242531db7845c4e ] arc C:\windows\system32\DRIVERS\arc.sys
19:27:20.0264 0936 arc - ok
19:27:20.0270 0936 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
19:27:20.0296 0936 arcsas - ok
19:27:20.0313 0936 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:27:20.0394 0936 AsyncMac - ok
19:27:20.0412 0936 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\windows\system32\DRIVERS\atapi.sys
19:27:20.0435 0936 atapi - ok
19:27:20.0486 0936 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:27:20.0578 0936 AudioEndpointBuilder - ok
19:27:20.0606 0936 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\windows\System32\Audiosrv.dll
19:27:20.0696 0936 AudioSrv - ok
19:27:20.0738 0936 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\windows\System32\AxInstSV.dll
19:27:20.0795 0936 AxInstSV - ok
19:27:20.0849 0936 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
19:27:20.0901 0936 b06bdrv - ok
19:27:20.0977 0936 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:27:21.0031 0936 b57nd60a - ok
19:27:21.0095 0936 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\windows\System32\bdesvc.dll
19:27:21.0140 0936 BDESVC - ok
19:27:21.0175 0936 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:27:21.0274 0936 Beep - ok
19:27:21.0346 0936 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\windows\System32\bfe.dll
19:27:21.0450 0936 BFE - ok
19:27:21.0665 0936 [ 82c695630676079f7ad68c85a5e662e5 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys
19:27:21.0720 0936 BHDrvx64 - ok
19:27:21.0758 0936 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:27:21.0808 0936 blbdrive - ok
19:27:21.0844 0936 [ 19d20159708e152267e53b66677a4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:27:21.0892 0936 bowser - ok
19:27:21.0942 0936 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
19:27:21.0972 0936 BrFiltLo - ok
19:27:21.0990 0936 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
19:27:22.0019 0936 BrFiltUp - ok
19:27:22.0055 0936 [ 34f786535f9245e4028c57b28248c9d8 ] Bridge0 C:\windows\system32\drivers\WDBridge.sys
19:27:22.0075 0936 Bridge0 - ok
19:27:22.0104 0936 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
19:27:22.0183 0936 BridgeMP - ok
19:27:22.0215 0936 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\windows\System32\browser.dll
19:27:22.0292 0936 Browser - ok
19:27:22.0324 0936 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:27:22.0381 0936 Brserid - ok
19:27:22.0388 0936 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:27:22.0427 0936 BrSerWdm - ok
19:27:22.0434 0936 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:27:22.0476 0936 BrUsbMdm - ok
19:27:22.0482 0936 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:27:22.0518 0936 BrUsbSer - ok
19:27:22.0582 0936 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
19:27:22.0631 0936 BthEnum - ok
19:27:22.0682 0936 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:27:22.0737 0936 BTHMODEM - ok
19:27:22.0769 0936 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:27:22.0820 0936 BthPan - ok
19:27:22.0900 0936 [ 21084ceb85280468c9aca3c805c0f8cf ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
19:27:22.0953 0936 BTHPORT - ok
19:27:23.0005 0936 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\windows\system32\bthserv.dll
19:27:23.0103 0936 bthserv - ok
19:27:23.0141 0936 [ 8504842634dd144c075b6b0c982ccec4 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
19:27:23.0189 0936 BTHUSB - ok
19:27:23.0226 0936 [ d3466f77c2c49c6e393ba5fba963a33e ] btusbflt C:\windows\system32\drivers\btusbflt.sys
19:27:23.0245 0936 btusbflt - ok
19:27:23.0283 0936 [ a72a9101f9730db7332714e566614e4d ] btwaudio C:\windows\system32\drivers\btwaudio.sys
19:27:23.0304 0936 btwaudio - ok
19:27:23.0316 0936 [ 5ceec634b617525f2b6ad29f871033f7 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
19:27:23.0338 0936 btwavdt - ok
19:27:23.0440 0936 [ 1ba00f5a3012365cb5b1a5dbabc1943c ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
19:27:23.0492 0936 btwdins - ok
19:27:23.0507 0936 [ 6149301dc3f81d6f9667a3fbac410975 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
19:27:23.0523 0936 btwl2cap - ok
19:27:23.0566 0936 [ 2af5604d28bef77b7cf4b9d232fe7cd3 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
19:27:23.0584 0936 btwrchid - ok
19:27:23.0603 0936 catchme - ok
19:27:23.0629 0936 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:27:23.0733 0936 cdfs - ok
19:27:23.0769 0936 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:27:23.0819 0936 cdrom - ok
19:27:23.0862 0936 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\windows\System32\certprop.dll
19:27:23.0958 0936 CertPropSvc - ok
19:27:23.0997 0936 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\windows\system32\DRIVERS\circlass.sys
19:27:24.0046 0936 circlass - ok
19:27:24.0101 0936 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\windows\system32\CLFS.sys
19:27:24.0136 0936 CLFS - ok
19:27:24.0204 0936 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:27:24.0227 0936 clr_optimization_v2.0.50727_32 - ok
19:27:24.0267 0936 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:27:24.0289 0936 clr_optimization_v2.0.50727_64 - ok
19:27:24.0358 0936 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:27:24.0381 0936 clr_optimization_v4.0.30319_32 - ok
19:27:24.0448 0936 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:27:24.0470 0936 clr_optimization_v4.0.30319_64 - ok
19:27:24.0492 0936 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:27:24.0538 0936 CmBatt - ok
19:27:24.0579 0936 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
19:27:24.0601 0936 cmdide - ok
19:27:24.0649 0936 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\windows\system32\Drivers\cng.sys
19:27:24.0698 0936 CNG - ok
19:27:24.0730 0936 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:27:24.0752 0936 Compbatt - ok
19:27:24.0793 0936 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:27:24.0843 0936 CompositeBus - ok
19:27:24.0869 0936 COMSysApp - ok
19:27:24.0904 0936 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
19:27:24.0927 0936 crcdisk - ok
19:27:24.0973 0936 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\windows\system32\cryptsvc.dll
19:27:25.0001 0936 CryptSvc - ok
19:27:25.0047 0936 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\windows\system32\rpcss.dll
19:27:25.0134 0936 DcomLaunch - ok
19:27:25.0166 0936 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\windows\System32\defragsvc.dll
19:27:25.0248 0936 defragsvc - ok
19:27:25.0278 0936 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:27:25.0318 0936 DfsC - ok
19:27:25.0347 0936 dgderdrv - ok
19:27:25.0386 0936 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\windows\system32\dhcpcore.dll
19:27:25.0443 0936 Dhcp - ok
19:27:25.0471 0936 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\windows\system32\drivers\discache.sys
19:27:25.0567 0936 discache - ok
19:27:25.0612 0936 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\windows\system32\DRIVERS\disk.sys
19:27:25.0637 0936 Disk - ok
19:27:25.0674 0936 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\windows\System32\dnsrslvr.dll
19:27:25.0716 0936 Dnscache - ok
19:27:25.0758 0936 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\windows\System32\dot3svc.dll
19:27:25.0857 0936 dot3svc - ok
19:27:25.0893 0936 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\windows\system32\dps.dll
19:27:25.0996 0936 DPS - ok
19:27:26.0046 0936 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:27:26.0076 0936 drmkaud - ok
19:27:26.0152 0936 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:27:26.0207 0936 DXGKrnl - ok
19:27:26.0239 0936 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\windows\System32\eapsvc.dll
19:27:26.0336 0936 EapHost - ok
19:27:26.0445 0936 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
19:27:26.0604 0936 ebdrv - ok
19:27:26.0677 0936 [ 5ccf1be80930aeb1cdebf561666325e8 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:27:26.0709 0936 eeCtrl - ok
19:27:26.0745 0936 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\windows\System32\lsass.exe
19:27:26.0769 0936 EFS - ok
19:27:26.0858 0936 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:27:26.0922 0936 ehRecvr - ok
19:27:26.0977 0936 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\windows\ehome\ehsched.exe
19:27:27.0005 0936 ehSched - ok
19:27:27.0052 0936 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
19:27:27.0094 0936 elxstor - ok
19:27:27.0132 0936 [ 7a898e4a744621711be7e7b796c69876 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:27:27.0154 0936 EraserUtilRebootDrv - ok
19:27:27.0170 0936 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
19:27:27.0217 0936 ErrDev - ok
19:27:27.0278 0936 esgiguard - ok
19:27:27.0323 0936 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\windows\system32\es.dll
19:27:27.0406 0936 EventSystem - ok
19:27:27.0423 0936 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\windows\system32\drivers\exfat.sys
19:27:27.0524 0936 exfat - ok
19:27:27.0550 0936 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\windows\system32\drivers\fastfat.sys
19:27:27.0631 0936 fastfat - ok
19:27:27.0658 0936 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\windows\system32\fxssvc.exe
19:27:27.0724 0936 Fax - ok
19:27:27.0770 0936 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\windows\system32\DRIVERS\fdc.sys
19:27:27.0812 0936 fdc - ok
19:27:27.0852 0936 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\windows\system32\fdPHost.dll
19:27:27.0927 0936 fdPHost - ok
19:27:27.0946 0936 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:27:28.0043 0936 FDResPub - ok
19:27:28.0066 0936 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:27:28.0090 0936 FileInfo - ok
19:27:28.0116 0936 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:27:28.0191 0936 Filetrace - ok
19:27:28.0212 0936 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
19:27:28.0237 0936 flpydisk - ok
19:27:28.0260 0936 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:27:28.0293 0936 FltMgr - ok
19:27:28.0349 0936 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\windows\system32\FntCache.dll
19:27:28.0443 0936 FontCache - ok
19:27:28.0497 0936 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:27:28.0515 0936 FontCache3.0.0.0 - ok
19:27:28.0537 0936 [ d43703496149971890703b4b1b723eac ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:27:28.0561 0936 FsDepends - ok
19:27:28.0607 0936 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:27:28.0629 0936 Fs_Rec - ok
19:27:28.0659 0936 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:27:28.0694 0936 fvevol - ok
19:27:28.0738 0936 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
19:27:28.0762 0936 gagp30kx - ok
19:27:28.0812 0936 [ af4dee5531395dee72b35b36c9671fd0 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:27:28.0833 0936 GEARAspiWDM - ok
19:27:28.0888 0936 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\windows\System32\gpsvc.dll
19:27:28.0968 0936 gpsvc - ok
19:27:29.0043 0936 [ 1d19918788921253843f2b669f4c7f52 ] hcmon C:\windows\system32\drivers\hcmon.sys
19:27:29.0062 0936 hcmon - ok
19:27:29.0096 0936 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:27:29.0139 0936 hcw85cir - ok
19:27:29.0197 0936 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:27:29.0252 0936 HdAudAddService - ok
19:27:29.0282 0936 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:27:29.0335 0936 HDAudBus - ok
19:27:29.0368 0936 [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:27:29.0388 0936 HECIx64 - ok
19:27:29.0408 0936 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
19:27:29.0433 0936 HidBatt - ok
19:27:29.0442 0936 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
19:27:29.0497 0936 HidBth - ok
19:27:29.0503 0936 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
19:27:29.0548 0936 HidIr - ok
19:27:29.0588 0936 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\windows\System32\hidserv.dll
19:27:29.0686 0936 hidserv - ok
19:27:29.0732 0936 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:27:29.0778 0936 HidUsb - ok
19:27:29.0834 0936 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
19:27:29.0932 0936 hkmsvc - ok
19:27:29.0965 0936 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:27:30.0013 0936 HomeGroupListener - ok
19:27:30.0045 0936 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:27:30.0099 0936 HomeGroupProvider - ok
19:27:30.0143 0936 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
19:27:30.0168 0936 HpSAMD - ok
19:27:30.0197 0936 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:27:30.0311 0936 HTTP - ok
19:27:30.0347 0936 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:27:30.0369 0936 hwpolicy - ok
19:27:30.0396 0936 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:27:30.0423 0936 i8042prt - ok
19:27:30.0462 0936 [ 42e00996dfc13c46366689c0ea8abc5e ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:27:30.0496 0936 iaStor - ok
19:27:30.0542 0936 [ 48362e5db5cb2c000c514ee1f3890acd ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:27:30.0560 0936 IAStorDataMgrSvc - ok
19:27:30.0592 0936 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:27:30.0629 0936 iaStorV - ok
19:27:30.0688 0936 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:27:30.0744 0936 idsvc - ok
19:27:30.0830 0936 [ 0b97f1a640ad3d159a7b5d2164c42e50 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111223.001\IDSvia64.sys
19:27:30.0862 0936 IDSVia64 - ok
19:27:31.0103 0936 [ 898ab5bfed7040d7ab07af01885eb944 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:27:31.0534 0936 igfx - ok
19:27:31.0621 0936 [ d951d20153e51928f9db2227d6ff5c7a ] IGRS C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
19:27:31.0637 0936 IGRS - ok
19:27:31.0674 0936 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
19:27:31.0698 0936 iirsp - ok
19:27:31.0759 0936 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\windows\System32\ikeext.dll
19:27:31.0860 0936 IKEEXT - ok
19:27:31.0889 0936 [ 4b6363cd4610bb848531bb260b15dfcc ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
19:27:31.0912 0936 Impcd - ok
19:27:32.0003 0936 [ 0adf714079ae174a39d69036143e4c50 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:27:32.0094 0936 IntcAzAudAddService - ok
19:27:32.0130 0936 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\windows\system32\DRIVERS\intelide.sys
19:27:32.0153 0936 intelide - ok
19:27:32.0186 0936 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:27:32.0227 0936 intelppm - ok
19:27:32.0286 0936 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:27:32.0387 0936 IPBusEnum - ok
19:27:32.0423 0936 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:27:32.0501 0936 IpFilterDriver - ok
19:27:32.0551 0936 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:27:32.0637 0936 iphlpsvc - ok
19:27:32.0668 0936 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
19:27:32.0710 0936 IPMIDRV - ok
19:27:32.0748 0936 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:27:32.0852 0936 IPNAT - ok
19:27:32.0880 0936 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:27:32.0914 0936 IRENUM - ok
19:27:32.0926 0936 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
19:27:32.0949 0936 isapnp - ok
19:27:32.0971 0936 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
19:27:33.0002 0936 iScsiPrt - ok
19:27:33.0014 0936 [ 7dbafe10c1b777305c80bea42fbda710 ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
19:27:33.0062 0936 k57nd60a - ok
19:27:33.0097 0936 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:27:33.0120 0936 kbdclass - ok
19:27:33.0158 0936 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
19:27:33.0202 0936 kbdhid - ok
19:27:33.0224 0936 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\windows\system32\lsass.exe
19:27:33.0248 0936 KeyIso - ok
19:27:33.0285 0936 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:27:33.0311 0936 KSecDD - ok
19:27:33.0323 0936 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:27:33.0351 0936 KSecPkg - ok
19:27:33.0391 0936 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:27:33.0488 0936 ksthunk - ok
19:27:33.0539 0936 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\windows\system32\msdtckrm.dll
19:27:33.0646 0936 KtmRm - ok
19:27:33.0689 0936 [ 55480b9c63f3f91a8ebbadcbf28fe581 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
19:27:33.0710 0936 L1C - ok
19:27:33.0759 0936 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\windows\System32\srvsvc.dll
19:27:33.0803 0936 LanmanServer - ok
19:27:33.0834 0936 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:27:33.0938 0936 LanmanWorkstation - ok
19:27:34.0003 0936 [ 4f83c51720243d6016e6ecd0f2e1b274 ] Lenovo ReadyComm AppSvc C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
19:27:34.0033 0936 Lenovo ReadyComm AppSvc - ok
19:27:34.0059 0936 [ 56688ee2c359bb14479b89a50358faa2 ] Lenovo ReadyComm ConnSvc C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
19:27:34.0092 0936 Lenovo ReadyComm ConnSvc - ok
19:27:34.0118 0936 [ be166935083f9c38edfdc21b9a7a679b ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
19:27:34.0137 0936 LHDmgr - ok
19:27:34.0183 0936 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:27:34.0280 0936 lltdio - ok
19:27:34.0323 0936 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\windows\System32\lltdsvc.dll
19:27:34.0405 0936 lltdsvc - ok
19:27:34.0419 0936 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:27:34.0496 0936 lmhosts - ok
19:27:34.0540 0936 [ 1e2f802846eb944e0333efee7c9532a8 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:27:34.0564 0936 LMS - ok
19:27:34.0605 0936 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
19:27:34.0631 0936 LSI_FC - ok
19:27:34.0657 0936 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
19:27:34.0683 0936 LSI_SAS - ok
19:27:34.0692 0936 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
19:27:34.0716 0936 LSI_SAS2 - ok
19:27:34.0728 0936 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
19:27:34.0754 0936 LSI_SCSI - ok
19:27:34.0790 0936 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\windows\system32\drivers\luafv.sys
19:27:34.0890 0936 luafv - ok
19:27:34.0910 0936 MBAMProtector - ok
19:27:34.0936 0936 MBAMService - ok
19:27:34.0997 0936 [ f453d1e6d881e8f8717e20ccd4199e85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
19:27:35.0024 0936 McComponentHostService - ok
19:27:35.0061 0936 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:27:35.0108 0936 Mcx2Svc - ok
19:27:35.0139 0936 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
19:27:35.0163 0936 megasas - ok
19:27:35.0172 0936 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
19:27:35.0204 0936 MegaSR - ok
19:27:35.0229 0936 [ 088620da20b98578bfc4b97043f24042 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
19:27:35.0251 0936 mfeavfk - ok
19:27:35.0273 0936 [ 239e677e3e9047550c18b30c26c3ba3e ] mfehidk C:\windows\system32\drivers\mfehidk.sys
19:27:35.0301 0936 mfehidk - ok
19:27:35.0318 0936 [ bb6bdc9029ca71d652eadc40ff78f7cb ] mferkdk C:\windows\system32\drivers\mferkdk.sys
19:27:35.0337 0936 mferkdk - ok
19:27:35.0351 0936 [ 1f56e31db436287581cbe9a5c4c70e0e ] mfesmfk C:\windows\system32\drivers\mfesmfk.sys
19:27:35.0371 0936 mfesmfk - ok
19:27:35.0485 0936 [ 123271bd5237ab991dc5c21fdf8835eb ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:27:35.0505 0936 Microsoft Office Groove Audit Service - ok
19:27:35.0549 0936 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\windows\system32\mmcss.dll
19:27:35.0646 0936 MMCSS - ok
19:27:35.0681 0936 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\windows\system32\drivers\modem.sys
19:27:35.0775 0936 Modem - ok
19:27:35.0804 0936 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:27:35.0852 0936 monitor - ok
19:27:35.0905 0936 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:27:35.0929 0936 mouclass - ok
19:27:35.0946 0936 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:27:35.0995 0936 mouhid - ok
19:27:36.0032 0936 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:27:36.0057 0936 mountmgr - ok
19:27:36.0144 0936 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:27:36.0169 0936 MozillaMaintenance - ok
19:27:36.0232 0936 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
19:27:36.0262 0936 MpFilter - ok
19:27:36.0291 0936 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\windows\system32\DRIVERS\mpio.sys
19:27:36.0319 0936 mpio - ok
19:27:36.0353 0936 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:27:36.0430 0936 mpsdrv - ok
19:27:36.0479 0936 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\windows\system32\mpssvc.dll
19:27:36.0592 0936 MpsSvc - ok
19:27:36.0623 0936 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:27:36.0680 0936 MRxDAV - ok
19:27:36.0725 0936 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:27:36.0776 0936 mrxsmb - ok
19:27:36.0804 0936 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:27:36.0858 0936 mrxsmb10 - ok
19:27:36.0886 0936 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:27:36.0912 0936 mrxsmb20 - ok
19:27:36.0947 0936 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
19:27:36.0970 0936 msahci - ok
19:27:36.0986 0936 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
19:27:37.0013 0936 msdsm - ok
19:27:37.0033 0936 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\windows\System32\msdtc.exe
19:27:37.0084 0936 MSDTC - ok
19:27:37.0113 0936 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:27:37.0189 0936 Msfs - ok
19:27:37.0203 0936 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:27:37.0279 0936 mshidkmdf - ok
19:27:37.0294 0936 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
19:27:37.0316 0936 msisadrv - ok
19:27:37.0365 0936 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:27:37.0466 0936 MSiSCSI - ok
19:27:37.0471 0936 msiserver - ok
19:27:37.0505 0936 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:27:37.0598 0936 MSKSSRV - ok
19:27:37.0638 0936 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:27:37.0715 0936 MSPCLOCK - ok
19:27:37.0730 0936 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:27:37.0825 0936 MSPQM - ok
19:27:37.0855 0936 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:27:37.0890 0936 MsRPC - ok
19:27:37.0910 0936 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:27:37.0933 0936 mssmbios - ok
19:27:37.0953 0936 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:27:38.0056 0936 MSTEE - ok
19:27:38.0077 0936 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
19:27:38.0126 0936 MTConfig - ok
19:27:38.0150 0936 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\windows\system32\Drivers\mup.sys
19:27:38.0173 0936 Mup - ok
19:27:38.0265 0936 [ e78a365cc3e0fbfc018a33dce01909f8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
19:27:38.0288 0936 N360 - ok
19:27:38.0327 0936 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\windows\system32\qagentRT.dll
19:27:38.0415 0936 napagent - ok
19:27:38.0459 0936 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:27:38.0521 0936 NativeWifiP - ok
19:27:38.0606 0936 [ 2dbe90210de76be6e1653bb20ec70ec2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111224.017\ENG64.SYS
19:27:38.0628 0936 NAVENG - ok
19:27:38.0707 0936 [ 346da70e203b8e2c850277713de8f71b ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111224.017\EX64.SYS
19:27:38.0829 0936 NAVEX15 - ok
19:27:38.0881 0936 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\windows\system32\drivers\ndis.sys
19:27:38.0932 0936 NDIS - ok
19:27:38.0962 0936 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:27:39.0056 0936 NdisCap - ok
19:27:39.0089 0936 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:27:39.0187 0936 NdisTapi - ok
19:27:39.0226 0936 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:27:39.0305 0936 Ndisuio - ok
19:27:39.0331 0936 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:27:39.0410 0936 NdisWan - ok
19:27:39.0427 0936 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:27:39.0504 0936 NDProxy - ok
19:27:39.0519 0936 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:27:39.0616 0936 NetBIOS - ok
19:27:39.0646 0936 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:27:39.0747 0936 NetBT - ok
19:27:39.0768 0936 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\windows\system32\lsass.exe
19:27:39.0792 0936 Netlogon - ok
19:27:39.0835 0936 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\windows\System32\netman.dll
19:27:39.0919 0936 Netman - ok
19:27:39.0943 0936 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\windows\System32\netprofm.dll
19:27:40.0056 0936 netprofm - ok
19:27:40.0094 0936 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:40.0116 0936 NetTcpPortSharing - ok
19:27:40.0294 0936 [ 4d85a450edef10c38882182753a49aae ] NETw5s64 C:\windows\system32\DRIVERS\NETw5s64.sys
19:27:40.0561 0936 NETw5s64 - ok
19:27:40.0730 0936 [ 64428dfdaf6e88366cb51f45a79c5f69 ] netw5v64 C:\windows\system32\DRIVERS\netw5v64.sys
19:27:40.0945 0936 netw5v64 - ok
19:27:40.0968 0936 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
19:27:40.0992 0936 nfrd960 - ok
19:27:41.0025 0936 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:27:41.0047 0936 NisDrv - ok
19:27:41.0119 0936 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:27:41.0152 0936 NisSrv - ok
19:27:41.0236 0936 [ c9161bc998b33ca78a728c842ac6bdf6 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
19:27:41.0262 0936 NitroReaderDriverReadSpool2 - ok
19:27:41.0319 0936 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\windows\System32\nlasvc.dll
19:27:41.0402 0936 NlaSvc - ok
19:27:41.0421 0936 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:27:41.0498 0936 Npfs - ok
19:27:41.0515 0936 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\windows\system32\nsisvc.dll
19:27:41.0612 0936 nsi - ok
19:27:41.0646 0936 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:27:41.0745 0936 nsiproxy - ok
19:27:41.0819 0936 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:27:41.0893 0936 Ntfs - ok
19:27:41.0913 0936 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\windows\system32\drivers\Null.sys
19:27:41.0987 0936 Null - ok
19:27:42.0019 0936 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\windows\system32\drivers\nvraid.sys
19:27:42.0047 0936 nvraid - ok
19:27:42.0088 0936 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\windows\system32\drivers\nvstor.sys
19:27:42.0116 0936 nvstor - ok
19:27:42.0153 0936 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
19:27:42.0180 0936 nv_agp - ok
19:27:42.0287 0936 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:27:42.0320 0936 odserv - ok
19:27:42.0327 0936 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
19:27:42.0373 0936 ohci1394 - ok
19:27:42.0440 0936 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:27:42.0464 0936 ose - ok
19:27:42.0499 0936 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:27:42.0547 0936 p2pimsvc - ok
19:27:42.0585 0936 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\windows\system32\p2psvc.dll
19:27:42.0621 0936 p2psvc - ok
19:27:42.0642 0936 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
19:27:42.0668 0936 Parport - ok
19:27:42.0705 0936 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\windows\system32\drivers\partmgr.sys
19:27:42.0729 0936 partmgr - ok
19:27:42.0748 0936 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:27:42.0813 0936 PcaSvc - ok
19:27:42.0843 0936 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\windows\system32\DRIVERS\pci.sys
19:27:42.0871 0936 pci - ok
19:27:42.0898 0936 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\windows\system32\DRIVERS\pciide.sys
19:27:42.0920 0936 pciide - ok
19:27:42.0941 0936 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
19:27:42.0971 0936 pcmcia - ok
19:27:42.0985 0936 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\windows\system32\drivers\pcw.sys
19:27:43.0008 0936 pcw - ok
19:27:43.0033 0936 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:27:43.0147 0936 PEAUTH - ok
19:27:43.0258 0936 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\windows\SysWow64\perfhost.exe
19:27:43.0286 0936 PerfHost - ok
19:27:43.0351 0936 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\windows\system32\pla.dll
19:27:43.0502 0936 pla - ok
19:27:43.0568 0936 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:27:43.0601 0936 PlugPlay - ok
19:27:43.0620 0936 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:27:43.0646 0936 PNRPAutoReg - ok
19:27:43.0666 0936 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:27:43.0697 0936 PNRPsvc - ok
19:27:43.0733 0936 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:27:43.0842 0936 PolicyAgent - ok
19:27:43.0884 0936 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\windows\system32\umpo.dll
19:27:43.0983 0936 Power - ok
19:27:44.0031 0936 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:27:44.0134 0936 PptpMiniport - ok
19:27:44.0160 0936 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\windows\system32\DRIVERS\processr.sys
19:27:44.0200 0936 Processor - ok
19:27:44.0239 0936 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\windows\system32\profsvc.dll
19:27:44.0291 0936 ProfSvc - ok
19:27:44.0312 0936 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\windows\system32\lsass.exe
19:27:44.0335 0936 ProtectedStorage - ok
19:27:44.0364 0936 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:27:44.0441 0936 Psched - ok
19:27:44.0446 0936 PS_MDP - ok
19:27:44.0507 0936 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
19:27:44.0608 0936 ql2300 - ok
19:27:44.0623 0936 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
19:27:44.0650 0936 ql40xx - ok
19:27:44.0690 0936 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\windows\system32\qwave.dll
19:27:44.0731 0936 QWAVE - ok
19:27:44.0761 0936 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:27:44.0815 0936 QWAVEdrv - ok
19:27:44.0835 0936 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:27:44.0934 0936 RasAcd - ok
19:27:44.0973 0936 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:27:45.0049 0936 RasAgileVpn - ok
19:27:45.0083 0936 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\windows\System32\rasauto.dll
19:27:45.0188 0936 RasAuto - ok
19:27:45.0211 0936 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:27:45.0307 0936 Rasl2tp - ok
19:27:45.0368 0936 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\windows\System32\rasmans.dll
19:27:45.0471 0936 RasMan - ok
19:27:45.0509 0936 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:27:45.0588 0936 RasPppoe - ok
19:27:45.0607 0936 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:27:45.0684 0936 RasSstp - ok
19:27:45.0705 0936 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:27:45.0789 0936 rdbss - ok
19:27:45.0809 0936 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
19:27:45.0857 0936 rdpbus - ok
19:27:45.0896 0936 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:27:45.0972 0936 RDPCDD - ok
19:27:45.0999 0936 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:27:46.0075 0936 RDPENCDD - ok
19:27:46.0088 0936 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:27:46.0165 0936 RDPREFMP - ok
19:27:46.0212 0936 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:27:46.0249 0936 RDPWD - ok
19:27:46.0293 0936 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:27:46.0322 0936 rdyboost - ok
19:27:46.0328 0936 ReadyComm.DirectRouter - ok
19:27:46.0368 0936 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:27:46.0463 0936 RemoteAccess - ok
19:27:46.0487 0936 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:27:46.0567 0936 RemoteRegistry - ok
19:27:46.0604 0936 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:27:46.0659 0936 RFCOMM - ok
19:27:46.0697 0936 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:27:46.0794 0936 RpcEptMapper - ok
19:27:46.0841 0936 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\windows\system32\locator.exe
19:27:46.0867 0936 RpcLocator - ok
19:27:46.0892 0936 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\windows\System32\rpcss.dll
19:27:46.0977 0936 RpcSs - ok
19:27:47.0014 0936 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:27:47.0111 0936 rspndr - ok
19:27:47.0161 0936 [ 5aab4808e8ccae8c2ecda5b791260616 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
19:27:47.0188 0936 RSUSBSTOR - ok
19:27:47.0202 0936 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\windows\system32\lsass.exe
19:27:47.0226 0936 SamSs - ok
19:27:47.0262 0936 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
19:27:47.0289 0936 sbp2port - ok
19:27:47.0321 0936 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\windows\System32\SCardSvr.dll
19:27:47.0426 0936 SCardSvr - ok
19:27:47.0454 0936 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:27:47.0555 0936 scfilter - ok
19:27:47.0614 0936 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\windows\system32\schedsvc.dll
19:27:47.0661 0936 Schedule - ok
19:27:47.0685 0936 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\windows\System32\certprop.dll
19:27:47.0762 0936 SCPolicySvc - ok
19:27:47.0798 0936 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:27:47.0848 0936 SDRSVC - ok
19:27:47.0903 0936 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:27:47.0996 0936 secdrv - ok
19:27:48.0032 0936 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\windows\system32\seclogon.dll
19:27:48.0129 0936 seclogon - ok
19:27:48.0171 0936 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\windows\system32\sens.dll
19:27:48.0268 0936 SENS - ok
19:27:48.0297 0936 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:27:48.0343 0936 SensrSvc - ok
19:27:48.0393 0936 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\windows\system32\DRIVERS\serenum.sys
19:27:48.0433 0936 Serenum - ok
19:27:48.0470 0936 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\windows\system32\DRIVERS\serial.sys
19:27:48.0496 0936 Serial - ok
19:27:48.0530 0936 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
19:27:48.0555 0936 sermouse - ok
19:27:48.0603 0936 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\windows\system32\sessenv.dll
19:27:48.0682 0936 SessionEnv - ok
19:27:48.0697 0936 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
19:27:48.0743 0936 sffdisk - ok
19:27:48.0767 0936 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
19:27:48.0820 0936 sffp_mmc - ok
19:27:48.0849 0936 [ 5588b8c6193eb1522490c122eb94dffa ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
19:27:48.0879 0936 sffp_sd - ok
19:27:48.0884 0936 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
19:27:48.0909 0936 sfloppy - ok
19:27:48.0977 0936 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\windows\System32\ipnathlp.dll
19:27:49.0081 0936 SharedAccess - ok
19:27:49.0124 0936 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:27:49.0169 0936 ShellHWDetection - ok
19:27:49.0200 0936 [ d5429a7ad73cc9ed8559754038d4e575 ] Shockprf C:\windows\system32\DRIVERS\Apsx64.sys
19:27:49.0222 0936 Shockprf - ok
19:27:49.0250 0936 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
19:27:49.0275 0936 SiSRaid2 - ok
19:27:49.0291 0936 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
19:27:49.0316 0936 SiSRaid4 - ok
19:27:49.0366 0936 [ 6128e98eaaed364ed1a32708d2fd22cb ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:27:49.0388 0936 SkypeUpdate - ok
19:27:49.0398 0936 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:27:49.0501 0936 Smb - ok
19:27:49.0559 0936 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:27:49.0605 0936 SNMPTRAP - ok
19:27:49.0642 0936 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\windows\system32\drivers\spldr.sys
19:27:49.0665 0936 spldr - ok
19:27:49.0716 0936 [ f8e1fa03cb70d54a9892ac88b91d1e7b ] Spooler C:\windows\System32\spoolsv.exe
19:27:49.0752 0936 Spooler - ok
19:27:49.0848 0936 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\windows\system32\sppsvc.exe
19:27:50.0004 0936 sppsvc - ok
19:27:50.0020 0936 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:27:50.0115 0936 sppuinotify - ok
19:27:50.0203 0936 [ 90ef30c3867bcde4579c01a6d6e75a7a ] SRTSP C:\windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
19:27:50.0253 0936 SRTSP - ok
19:27:50.0276 0936 [ c513e8a5e7978da49077f5484344ee1b ] SRTSPX C:\windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
19:27:50.0296 0936 SRTSPX - ok
19:27:50.0350 0936 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\windows\system32\DRIVERS\srv.sys
19:27:50.0405 0936 srv - ok
19:27:50.0457 0936 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:27:50.0489 0936 srv2 - ok
19:27:50.0529 0936 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:27:50.0557 0936 srvnet - ok
19:27:50.0600 0936 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:27:50.0680 0936 SSDPSRV - ok
19:27:50.0700 0936 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\windows\system32\sstpsvc.dll
19:27:50.0778 0936 SstpSvc - ok
19:27:50.0803 0936 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
19:27:50.0826 0936 stexstor - ok
19:27:50.0858 0936 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\windows\System32\wiaservc.dll
19:27:50.0925 0936 stisvc - ok
19:27:50.0945 0936 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:27:50.0967 0936 swenum - ok
19:27:50.0985 0936 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\windows\System32\swprv.dll
19:27:51.0099 0936 swprv - ok
19:27:51.0157 0936 [ 6160145c7a87fc7672e8e3b886888176 ] SymDS C:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
19:27:51.0475 0936 SymDS - ok
19:27:51.0537 0936 [ 96aeed40d4d3521568b42027687e69e0 ] SymEFA C:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
19:27:51.0594 0936 SymEFA - ok
19:27:51.0639 0936 [ 21a1c2d694c3cf962d31f5e873ab3d6f ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:27:51.0661 0936 SymEvent - ok
19:27:51.0698 0936 [ bd0d711d8cbfcaa19ca123306eaf53a5 ] SymIRON C:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
19:27:51.0721 0936 SymIRON - ok
19:27:51.0749 0936 [ a6adb3d83023f8daa0f7b6fda785d83b ] SymNetS C:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS
19:27:51.0778 0936 SymNetS - ok
19:27:51.0837 0936 [ 05ac84ed54dd46092c045f6fbb8c5d3c ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
19:27:51.0865 0936 SynTP - ok
19:27:51.0936 0936 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\windows\system32\sysmain.dll
19:27:52.0053 0936 SysMain - ok
19:27:52.0078 0936 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\windows\System32\TabSvc.dll
19:27:52.0117 0936 TabletInputService - ok
19:27:52.0140 0936 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\windows\System32\tapisrv.dll
19:27:52.0224 0936 TapiSrv - ok
19:27:52.0279 0936 [ 927d0cdb3f96efc1e98fb1a2c9fb67ad ] tapoas C:\windows\system32\DRIVERS\tapoas.sys
19:27:52.0319 0936 tapoas - ok
19:27:52.0340 0936 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\windows\System32\tbssvc.dll
19:27:52.0417 0936 TBS - ok
19:27:52.0488 0936 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:27:52.0569 0936 Tcpip - ok
19:27:52.0633 0936 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:27:52.0714 0936 TCPIP6 - ok
19:27:52.0745 0936 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:27:52.0822 0936 tcpipreg - ok
19:27:52.0866 0936 [ ccf4225a78d2ca2983c38d60cffbadc8 ] TcUsb C:\windows\system32\Drivers\tcusb.sys
19:27:52.0885 0936 TcUsb - ok
19:27:52.0905 0936 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:27:52.0928 0936 TDPIPE - ok
19:27:52.0964 0936 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:27:52.0986 0936 TDTCP - ok
19:27:53.0007 0936 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:27:53.0085 0936 tdx - ok
19:27:53.0221 0936 [ 3e85bdd019e3db66d9471dad7fd6a887 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:27:53.0333 0936 TeamViewer7 - ok
19:27:53.0359 0936 [ c448651339196c0e869a355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:27:53.0382 0936 TermDD - ok
19:27:53.0429 0936 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\windows\System32\termsrv.dll
19:27:53.0520 0936 TermService - ok
19:27:53.0539 0936 [ f0344071948d1a1fa732231785a0664c ] Themes C:\windows\system32\themeservice.dll
19:27:53.0594 0936 Themes - ok
19:27:53.0626 0936 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\windows\system32\mmcss.dll
19:27:53.0704 0936 THREADORDER - ok
19:27:53.0714 0936 [ 184feded95761e9f3c63d20fb829e998 ] TPDIGIMN C:\windows\system32\DRIVERS\ApsHM64.sys
19:27:53.0733 0936 TPDIGIMN - ok
19:27:53.0756 0936 [ a882d31edd28315a8a0ee47f74af15c1 ] TPHDEXLGSVC C:\windows\system32\TPHDEXLG64.exe
19:27:53.0777 0936 TPHDEXLGSVC - ok
19:27:53.0812 0936 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\windows\System32\trkwks.dll
19:27:53.0910 0936 TrkWks - ok
19:27:53.0976 0936 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:27:54.0026 0936 TrustedInstaller - ok
19:27:54.0054 0936 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:27:54.0146 0936 tssecsrv - ok
19:27:54.0207 0936 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:27:54.0307 0936 tunnel - ok
19:27:54.0332 0936 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
19:27:54.0356 0936 uagp35 - ok
19:27:54.0367 0936 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:27:54.0451 0936 udfs - ok
19:27:54.0485 0936 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:27:54.0513 0936 UI0Detect - ok
19:27:54.0529 0936 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
19:27:54.0553 0936 uliagpkx - ok
19:27:54.0590 0936 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:27:54.0635 0936 umbus - ok
19:27:54.0664 0936 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\windows\system32\DRIVERS\umpass.sys
19:27:54.0713 0936 UmPass - ok
19:27:54.0816 0936 [ af905f4966cfc8b973623ab150cd4b2b ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:27:54.0907 0936 UNS - ok
19:27:54.0962 0936 [ e25cfda008ed0c45c1134568e51f9dc4 ] UpekSrvc C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe
19:27:54.0979 0936 UpekSrvc - ok
19:27:55.0016 0936 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\windows\System32\upnphost.dll
19:27:55.0117 0936 upnphost - ok
19:27:55.0202 0936 [ 77b01bc848298223a95d4ec23e1785a1 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
19:27:55.0258 0936 usbaudio - ok
19:27:55.0309 0936 [ 537a4e03d7103c12d42dfd8ffdb5bdc9 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:27:55.0351 0936 usbccgp - ok
19:27:55.0404 0936 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
19:27:55.0454 0936 usbcir - ok
19:27:55.0505 0936 [ fbb21ebe49f6d560db37ac25fbc68e66 ] usbehci C:\windows\system32\drivers\usbehci.sys
19:27:55.0529 0936 usbehci - ok
19:27:55.0563 0936 [ 6b7a8a99c4a459e73c286a6763ea24cc ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:27:55.0594 0936 usbhub - ok
19:27:55.0613 0936 [ 8c88aa7617b4cbc2e4bed61d26b33a27 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:27:55.0659 0936 usbohci - ok
19:27:55.0694 0936 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:27:55.0750 0936 usbprint - ok
19:27:55.0789 0936 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:27:55.0831 0936 USBSTOR - ok
19:27:55.0879 0936 [ 0b5b3b2df3fd1709618acfa50b8392b0 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:27:55.0903 0936 usbuhci - ok
19:27:55.0939 0936 [ 7cb8c573c6e4a2714402cc0a36eab4fe ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
19:27:55.0986 0936 usbvideo - ok
19:27:56.0023 0936 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\windows\System32\uxsms.dll
19:27:56.0116 0936 UxSms - ok
19:27:56.0135 0936 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\windows\system32\lsass.exe
19:27:56.0158 0936 VaultSvc - ok
19:27:56.0226 0936 [ ed492636ee26ec43daa4baa7ef0da7ad ] VBoxDrv C:\windows\system32\DRIVERS\VBoxDrv.sys
19:27:56.0254 0936 VBoxDrv - ok
19:27:56.0274 0936 [ 58e2365e7fd880624f648c63c5d22009 ] VBoxNetAdp C:\windows\system32\DRIVERS\VBoxNetAdp.sys
19:27:56.0298 0936 VBoxNetAdp - ok
19:27:56.0338 0936 [ 5160910ce602710d7e87f1b35487e7db ] VBoxNetFlt C:\windows\system32\DRIVERS\VBoxNetFlt.sys
19:27:56.0363 0936 VBoxNetFlt - ok
19:27:56.0443 0936 [ 99906a079a6c24d4b8b0dbed02b7869b ] VBoxUSBMon C:\windows\system32\DRIVERS\VBoxUSBMon.sys
19:27:56.0468 0936 VBoxUSBMon - ok
19:27:56.0496 0936 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
19:27:56.0519 0936 vdrvroot - ok
19:27:56.0549 0936 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\windows\System32\vds.exe
19:27:56.0610 0936 vds - ok
19:27:56.0650 0936 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:27:56.0681 0936 vga - ok
19:27:56.0692 0936 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\windows\System32\drivers\vga.sys
19:27:56.0789 0936 VgaSave - ok
19:27:56.0817 0936 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
19:27:56.0847 0936 vhdmp - ok
19:27:56.0866 0936 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
19:27:56.0889 0936 viaide - ok
19:27:56.0930 0936 [ c49ff968cf459dbe57cfadbc36988aae ] vm331avs C:\windows\system32\Drivers\vm331avs.sys
19:27:56.0954 0936 vm331avs - ok
19:27:57.0015 0936 [ 6c551c8b0672c926b80fa8199c8682e7 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
19:27:57.0053 0936 VMUSBArbService - ok
19:27:57.0095 0936 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
19:27:57.0120 0936 volmgr - ok
19:27:57.0141 0936 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:27:57.0176 0936 volmgrx - ok
19:27:57.0195 0936 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
19:27:57.0227 0936 volsnap - ok
19:27:57.0259 0936 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
19:27:57.0287 0936 vsmraid - ok
19:27:57.0363 0936 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\windows\system32\vssvc.exe
19:27:57.0452 0936 VSS - ok
19:27:57.0472 0936 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:27:57.0518 0936 vwifibus - ok
19:27:57.0547 0936 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:27:57.0582 0936 vwififlt - ok
19:27:57.0616 0936 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\windows\system32\w32time.dll
19:27:57.0705 0936 W32Time - ok
19:27:57.0730 0936 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
19:27:57.0781 0936 WacomPen - ok
19:27:57.0815 0936 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:27:57.0895 0936 WANARP - ok
19:27:57.0912 0936 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:27:57.0989 0936 Wanarpv6 - ok
19:27:58.0077 0936 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:27:58.0173 0936 WatAdminSvc - ok
19:27:58.0251 0936 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\windows\system32\wbengine.exe
19:27:58.0338 0936 wbengine - ok
19:27:58.0361 0936 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:27:58.0401 0936 WbioSrvc - ok
19:27:58.0434 0936 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\windows\System32\wcncsvc.dll
19:27:58.0468 0936 wcncsvc - ok
19:27:58.0499 0936 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:27:58.0525 0936 WcsPlugInService - ok
19:27:58.0545 0936 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\windows\system32\DRIVERS\wd.sys
19:27:58.0568 0936 Wd - ok
19:27:58.0589 0936 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:27:58.0635 0936 Wdf01000 - ok
19:27:58.0647 0936 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:27:58.0703 0936 WdiServiceHost - ok
19:27:58.0708 0936 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:27:58.0747 0936 WdiSystemHost - ok
19:27:58.0788 0936 [ 2a444acf7dd446505bcc801f8f6ae5fd ] wdmirror C:\windows\system32\DRIVERS\WDMirror.sys
19:27:58.0806 0936 wdmirror - ok
19:27:58.0838 0936 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\windows\System32\webclnt.dll
19:27:58.0887 0936 WebClient - ok
19:27:58.0924 0936 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:27:59.0025 0936 Wecsvc - ok
19:27:59.0048 0936 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:27:59.0128 0936 wercplsupport - ok
19:27:59.0151 0936 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\windows\System32\WerSvc.dll
19:27:59.0231 0936 WerSvc - ok
19:27:59.0258 0936 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:27:59.0333 0936 WfpLwf - ok
19:27:59.0370 0936 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
19:27:59.0396 0936 WimFltr - ok
19:27:59.0419 0936 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:27:59.0442 0936 WIMMount - ok
19:27:59.0460 0936 WinDefend - ok
19:27:59.0468 0936 WinHttpAutoProxySvc - ok
19:27:59.0528 0936 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:27:59.0628 0936 Winmgmt - ok
19:27:59.0712 0936 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\windows\system32\WsmSvc.dll
19:27:59.0892 0936 WinRM - ok
19:27:59.0966 0936 [ 4d52c872018af7e18d078978dcc3f6f2 ] WinUsb C:\windows\system32\DRIVERS\WinUSB.sys
19:28:00.0013 0936 WinUsb - ok
19:28:00.0101 0936 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\windows\System32\wlansvc.dll
19:28:00.0164 0936 Wlansvc - ok
19:28:00.0190 0936 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
19:28:00.0212 0936 WmiAcpi - ok
19:28:00.0246 0936 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:28:00.0292 0936 wmiApSrv - ok
19:28:00.0338 0936 WMPNetworkSvc - ok
19:28:00.0370 0936 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\windows\System32\wpcsvc.dll
19:28:00.0395 0936 WPCSvc - ok
19:28:00.0411 0936 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:28:00.0468 0936 WPDBusEnum - ok
19:28:00.0501 0936 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:28:00.0602 0936 ws2ifsl - ok
19:28:00.0656 0936 [ 8f9f3969933c02da96eb0f84576db43e ] wscsvc C:\windows\system32\wscsvc.dll
19:28:00.0701 0936 wscsvc - ok
19:28:00.0705 0936 WSearch - ok
19:28:00.0741 0936 [ 83575c43b2bfe9ab0661a7f957e843c0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
19:28:00.0765 0936 wsvd - ok
19:28:00.0871 0936 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\windows\system32\wuaueng.dll
19:28:00.0970 0936 wuauserv - ok
19:28:00.0985 0936 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:28:01.0063 0936 WudfPf - ok
19:28:01.0097 0936 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:28:01.0201 0936 WUDFRd - ok
19:28:01.0228 0936 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:28:01.0307 0936 wudfsvc - ok
19:28:01.0327 0936 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\windows\System32\wwansvc.dll
19:28:01.0387 0936 WwanSvc - ok
19:28:01.0418 0936 ================ Scan global ===============================
19:28:01.0439 0936 (ba0cd8c393e8c9f83354106093832c7b) C:\windows\system32\basesrv.dll
19:28:01.0480 0936 (0cb6ebf4b461a6043353c570bd72a1e1) C:\windows\system32\winsrv.dll
19:28:01.0491 0936 (0cb6ebf4b461a6043353c570bd72a1e1) C:\windows\system32\winsrv.dll
19:28:01.0521 0936 (d6160f9d869ba3af0b787f971db56368) C:\windows\system32\sxssrv.dll
19:28:01.0562 0936 (24acb7e5be595468e3b9aa488b9b4fcb) C:\windows\system32\services.exe
19:28:01.0567 0936 [Global] - ok
19:28:01.0568 0936 ================ Scan MBR ==================================
19:28:01.0581 0936 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:28:01.0982 0936 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:28:01.0982 0936 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:28:01.0983 0936 ================ Scan VBR ==================================
19:28:01.0987 0936 Boot (0x1200) (398a85cda189961c55b8d8817541a83b) \Device\Harddisk0\DR0\Partition1
19:28:01.0989 0936 \Device\Harddisk0\DR0\Partition1 - ok
19:28:02.0018 0936 Boot (0x1200) (1d5c57c67de88a10c06774b509c3a53b) \Device\Harddisk0\DR0\Partition2
19:28:02.0021 0936 \Device\Harddisk0\DR0\Partition2 - ok
19:28:02.0056 0936 Boot (0x1200) (ae294672728b479564e0ac9f5485b316) \Device\Harddisk0\DR0\Partition3
19:28:02.0058 0936 \Device\Harddisk0\DR0\Partition3 - ok
19:28:02.0058 0936 ============================================================
19:28:02.0058 0936 Scan finished
19:28:02.0058 0936 ============================================================
19:28:02.0072 3536 Detected object count: 1
19:28:02.0072 3536 Actual detected object count: 1
19:28:11.0759 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:28:11.0759 3536 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

=======================================================================================================================================
  • 0

#75
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Good job and thank you for the detailed update :thumbsup:


Step 1.

Please rerun TDSSKiller following the directions above but select delete for only the following item:

\Device\Harddisk0\DR0 ( TDSS File System )


Step 2.

Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Search

Posted Image

Once done a log will be produced please post the log.


Step 3.

Please post:

TDSSKiller log
AdwCleaner log

Also please update me on any remaining issues.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP