MBAM crashes (and closes) by itself / Cloud Protection Rogue

[joecris]

Firstly, many thanks for helping.

Background:

I picked up a trojan earlier today so I ran MBAM and it detected 4 infections when suddenly at the 3min scanning mark it crashed and closed by itself. Ran MBAM again and after it detected 2 infections I canceled the scan just before the 3min (crash) mark. I then deleted the infections in quarantine.

Thinking there are at least 2 more infections that still need to be fixed I ran MBAM over and over but it couldn't find any more infections and it always kept crashing either at 3 or 5 min mark or shortly after it begins "scanning additional items".

Next I tried the varoius recommended work arounds from the forum but still no luck, MBAM crashes and closes by itself. I've done the following up to this point-

- Ran MBAM on safe mode - failed

- Modified Mcafee Viruscan Enterprise settings as specified and re-ran MBAM - failed

- Ran MBAM Chameleon (twice) - failed (both times)

- Performed disk check and re-ran MBAM - failed

- Performed disk clean up and re-ran MBAM - failed

- Performed defrag and re-ran MBAM - failed

- Performed targeted scan using Mcafee Viruscan Enterprise - nothing detected

- Performed Spybot scan - nothing detected

Logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by jcrisologo at 15:51:46 on 2012-06-08

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.2080 [GMT 10:00]

.

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Host Intrusion Prevention Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\ibmpmsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

C:\windows\system32\mfevtps.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe

C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

C:\windows\system32\conhost.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\windows\system32\rundll32.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\windows\system32\igfxext.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe

C:\windows\system32\wuauclt.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.com.au/

uDefault_Page_URL = hxxp://my.oracle.com

uInternet Settings,ProxyOverride = *.oracleads.com;*.us.oracle.com;*.oraclecorp.com;*.uk.oracle.com;*.sg.oracle.com;*.au.oracle.com;*.nz.oracle.com;*.ap.oracle.com;*.in.oracle.com;*.tw.oracle.com;*.jp.oracle.com;*.cn.oracle.com;*.kr.oracle.com;*.th.oracle.com;*.oracle.com;*.;<local>

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

uRun: [ZhCz1oGd8LTjeBO] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe

uRun: [VTjeBOxu2Fn5] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe

uRun: [uS1ivD3on4m5W7E] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [mycS1ivD3n4m5W7] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe

uRun: [H5QdKRgqCkrNAc2] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe

uRun: [FqjUrNxA0v2b3Ga] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe

uRun: [dL9qjUCekBzNx0v] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun: [sunJavaUpdateSched]

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

mRun: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

dRunOnce: [ClickToCallConfig] C:\ProgramData\Oracle\BaseImage\config\realplayerent_config.exe /SS=YES

dRunOnce: [iPCConfig] C:\ProgramData\Oracle\BaseImage\config\cisco_ipcommunicator-cfg.exe /SS=YES

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

Trusted Zone: qantas.com.au\www.check-in

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {75D1753A-6250-4894-8E33-30969331D642} - hxxps://gcmau.oraclecorp.com/prmmanager_enu/20436/applets/SiebelAx_iHelp.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {9392A5E9-E2B1-4090-B58A-84216D06DBB9} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} - hxxps://global-crm.oraclecorp.com/prmmanager_enu/20436/applets/SiebelAx_HI_Client.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://enablement20.webex.com/client/WBXclient-T27L10NSP28EP2-12243/nbr/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.2.65

TCP: Interfaces\{2722236D-270D-412B-B379-0831EFB56F88} : DhcpNameServer = 192.168.2.65

TCP: Interfaces\{654C6CE6-374D-44DF-9DD9-E2558ADC755E} : DhcpNameServer = 192.168.2.65

TCP: Interfaces\{654C6CE6-374D-44DF-9DD9-E2558ADC755E}\5566F6F646F6F6465656 : DhcpNameServer = 192.168.2.65

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Notification Packages = sbnp scecli

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

BHO-X64: Conduit Engine - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO-X64: uTorrentBar - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun-x64: [sunJavaUpdateSched]

mRun-x64: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

mRun-x64: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

mRun-x64: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

IE-X64: {c95fe080-8f5d-11d2-a20b-00aa003c157a}

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

P2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-8-25 181480]

R0 DzHDD64;DzHDD64;C:\windows\system32\DRIVERS\DzHDD64.sys --> C:\windows\system32\DRIVERS\DzHDD64.sys [?]

R0 MfeEERM;MfeEERM;C:\Windows\System32\drivers\MfeEERM.sys [2010-12-18 226504]

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]

R0 SBAlg;SBAlg;C:\Windows\System32\drivers\SbAlg.sys [2011-10-11 60128]

R0 SBAlg00;SBAlg00;C:\Windows\System32\drivers\SbAlg00.sys [2009-6-4 18176]

R0 SBAlg01;SBAlg01;C:\Windows\System32\drivers\SbAlg01.sys [2009-6-4 18176]

R0 SBAlg11;SBAlg11;C:\Windows\System32\drivers\SbAlg11.sys [2009-6-4 36096]

R0 SBAlg12;SBAlg12;C:\Windows\System32\drivers\SbAlg12.sys [2009-6-4 60160]

R0 SbCe;SbCe;C:\Windows\System32\drivers\SbCe.sys [2010-12-18 698312]

R0 SbFsLock;SbFsLock;C:\Windows\System32\drivers\SbFsLock.sys [2011-7-28 15688]

R0 TPDIGIMN;TPDIGIMN;C:\windows\system32\DRIVERS\ApsHM64.sys --> C:\windows\system32\DRIVERS\ApsHM64.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\windows\system32\DRIVERS\smiifx64.sys --> C:\windows\system32\DRIVERS\smiifx64.sys [?]

R1 RsvLock;RsvLock;C:\Windows\System32\drivers\RsvLock.sys [2011-7-28 58184]

R1 SbFlop;SbFlop;C:\Windows\System32\drivers\SbFlop.sys [2011-7-28 23368]

R1 SbRegFlt;SbRegFlt;C:\Windows\System32\drivers\SbRegFlt.sys [2011-7-28 15688]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\windows\system32\DRIVERS\CipcCdp.sys --> C:\windows\system32\DRIVERS\CipcCdp.sys [?]

R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-2-16 1498224]

R2 hips;McAfee HIPSCore Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2010-7-2 39840]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-6-20 45496]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-3-25 226624]

R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-8-25 20792]

R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-11-15 132672]

R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-8-25 66880]

R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\system32\mfevtps.exe --> C:\windows\system32\mfevtps.exe [?]

R2 MyDesktopWindows;MyDesktopService;C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [2011-10-29 1038848]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]

R2 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-6-20 143360]

R2 QOSMyDesktop;QOS MyDesktop;C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-14 470016]

R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]

R2 SafeBootClientManager;SafeBoot Client Manager;C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2011-7-28 385084]

R2 SbCeCoreService;McAfee Endpoint Encryption Core Service;C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe [2010-12-18 203080]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-6-20 63928]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-6-11 641464]

R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-6-20 477032]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\system32\DRIVERS\e1k62x64.sys --> C:\windows\system32\DRIVERS\e1k62x64.sys [?]

R3 FirehkMP;FirehkMP;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 HIPK;McAfee Inc. HIPK;C:\windows\system32\drivers\HIPK.sys --> C:\windows\system32\drivers\HIPK.sys [?]

R3 HIPPSK;McAfee Inc. HIPPSK;C:\windows\system32\drivers\HIPPSK.sys --> C:\windows\system32\drivers\HIPPSK.sys [?]

R3 HIPQK;McAfee Inc. HIPQK;C:\windows\system32\drivers\HIPQK.sys --> C:\windows\system32\drivers\HIPQK.sys [?]

R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]

R3 SbCeCd;SbCeCd;C:\Windows\System32\drivers\SbCeCd.sys [2010-12-18 132808]

R3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]

R3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]

R3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-25 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 257696]

S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]

S3 Firehk;McAfee NDIS Intermediate Filter;C:\windows\system32\DRIVERS\firehk.sys --> C:\windows\system32\DRIVERS\firehk.sys [?]

S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-25 136176]

S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\system32\DRIVERS\htcnprot.sys --> C:\windows\system32\DRIVERS\htcnprot.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\system32\Drivers\nx6000.sys --> C:\windows\system32\Drivers\nx6000.sys [?]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-6-20 83304]

S3 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys --> C:\windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys --> C:\windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys --> C:\windows\system32\DRIVERS\ssadmdm.sys [?]

S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-08 03:58:05 46568 ----a-w- C:\windows\System32\HIPIS0e011b3.dll

2012-06-08 03:58:05 40328 ----a-w- C:\windows\SysWow64\HIPIS0e011b3.dll

2012-06-08 00:34:30 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{CF45465C-F2D7-4415-A51E-C2AB3FFB8293}

2012-06-08 00:34:01 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{7F545007-1496-441F-A092-2F5567B0481A}

2012-06-06 22:31:13 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{1B5C2990-D153-4CB2-A9A8-7914DDA78A5B}

2012-06-06 22:30:34 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{73FDA3B6-2737-440C-A831-FC55071B012F}

2012-06-06 05:29:17 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{6EAC1687-1EAA-4FF2-93A2-D291AD78B2E2}

2012-06-06 05:28:48 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{B3DEE64E-5C6D-47D9-86E3-CC70FF2560CC}

2012-06-06 02:57:04 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{855863AE-88D3-4BCB-9329-21E4F9482DC6}

2012-06-05 14:56:18 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{AF2CEBD5-FED7-4575-9AD9-8A2267A85E42}

2012-06-05 14:55:49 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{F05D2FF1-2C05-4A91-9EE8-8065A5B439A8}

2012-06-05 01:21:11 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{57C1DD15-DFF2-467A-ADDD-5D26CE41B582}

2012-06-05 01:20:42 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{BB07C8E0-69C0-48A4-A592-67D55BFF51B3}

2012-06-04 13:19:55 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{B0762E64-7D27-406C-8C60-04BCF625ABDE}

2012-06-04 13:19:27 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{90B902A3-E3A6-4051-89E2-A5E2B99AC484}

2012-06-04 00:01:00 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{839D3893-98EA-4917-B642-20D22100C64F}

2012-06-04 00:00:30 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{69395949-A64F-4ABE-AAF3-4FAA62B58FF7}

2012-06-03 10:51:45 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{CF97B4CF-FC0A-4C38-81D3-448B6555AD29}

2012-06-03 10:51:16 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{E97C08CC-A612-4D8C-BABC-5A4E3D9D528D}

2012-06-02 07:52:45 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{39E44454-B932-4EA5-B2EC-5EBC7A3A413D}

2012-06-02 07:52:15 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{A0A6C427-7EC8-4EE0-AF01-ADDCFD6A0FD4}

2012-06-01 16:46:11 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{506C6B7A-6006-4B5B-B761-F5BC7017AD20}

2012-06-01 16:45:42 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{624250BA-2E00-4275-BAD9-7581D0621B6B}

2012-06-01 15:02:10 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{061269F3-65CA-45B0-BC5D-0738619A1BD1}

2012-05-31 23:41:39 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{D6D12427-A565-44AA-9536-530C1B8393CB}

2012-05-31 23:41:10 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{FD0469C7-53E9-4DA5-A8C6-08D7632F15D8}

2012-05-31 11:40:22 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{09A13CA2-2FFC-452F-ACED-FFCA7FBBEED1}

2012-05-31 11:39:53 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{BB170B01-DDF4-4D02-9BE0-30F88214791C}

2012-05-30 14:15:03 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{87B0F63B-F240-4255-96A8-D27DC54ECE61}

2012-05-30 14:14:34 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{E56138DB-54FC-4F49-B3DC-5E42D7043CBF}

2012-05-29 23:31:36 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{E60C5009-3E77-4FD0-9C1A-43F0138EEEA5}

2012-05-29 23:31:07 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{C0B4F01D-8E44-4F82-B4BF-35883B9F6F35}

2012-05-28 23:40:32 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{19D2446C-BD79-4F59-A3D7-2098170F78F9}

2012-05-28 23:39:33 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{86BFF52A-0242-44C6-B867-92AE96BDC714}

2012-05-28 09:22:55 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{F7243CF5-C504-4914-AAF3-EC2DFAB1FE6C}

2012-05-28 09:22:21 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{88A47474-0B58-4929-B847-CFF069AD7505}

2012-05-27 14:41:02 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{F4C1FD97-AD7B-4153-9EB2-9F1973783312}

2012-05-27 14:40:32 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{C822ADC0-C2C8-400E-8B0F-B94F14DDEE4F}

2012-05-27 03:44:45 -------- d-----w- C:\Program Files (x86)\Magellan

2012-05-27 03:44:45 -------- d-----w- C:\MagellanDrivers

2012-05-27 00:53:08 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{537492DA-A031-4A06-9581-D8BAB5F0C601}

2012-05-27 00:52:39 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{38E212DD-5BC0-4DAB-94E0-210770F264D3}

2012-05-26 23:31:07 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{7BEBEC9B-9539-4966-B635-596A9F095E7C}

2012-05-26 14:38:47 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{F104A47A-1DA7-4438-84B5-6AE778630F65}

2012-05-26 00:03:40 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{F43E4683-2512-4F92-BC38-5463A034BD6B}

2012-05-26 00:03:11 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{39A7AE5A-E83C-421E-8C54-F4CFE196E024}

2012-05-25 08:23:54 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{2D4B86C6-CDED-4723-A9F3-C2438E927090}

2012-05-25 08:23:26 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{CBAA3E7D-9AEE-4583-BD16-5841B896A338}

2012-05-24 16:09:08 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{0A7EFBB3-6103-4909-8C37-E2F5E6E803CA}

2012-05-24 16:08:39 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{BA63D159-287E-47DF-89B9-D8B381A53886}

2012-05-24 04:07:53 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{3F0D5ACD-1F6D-4299-A8EC-184571B50311}

2012-05-24 04:07:24 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{8A5292B6-48CB-49B3-81F1-F10D4693E9A8}

2012-05-24 02:58:04 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{B6519F24-75CE-4B83-8656-84995A3E7866}

2012-05-24 02:57:35 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{6E64BE69-FF77-4BC1-B563-C4858C407516}

2012-05-23 13:59:26 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{8EFF066A-A2DA-4C14-9207-0A89F848CD92}

2012-05-23 13:58:57 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{DF9536E6-E0D3-45DD-97E4-1D7CD33A0C68}

2012-05-23 01:58:09 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{0DB923C2-7D33-4D21-8CA4-833C27AA5D88}

2012-05-23 01:57:41 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{8BA48C95-70B4-4A67-A9DB-A0CECFAFBA4E}

2012-05-22 23:27:44 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{60ABCFBC-8D41-488C-8DB0-794FE1E4480C}

2012-05-22 07:56:45 -------- d-----w- C:\Users\jcrisologo\AppData\Local\Spotify

2012-05-22 07:55:41 -------- d-----w- C:\Users\jcrisologo\AppData\Roaming\Spotify

2012-05-22 07:55:14 -------- d-----w- C:\Users\jcrisologo\AppData\Local\Deployment

2012-05-22 07:55:14 -------- d-----w- C:\Users\jcrisologo\AppData\Local\Apps

2012-05-22 05:24:48 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{6A17860F-82FA-4628-8042-CC17E8DDE0EA}

2012-05-22 05:24:19 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{A482663D-842A-40C8-A8C5-FEC6D10711BA}

2012-05-21 00:54:30 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{BB0C9DEB-1E3C-43E7-ACA8-048F485C2BE1}

2012-05-21 00:53:59 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{BEDBFDC9-255C-47B2-A938-846CD24A6072}

2012-05-20 11:09:54 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{F80846F3-C9BC-4FDA-BC6A-1334EDA0C250}

2012-05-20 11:09:25 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{77651807-237A-4C92-84AA-4DF9DE0D042D}

2012-05-20 00:17:34 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{F82A7269-F618-482C-A84B-E95D404455D2}

2012-05-18 22:54:19 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{7C6C0ACB-99A7-4F96-92B6-6CB400D884E9}

2012-05-18 22:53:50 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{B3323428-5409-4EC1-9DEC-11B7EA75EC29}

2012-05-18 04:31:16 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{A1B71A70-923E-4C68-8C38-8D74BC80271B}

2012-05-18 04:30:27 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{FB88BA4F-F784-43ED-9DBD-3897BB3171C6}

2012-05-17 13:24:26 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{408D7C0F-EC37-4554-AB32-E504FDF5CBF3}

2012-05-17 13:23:58 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{28C70DE0-8334-438E-8634-EE4651DDEB18}

2012-05-16 14:43:32 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{17096DB0-8F08-470D-8717-438C64A89217}

2012-05-16 14:43:03 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{69F726F7-FC4A-43B6-8454-ACC2F493C37E}

2012-05-15 14:56:56 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{DB2CE37A-2BF3-4117-955D-079048C45461}

2012-05-15 14:56:27 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{924B49A1-30D6-4B0A-B5A1-3693361E0036}

2012-05-15 02:53:03 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{6CE14991-57DF-4180-9CC1-D99C16BF097C}

2012-05-15 02:52:35 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{04792EE3-F957-46DA-B9DF-69B52165066A}

2012-05-14 03:46:17 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{C02C4880-5272-45AE-A82C-6F590D6E92C3}

2012-05-14 03:45:48 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{8BE37542-9811-449D-8F23-EC5890BF8A00}

2012-05-13 15:00:51 177640 ----a-w- C:\windows\System32\drivers\ssadmdm.sys

2012-05-13 15:00:51 16872 ----a-w- C:\windows\System32\drivers\ssadmdfl.sys

2012-05-13 15:00:51 157672 ----a-w- C:\windows\System32\drivers\ssadbus.sys

2012-05-13 15:00:51 13800 ----a-w- C:\windows\System32\drivers\ssadwhnt.sys

2012-05-13 15:00:51 13288 ----a-w- C:\windows\System32\drivers\ssadcmnt.sys

2012-05-13 12:33:33 -------- d-----w- C:\Users\jcrisologo\AppData\Roaming\Temp

2012-05-13 03:44:16 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{D89A06C9-1845-4F58-B240-4A27D2022CD6}

2012-05-13 03:43:47 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{384A70EA-459E-49E8-9026-59491382323A}

2012-05-12 16:02:21 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{F3702C51-8711-4C53-8AF7-E54D6E612BE7}

2012-05-12 16:01:53 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{995B2A9E-8F75-473B-8BA2-E48F8A3FA234}

2012-05-12 15:22:16 -------- d-----w- C:\windows\SysWow64\System32

2012-05-11 23:02:13 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{1A7210EA-AABE-4034-B638-72D29813D081}

2012-05-11 23:01:44 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{130E40CA-F520-4725-A29F-19D3E1AC9E76}

2012-05-11 08:28:44 1544704 ----a-w- C:\windows\System32\DWrite.dll

2012-05-11 08:28:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-05-11 05:22:07 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-05-11 05:22:06 3146240 ----a-w- C:\windows\System32\win32k.sys

2012-05-11 05:22:05 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-05-11 05:22:05 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-05-11 05:02:01 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys

2012-05-11 04:51:57 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-05-11 04:51:07 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-11 04:51:05 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 04:51:04 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 04:51:03 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-11 04:51:02 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-10 23:11:39 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{128836DB-5599-41CF-B22C-559AAA2262E6}

2012-05-10 23:11:10 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{D99643AE-0BBC-4985-9A10-FE5A895A6CD4}

2012-05-10 02:21:36 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{E7CF0543-29DD-46DE-81BD-C974DBEEA2DB}

2012-05-10 02:21:07 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{B95F0EE3-BD6A-4C0C-906E-5D7F395CC4D4}

2012-05-09 12:56:50 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{1F201FA1-8302-4F3F-8A80-6D72052097A3}

2012-05-09 12:56:17 -------- d-----w- C:\Users\jcrisologo\AppData\Local\{E24D1282-55E1-421A-9F2F-B239CD701746}

.

==================== Find3M ====================

.

2012-05-05 11:29:22 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 11:29:22 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 11:29:14 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-02 14:17:08 143008 ----a-w- C:\windows\SysWow64\KevlarSigs.dll

2012-04-04 05:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

.

============= FINISH: 15:55:58.25 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 20/06/2011 12:14:56 PM

System Uptime: 8/06/2012 1:57:40 PM (2 hours ago)

.

Motherboard: LENOVO | | 2537R88

Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 197 GiB total, 113.995 GiB free.

D: is FIXED (NTFS) - 93 GiB total, 20.177 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP138: 27/05/2012 1:43:32 PM - Installed VantagePoint

RP139: 27/05/2012 2:01:50 PM - Installed Content Manager

RP140: 27/05/2012 2:24:34 PM - Removed Content Manager

RP141: 27/05/2012 7:00:14 PM - Windows Backup

RP142: 3/06/2012 8:58:20 PM - Windows Backup

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe AIR

Adobe Reader X (10.1.3)

Adobe SVG Viewer 3.0

Any Video Converter 3.3.5

CDBurnerXP

Cisco AnyConnect VPN Client

Cisco IP Communicator

Cisco WebEx Meetings

Conduit Engine

D3DX10

Google Drive

Google Earth

Google Update Helper

GTK+ Runtime 2.14.7 rev a (remove only)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

Internet Explorer

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

McAfee Agent

McAfee AntiSpyware Enterprise Module

McAfee Endpoint Encryption for Files and Folders

McAfee Endpoint Encryption for PC

McAfee Host Intrusion Prevention

McAfee SiteAdvisor Enterprise Plus

McAfee VirusScan Enterprise

Mesh Runtime

Messenger Companion

Microsoft Corporation

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Visio Viewer 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visio Viewer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

MSVC80_x86_v2

MSVC90_x86

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

MyFreeCodec

NETGEAR Live Parental Controls Management Utility 2.1.5

Oracle Beehive Conferencing

Oracle Beehive Extensions for Outlook

Oracle Beehive for Outlook

Oracle Online Assistance

Oracle Open Office 3.2

Oracle Web Conferencing Console

PC Connectivity Solution

Pidgin

PopCap Browser Plugin

prerequisite

PrimoPDF

RealPlayer Enterprise

Samsung Kies

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype Click to Call

Skype™ 5.8

Spotify

Spybot - Search & Destroy

ThinkPad Power Manager

ThinkPad UltraNav Utility

TomTom HOME 2.8.2.2264

TomTom HOME Visual Studio Merge Modules

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

uTorrentBar Toolbar

VantagePoint

VLC media player 2.0.1

WhiteCap

Windows 7 Codec Pack 3.1.0

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

8/06/2012 3:51:36 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

8/06/2012 1:53:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/06/2012 1:53:13 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

8/06/2012 1:53:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/06/2012 1:53:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/06/2012 1:53:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/06/2012 1:53:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache lenovo.smi mfehidk RsvLock SbFlop SbRegFlt spldr TPPWRIF Wanarpv6

8/06/2012 1:53:05 PM, Error: Service Control Manager [7022] - The McAfee Endpoint Encryption Core Service service hung on starting.

8/06/2012 1:53:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

8/06/2012 1:53:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/06/2012 1:51:44 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

8/06/2012 1:51:43 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

8/06/2012 1:45:10 AM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..

7/06/2012 8:17:52 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {7A1A13F5-B96B-492A-B591-D7526E0B3013}. The error: "5" Happened while starting this command: "C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe" -Embedding

1/06/2012 1:57:31 PM, Error: Schannel [36887] - The following fatal alert was received: 47.

.

==== End Of File ===========================

[Maurice Naggar]

Hello joecris and welcome to MalwareBytes forums.

These steps are for joecris only. If you are a casual viewer, do NOT try this on your system!

If you are not joecris and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Do not do any websurfing on this system. Only go to this forum and the sites I guide you to for tools or online scans.

Please follow my guidance

If you are a casual viewer, do NOT try this on your system!

If you are not the originating-member-poster and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

Close any of your open programs while you run these tools.

Step 1

This system has got the "Cloud Protection rogue" (anti-spyware) program.

Do a system restart/reboot, and right away start tapping F8 function key.

When get Advanced Boot Menu, select Safe Mode with Networking.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 4

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

5. Under the Proxy Server section, please uncheck the checkbox labeled

Use a proxy server for your LAN.

Then press the OK button to close this screen.

Then press the OK button to close the Internet Options screen.

Step 5

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

• 
  

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 6

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power) or a UPS system

IF you have a prior copy of Combofix, delete it now !!

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

NEXT: Open notepad and Copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=110848
Collect::[4]
C:\Users\jcrisologo\AppData\Roaming\svhostu.exe
DDS::
uRun: [ZhCz1oGd8LTjeBO] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe
uRun: [VTjeBOxu2Fn5] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe
uRun: [uS1ivD3on4m5W7E] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe
uRun: [mycS1ivD3n4m5W7] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe
uRun: [H5QdKRgqCkrNAc2] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe
uRun: [FqjUrNxA0v2b3Ga] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe
uRun: [dL9qjUCekBzNx0v] C:\Users\jcrisologo\AppData\Roaming\svhostu.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Close any (all) open browsers. Close all apps that you started.

Refering to the picture above, drag CFScript into ComboFix.exe

When CF finishes running, it pops out with the CF log and this message box:

Clicking OK will begin the auto-upload of the zipped file.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Edited June 10, 2012 by Maurice Naggar

[joecris]

Maurice, I followed your instructions to the letter. Below are some observations I made while combofix ran. I'm not sure if they mean I need to re-run cobmofix or not but let me know if I have to. Also, can I now restore my folder settings

- Ran combofix as instructed. About two thirds through my laptop screen shut down and so I had to log back in. When I got back on it was no longer in safe mode but the CMD window was still open and combofix appeared to continue running.

- While combofix ran I get an error message pop-up that says- "Windows cannot find 'NIRKMD'. Make sure you typed the name correctly, and try again." There was an "Ok" button so I hit that but the pop-up came back. This time I tried closing the pop up (by hitting the X on the top right) and that seemed to work.

- Then came the "Preparing log report...." message. During this stage, the pop-up came back and closed it again.

- The last pop-up in your instructions (Submit files for further analysis) did not appear though I was able to save the combofix log.

Combofix log-

ComboFix 12-06-11.04 - jcrisologo 12/06/2012 9:38.1.4 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3892.3049 [GMT 10:00]

Running from: c:\users\jcrisologo\Desktop\Combo-Fix.exe

Command switches used :: c:\users\jcrisologo\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\tmp2F37.tmp

c:\programdata\tmp3358.tmp

c:\programdata\tmp7CF9.tmp

c:\users\jcrisologo\AppData\Roaming\Microsoft\Windows\Ntuser.dat

c:\users\jcrisologo\Taskmgr.exe

c:\windows\SafeBoot.scr

c:\windows\SysWow64\muzapp.exe

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))

.

.

2012-06-11 23:51 . 2009-11-23 15:33 40328 ----a-w- c:\windows\SysWow64\HIPIS0e011b3.dll

2012-06-11 23:51 . 2009-11-23 15:21 46568 ----a-w- c:\windows\system32\HIPIS0e011b3.dll

2012-06-11 04:19 . 2012-06-11 04:19 -------- d-----w- c:\program files (x86)\ERUNT

2012-06-09 00:00 . 2012-03-07 01:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-08 23:59 . 2012-06-09 02:40 -------- d-----w- c:\programdata\AVAST Software

2012-06-08 23:59 . 2012-06-08 23:59 -------- d-----w- c:\program files\AVAST Software

2012-06-01 09:05 . 2012-06-01 09:05 -------- d-----w- c:\users\Default\AppData\Local\Google

2012-05-27 04:24 . 2012-05-27 04:24 -------- d-----w- c:\programdata\InstallShield

2012-05-27 03:44 . 2012-05-27 03:44 -------- d-----w- c:\program files (x86)\Magellan

2012-05-27 03:44 . 2012-05-27 03:44 -------- d-----w- C:\MagellanDrivers

2012-05-22 07:56 . 2012-05-27 08:01 -------- d-----w- c:\users\jcrisologo\AppData\Local\Spotify

2012-05-22 07:55 . 2012-05-27 07:50 -------- d-----w- c:\users\jcrisologo\AppData\Roaming\Spotify

2012-05-22 07:55 . 2012-05-22 07:55 -------- d-----w- c:\users\jcrisologo\AppData\Local\Deployment

2012-05-22 07:55 . 2012-05-22 07:55 -------- d-----w- c:\users\jcrisologo\AppData\Local\Apps

2012-05-13 15:00 . 2011-06-02 05:47 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys

2012-05-13 15:00 . 2011-06-02 05:47 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys

2012-05-13 15:00 . 2011-06-02 05:47 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys

2012-05-13 15:00 . 2011-06-02 05:47 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys

2012-05-13 15:00 . 2011-06-02 05:47 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 11:29 . 2012-04-04 14:22 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 11:29 . 2011-06-24 08:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 11:29 . 2012-04-04 14:28 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-02 14:17 . 2010-07-02 11:35 143008 ----a-w- c:\windows\SysWow64\KevlarSigs.dll

2012-04-04 05:56 . 2012-01-22 10:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 06:05 . 2012-05-11 05:22 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-11 05:22 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-11 05:22 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10 . 2012-05-11 05:22 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 11:35 . 2012-05-11 04:51 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-28 12:11 . 2012-04-25 07:10 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-03-28 12:11 . 2012-03-28 12:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-03-28 12:11 . 2012-03-28 12:11 325552 ----a-w- c:\windows\MASetupCaller.dll

2012-03-28 12:11 . 2012-03-28 12:11 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-03-28 12:11 . 2012-03-28 12:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll

2012-03-28 12:11 . 2012-03-28 12:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-03-28 12:11 . 2012-03-28 12:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-03-28 12:11 . 2012-03-28 12:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll

2012-03-28 12:11 . 2012-03-28 12:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll

2012-03-28 12:11 . 2012-03-28 12:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll

2012-03-28 12:11 . 2012-03-28 12:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax

2012-03-28 12:11 . 2012-03-28 12:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll

2012-03-28 12:11 . 2012-03-28 12:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll

2012-03-28 12:11 . 2012-03-28 12:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-03-28 12:11 . 2012-03-28 12:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll

2012-03-28 12:11 . 2012-03-28 12:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll

2012-03-28 12:11 . 2012-03-28 12:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll

2012-03-28 12:11 . 2012-03-28 12:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll

2012-03-28 12:11 . 2012-03-28 12:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax

2012-03-28 12:11 . 2012-03-28 12:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll

2012-03-28 12:11 . 2012-03-28 12:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe

2012-03-28 12:11 . 2012-03-28 12:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll

2012-03-28 12:11 . 2012-03-28 12:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll

2012-03-28 12:11 . 2012-03-28 12:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax

2012-03-28 12:11 . 2012-03-28 12:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll

2012-03-28 12:11 . 2012-03-28 12:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax

2012-03-28 12:11 . 2012-03-28 12:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax

2012-03-28 12:11 . 2012-03-28 12:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll

2012-03-28 12:11 . 2012-03-28 12:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax

2012-03-28 12:11 . 2012-04-25 07:10 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-03-17 07:58 . 2012-05-11 05:02 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-19 1475584]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-05-16 11921064]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2011-06-20 180224]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-08-25 124224]

"SafeBootTrayManager"="c:\program files (x86)\SafeBoot Tray Manager\SbTrayManager.exe" [2009-08-19 69632]

"SafeBootTokenWatcher"="c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2011-07-28 172092]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-04-18 1551208]

"McAfee Host Intrusion Prevention Tray"="c:\program files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe" [2010-02-16 979104]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-11-15 333376]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ClickToCallConfig"="c:\programdata\Oracle\BaseImage\config\realplayerent_config.exe" [2011-01-24 192066]

"IPCConfig"="c:\programdata\Oracle\BaseImage\config\cisco_ipcommunicator-cfg.exe" [2011-03-07 215519]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-6-11 1083680]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

startControlconfig.lnk - c:\programdata\Oracle\Baseimage\utils\startControlConfig.hta [2011-6-21 1371]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ sbnp scecli

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-04-18 477032]

R3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\DRIVERS\firehk.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-18 83304]

R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]

S0 MfeEERM;MfeEERM; [x]

S0 SafeBoot;SafeBoot; [x]

S0 SBAlg;SBAlg; [x]

S0 SBAlg00;SBAlg00; [x]

S0 SBAlg01;SBAlg01; [x]

S0 SBAlg11;SBAlg11; [x]

S0 SBAlg12;SBAlg12; [x]

S0 SbCe;SbCe; [x]

S0 SbFsLock;SbFsLock; [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]

S1 RsvLock;RsvLock; [x]

S1 SbFlop;SbFlop; [x]

S1 SbRegFlt;SbRegFlt; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys [x]

S2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-02-16 1498224]

S2 hips;McAfee HIPSCore Service;c:\program files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2009-11-23 39840]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-25 20792]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 MyDesktopWindows;MyDesktopService;c:\programdata\Oracle\MyDesktop\MyDesktopService.exe [2011-10-28 1038848]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]

S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-18 143360]

S2 QOSMyDesktop;QOS MyDesktop;c:\programdata\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-13 470016]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]

S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2011-07-28 385084]

S2 SbCeCoreService;McAfee Endpoint Encryption Core Service;c:\program files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe [2010-12-17 203080]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-06-10 641464]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

S3 FirehkMP;FirehkMP;c:\windows\system32\DRIVERS\firehk.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [x]

S3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [x]

S3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 SbCeCd;SbCeCd; [x]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:29]

.

2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 13:16]

.

2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 13:16]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CeDesktopIntegration]

@="{3CEC3E6D-ECF2-4B49-8A41-3B16DF8B9C3F}"

[HKEY_CLASSES_ROOT\CLSID\{3CEC3E6D-ECF2-4B49-8A41-3B16DF8B9C3F}]

2010-12-17 16:53 1000672 ----a-w- c:\program files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeDesktopIntegration.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-05-16 07:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-05-16 07:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-05-16 07:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-05-16 07:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TpShocks"="TpShocks.exe" [2009-12-11 380776]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]

"SbCeCore"="c:\program files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe" [2010-12-17 388936]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-31 410136]

"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-31 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-31 390680]

"EEPCSyncNotify"="c:\programdata\Oracle\BaseImage\eepc-sync-notify.exe" [2011-12-20 560312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.com.au/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.oracleads.com;*.us.oracle.com;*.oraclecorp.com;*.uk.oracle.com;*.sg.oracle.com;*.au.oracle.com;*.nz.oracle.com;*.ap.oracle.com;*.in.oracle.com;*.tw.oracle.com;*.jp.oracle.com;*.cn.oracle.com;*.kr.oracle.com;*.th.oracle.com;*.oracle.com;*.;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

Trusted Zone: qantas.com.au\www.check-in

Trusted Zone: oracle.com\login

Trusted Zone: oraclecorp.com\global-ebusiness

Trusted Zone: oraclecorp.com\global-erp

Trusted Zone: oraclecorp.com\global-hrms

Trusted Zone: oraclecorp.com\global-service

Trusted Zone: oraclevpn.com\myaccess

TCP: DhcpNameServer = 192.168.2.65

DPF: {75D1753A-6250-4894-8E33-30969331D642} - hxxps://gcmau.oraclecorp.com/prmmanager_enu/20436/applets/SiebelAx_iHelp.cab

DPF: {9392A5E9-E2B1-4090-B58A-84216D06DBB9} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab

DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} - hxxps://global-crm.oraclecorp.com/prmmanager_enu/20436/applets/SiebelAx_HI_Client.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-SunJavaUpdateSched - (no file)

Toolbar-Locked - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

c:\program files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe

c:\program files (x86)\Internet Explorer\IELowutil.exe

.

**************************************************************************

.

Completion time: 2012-06-12 10:13:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-12 00:13

.

Pre-Run: 128,461,692,928 bytes free

Post-Run: 128,595,537,920 bytes free

.

- - End Of File - - E67F325B517FA1C5F732A516730265E5

[Maurice Naggar]

Your logs showed some peer-to-peer filesharing apps: uTorrent Please remove it and any other 'torrent app.

I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Step 2

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Step 3

Download Dr.Web CureIt to the desktop.

• Turn OFF your antivirus program.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, chose the Complete Scan.
  
• Select all drives. A red dot shows which drives have been chosen.
  
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
  

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Step 4

Please read carefully and follow these steps.

• Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  
• Download TDSSKiller and save it to your Desktop.
  
• If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  If on Windows XP, double-click to start.
  
• Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  
• Then press Start Scan
  

When the scan is done, it will display a summary screen.

• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 5

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
  
• Follow the onscreen instructions inside of the command window.
  
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
  

Step 6

Reply with contents of (Copy & Paste) DrWeb Cure-It log

TDSSKILLER log

Checkup.txt

and tell me, How is your system, now ?

[Maurice Naggar]

Please advise on status of this system, and if you need more time. Are you still with us ?

[joecris]

Maurice, I'm still here, just got delayed. I'll post the results shortly. Thanks heaps.

[Maurice Naggar]

I hope you are not using this system for online uses. It is important that you get going on what I outlined.

You do not need to do everything all in one day. But you do need to make forward progress.

You can start & watch briefly the drWeb Cure-it app, and once you have answered all prompts, and it gets going, you can leave it running overnight.

Do keep me apprised if you need more time.

But in meantime, consider the pc as being in quarantine. No websurfing, no online transactions, no banking. no shopping.

[Maurice Naggar]

Are you still with me?? Please advise.

[joecris]

Hi Maurice, Sorry for the delays. Here goes the logs, 3 of them as requested (DrWeb, TDSSKiller, Checkup)-

1. DrWeb.txt - Btw, this report ended up in Excel for some reason and I did a "save as" to comma delimited txt. Also, while I was certain my anti-virus software (Mcaffee Enterprise) was not running, at the end of the DrWeb run, the OnAccess Scan picked up some viruses, below are the logs. Just tell me if I need to re-run DrWeb.

A) DrWeb log

WindowsMobileConfigurationv1_14.pdf/EmbeddedStream[00000003][0002D2E9]\JSTAG_3[4ef][1367];C:\Users\jcrisologo\Documents\ORCL\IT\WindowsMobileConfigurationv1_14.pdf/EmbeddedStream[00000003][0002D2E9];Probably SCRIPT.Virus;;

WindowsMobileConfigurationv1_14.pdf/EmbeddedStream[00000003][0002D2E9]\JSTag_9[4f4][1362];C:\Users\jcrisologo\Documents\ORCL\IT\WindowsMobileConfigurationv1_14.pdf/EmbeddedStream[00000003][0002D2E9];Probably SCRIPT.Virus;;

EmbeddedStream[00000003][0002D2E9];C:\Users\jcrisologo\Documents\ORCL\IT;Container contains infected objects;;

WindowsMobileConfigurationv1_14.pdf;C:\Users\jcrisologo\Documents\ORCL\IT;Container contains infected objects;Moved.;

WindowsMobileConfigurationv1_14.pdf/EmbeddedStream[00000003][0002D2E9]\JSTAG_3[4ef][1367];C:\Documents and Settings\jcrisologo\DoctorWeb\Quarantine\WindowsMobileConfigurationv1_14.pdf/EmbeddedStream[00000003][0002D2E9;Probably SCRIPT.Virus;;

WindowsMobileConfigurationv1_14.pdf/EmbeddedStream[00000003][0002D2E9]\JSTag_9[4f4][1362];C:\Documents and Settings\jcrisologo\DoctorWeb\Quarantine\WindowsMobileConfigurationv1_14.pdf/EmbeddedStream[00000003][0002D2E9;Probably SCRIPT.Virus;;

EmbeddedStream[00000003][0002D2E9];C:\Documents and Settings\jcrisologo\DoctorWeb\Quarantine;Container contains infected objects;;

WindowsMobileConfigurationv1_14.pdf;C:\Documents and Settings\jcrisologo\DoctorWeb\Quarantine;Container contains infected objects;Moved.;

B) OnAccess scan log

6/18/2012 10:13:31 AM Engine version = 5400.1158

6/18/2012 10:13:31 AM AntiVirus DAT version = 6745.0

6/18/2012 10:13:31 AM Number of detection signatures in EXTRA.DAT = None

6/18/2012 10:13:31 AM Names of detection signatures in EXTRA.DAT = None

6/18/2012 10:13:31 AM Not scanned (scan timed out) JCRISOLOGO-AU\jcrisologo C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\jcrisologo\AppData\Roaming\Microsoft\Windows\Cookies\Low\X2S2SQ87.txt

6/18/2012 10:13:38 AM Not scanned (scan timed out) JCRISOLOGO-AU\jcrisologo C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\jcrisologo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UUYWFSL1\segments[1]

6/18/2012 10:13:38 AM Not scanned (scan timed out) JCRISOLOGO-AU\jcrisologo C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\jcrisologo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACO1NHA1\favicon[2].ico

6/18/2012 10:13:38 AM Not scanned (scan timed out) JCRISOLOGO-AU\jcrisologo C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\jcrisologo\AppData\Roaming\Microsoft\Windows\Cookies\Low\33V07Q1C.txt

6/18/2012 10:13:38 AM Not scanned (scan timed out) JCRISOLOGO-AU\jcrisologo C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\jcrisologo\AppData\Roaming\Microsoft\Windows\Cookies\Low\CVLPON81.txt

6/18/2012 10:13:38 AM Not scanned (scan timed out) JCRISOLOGO-AU\jcrisologo C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\jcrisologo\AppData\Roaming\Microsoft\Windows\Cookies\Low\EULH0163.txt

6/18/2012 10:13:38 AM Not scanned (scan timed out) JCRISOLOGO-AU\jcrisologo C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\jcrisologo\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UB4K6K13\www.nytimes[1].xml

6/18/2012 10:13:38 AM Not scanned (scan timed out) JCRISOLOGO-AU\jcrisologo C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\jcrisologo\AppData\Roaming\Microsoft\Windows\Cookies\Low\B6081N0B.txt

6/18/2012 10:13:38 AM Not scanned (scan timed out) JCRISOLOGO-AU\jcrisologo C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\jcrisologo\AppData\Roaming\Microsoft\Windows\Cookies\7F22NFS0.txt

6/18/2012 10:13:38 AM Not scanned (scan timed out) JCRISOLOGO-AU\jcrisologo C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\jcrisologo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UUYWFSL1\ping[5].gif

6/19/2012 1:03:38 AM Statistics:

6/19/2012 1:03:38 AM Files scanned: 58238

6/19/2012 1:03:38 AM Files detected: 0

6/19/2012 1:03:38 AM Files cleaned: 0

6/19/2012 1:03:38 AM Files deleted: 0

6/19/2012 8:26:54 AM Engine version = 5400.1158

6/19/2012 8:26:54 AM AntiVirus DAT version = 6745.0

6/19/2012 8:26:54 AM Number of detection signatures in EXTRA.DAT = None

6/19/2012 8:26:54 AM Names of detection signatures in EXTRA.DAT = None

6/19/2012 8:43:53 AM Engine version = 5400.1158

6/19/2012 8:43:53 AM AntiVirus DAT version = 6746.0

6/19/2012 8:43:53 AM Number of detection signatures in EXTRA.DAT = None

6/19/2012 8:43:53 AM Names of detection signatures in EXTRA.DAT = None

6/20/2012 3:23:00 AM Statistics:

6/20/2012 3:23:00 AM Files scanned: 69621

6/20/2012 3:23:00 AM Files detected: 0

6/20/2012 3:23:00 AM Files cleaned: 0

6/20/2012 3:23:00 AM Files deleted: 0

6/20/2012 9:11:32 AM Engine version = 5400.1158

6/20/2012 9:11:32 AM AntiVirus DAT version = 6746.0

6/20/2012 9:11:32 AM Number of detection signatures in EXTRA.DAT = None

6/20/2012 9:11:32 AM Names of detection signatures in EXTRA.DAT = None

6/20/2012 1:56:30 PM Engine version = 5400.1158

6/20/2012 1:56:30 PM AntiVirus DAT version = 6747.0

6/20/2012 1:56:30 PM Number of detection signatures in EXTRA.DAT = None

6/20/2012 1:56:30 PM Names of detection signatures in EXTRA.DAT = None

6/21/2012 9:30:17 AM Engine version = 5400.1158

6/21/2012 9:30:17 AM AntiVirus DAT version = 6748.0

6/21/2012 9:30:17 AM Number of detection signatures in EXTRA.DAT = None

6/21/2012 9:30:17 AM Names of detection signatures in EXTRA.DAT = None

6/22/2012 12:35:32 AM Statistics:

6/22/2012 12:35:32 AM Files scanned: 130861

6/22/2012 12:35:32 AM Files detected: 0

6/22/2012 12:35:32 AM Files cleaned: 0

6/22/2012 12:35:32 AM Files deleted: 0

6/22/2012 12:46:35 PM Engine version = 5400.1158

6/22/2012 12:46:35 PM AntiVirus DAT version = 6748.0

6/22/2012 12:46:35 PM Number of detection signatures in EXTRA.DAT = None

6/22/2012 12:46:35 PM Names of detection signatures in EXTRA.DAT = None

6/22/2012 1:05:26 PM Engine version = 5400.1158

6/22/2012 1:05:26 PM AntiVirus DAT version = 6749.0

6/22/2012 1:05:26 PM Number of detection signatures in EXTRA.DAT = None

6/22/2012 1:05:26 PM Names of detection signatures in EXTRA.DAT = None

6/22/2012 1:33:14 PM Statistics:

6/22/2012 1:33:14 PM Files scanned: 9850

6/22/2012 1:33:14 PM Files detected: 0

6/22/2012 1:33:14 PM Files cleaned: 0

6/22/2012 1:33:14 PM Files deleted: 0

6/22/2012 5:00:47 PM Engine version = 5400.1158

6/22/2012 5:00:47 PM AntiVirus DAT version = 6749.0

6/22/2012 5:00:47 PM Number of detection signatures in EXTRA.DAT = None

6/22/2012 5:00:47 PM Names of detection signatures in EXTRA.DAT = None

6/23/2012 3:06:49 AM Statistics:

6/23/2012 3:06:49 AM Files scanned: 54639

6/23/2012 3:06:49 AM Files detected: 0

6/23/2012 3:06:49 AM Files cleaned: 0

6/23/2012 3:06:49 AM Files deleted: 0

6/23/2012 1:28:57 PM Engine version = 5400.1158

6/23/2012 1:28:57 PM AntiVirus DAT version = 6749.0

6/23/2012 1:28:57 PM Number of detection signatures in EXTRA.DAT = None

6/23/2012 1:28:57 PM Names of detection signatures in EXTRA.DAT = None

6/23/2012 1:45:57 PM Engine version = 5400.1158

6/23/2012 1:45:57 PM AntiVirus DAT version = 6750.0

6/23/2012 1:45:57 PM Number of detection signatures in EXTRA.DAT = None

6/23/2012 1:45:57 PM Names of detection signatures in EXTRA.DAT = None

6/24/2012 1:42:21 PM Engine version = 5400.1158

6/24/2012 1:42:21 PM AntiVirus DAT version = 6751.0

6/24/2012 1:42:21 PM Number of detection signatures in EXTRA.DAT = None

6/24/2012 1:42:21 PM Names of detection signatures in EXTRA.DAT = None

6/24/2012 1:44:42 PM Statistics:

6/24/2012 1:44:42 PM Files scanned: 18278

6/24/2012 1:44:42 PM Files detected: 0

6/24/2012 1:44:42 PM Files cleaned: 0

6/24/2012 1:44:42 PM Files deleted: 0

6/24/2012 1:46:06 PM Engine version = 5400.1158

6/24/2012 1:46:06 PM AntiVirus DAT version = 6751.0

6/24/2012 1:46:06 PM Number of detection signatures in EXTRA.DAT = None

6/24/2012 1:46:06 PM Names of detection signatures in EXTRA.DAT = None

6/24/2012 2:41:46 PM Engine version = 5400.1158

6/24/2012 2:41:46 PM AntiVirus DAT version = 6751.0

6/24/2012 2:41:46 PM Number of detection signatures in EXTRA.DAT = None

6/24/2012 2:41:46 PM Names of detection signatures in EXTRA.DAT = None

6/24/2012 5:07:51 PM Deleted JCRISOLOGO-AU\jcrisologo C:\Users\jcrisologo\AppData\Local\Temp\2A5F0F86-8BEB1D4B-E7794884-27683294\4fc34_xp.exe C:\Users\jcrisologo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\7db6e8a2-42217640 Exploit-CVE2012-0507 (Trojan)

6/24/2012 5:08:09 PM Deleted JCRISOLOGO-AU\jcrisologo C:\Users\jcrisologo\AppData\Local\Temp\2A5F0F86-8BEB1D4B-E7794884-27683294\4fc34_xp.exe C:\Users\jcrisologo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\53391470-4f96b110 Exploit-CVE2012-0507 (Trojan)

6/24/2012 5:08:19 PM Deleted JCRISOLOGO-AU\jcrisologo C:\Users\jcrisologo\AppData\Local\Temp\2A5F0F86-8BEB1D4B-E7794884-27683294\4fc34_xp.exe C:\Users\jcrisologo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\1449f3bd-5d4f58ab Exploit-CVE2012-0507 (Trojan)

2. TDSSKiller report

12:20:44.0172 0572 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

12:20:45.0092 0572 ============================================================

12:20:45.0092 0572 Current date / time: 2012/06/25 12:20:45.0092

12:20:45.0092 0572 SystemInfo:

12:20:45.0092 0572

12:20:45.0092 0572 OS Version: 6.1.7601 ServicePack: 1.0

12:20:45.0092 0572 Product type: Workstation

12:20:45.0092 0572 ComputerName: JCRISOLOGO-AU

12:20:45.0092 0572 UserName: jcrisologo

12:20:45.0092 0572 Windows directory: C:\windows

12:20:45.0092 0572 System windows directory: C:\windows

12:20:45.0092 0572 Running under WOW64

12:20:45.0092 0572 Processor architecture: Intel x64

12:20:45.0092 0572 Number of processors: 4

12:20:45.0092 0572 Page size: 0x1000

12:20:45.0092 0572 Boot type: Normal boot

12:20:45.0092 0572 ============================================================

12:20:45.0888 0572 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

12:20:45.0903 0572 ============================================================

12:20:45.0903 0572 \Device\Harddisk0\DR0:

12:20:45.0903 0572 MBR partitions:

12:20:45.0903 0572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x10CF800

12:20:45.0903 0572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10D0000, BlocksNum 0x18913800

12:20:45.0934 0572 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x199E4000, BlocksNum 0xBA4A000

12:20:45.0934 0572 ============================================================

12:20:45.0966 0572 C: <-> \Device\Harddisk0\DR0\Partition1

12:20:46.0012 0572 D: <-> \Device\Harddisk0\DR0\Partition2

12:20:46.0012 0572 ============================================================

12:20:46.0012 0572 Initialize success

12:20:46.0012 0572 ============================================================

12:21:06.0854 6340 ============================================================

12:21:06.0854 6340 Scan started

12:21:06.0854 6340 Mode: Manual; SigCheck; TDLFS;

12:21:06.0854 6340 ============================================================

12:21:07.0774 6340 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

12:21:08.0024 6340 1394ohci - ok

12:21:08.0086 6340 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

12:21:08.0118 6340 ACPI - ok

12:21:08.0149 6340 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

12:21:08.0320 6340 AcpiPmi - ok

12:21:08.0383 6340 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

12:21:08.0476 6340 AdobeARMservice - ok

12:21:08.0632 6340 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:21:08.0710 6340 AdobeFlashPlayerUpdateSvc - ok

12:21:08.0820 6340 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

12:21:08.0898 6340 adp94xx - ok

12:21:08.0960 6340 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

12:21:09.0022 6340 adpahci - ok

12:21:09.0038 6340 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

12:21:09.0069 6340 adpu320 - ok

12:21:09.0100 6340 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

12:21:09.0256 6340 AeLookupSvc - ok

12:21:09.0350 6340 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

12:21:09.0490 6340 AFD - ok

12:21:09.0537 6340 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

12:21:09.0553 6340 agp440 - ok

12:21:09.0568 6340 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

12:21:09.0678 6340 ALG - ok

12:21:09.0709 6340 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

12:21:09.0740 6340 aliide - ok

12:21:09.0756 6340 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

12:21:09.0787 6340 amdide - ok

12:21:09.0818 6340 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

12:21:09.0912 6340 AmdK8 - ok

12:21:09.0912 6340 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

12:21:09.0958 6340 AmdPPM - ok

12:21:09.0990 6340 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

12:21:10.0052 6340 amdsata - ok

12:21:10.0083 6340 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

12:21:10.0130 6340 amdsbs - ok

12:21:10.0146 6340 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

12:21:10.0208 6340 amdxata - ok

12:21:10.0255 6340 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

12:21:10.0348 6340 AppID - ok

12:21:10.0380 6340 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

12:21:10.0458 6340 AppIDSvc - ok

12:21:10.0489 6340 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

12:21:10.0582 6340 Appinfo - ok

12:21:10.0614 6340 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll

12:21:10.0723 6340 AppMgmt - ok

12:21:10.0754 6340 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

12:21:10.0785 6340 arc - ok

12:21:10.0801 6340 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

12:21:10.0816 6340 arcsas - ok

12:21:10.0848 6340 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

12:21:10.0910 6340 AsyncMac - ok

12:21:10.0957 6340 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

12:21:10.0988 6340 atapi - ok

12:21:11.0066 6340 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

12:21:11.0222 6340 AudioEndpointBuilder - ok

12:21:11.0222 6340 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

12:21:11.0284 6340 AudioSrv - ok

12:21:11.0347 6340 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

12:21:11.0503 6340 AxInstSV - ok

12:21:11.0581 6340 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

12:21:11.0690 6340 b06bdrv - ok

12:21:11.0721 6340 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

12:21:11.0815 6340 b57nd60a - ok

12:21:11.0846 6340 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

12:21:11.0940 6340 BDESVC - ok

12:21:11.0955 6340 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

12:21:12.0018 6340 Beep - ok

12:21:12.0111 6340 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

12:21:12.0236 6340 BFE - ok

12:21:12.0330 6340 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll

12:21:12.0517 6340 BITS - ok

12:21:12.0579 6340 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

12:21:12.0642 6340 blbdrive - ok

12:21:12.0688 6340 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

12:21:12.0829 6340 bowser - ok

12:21:12.0844 6340 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

12:21:12.0922 6340 BrFiltLo - ok

12:21:12.0938 6340 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

12:21:12.0969 6340 BrFiltUp - ok

12:21:13.0032 6340 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

12:21:13.0110 6340 BridgeMP - ok

12:21:13.0141 6340 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

12:21:13.0250 6340 Browser - ok

12:21:13.0297 6340 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

12:21:13.0406 6340 Brserid - ok

12:21:13.0422 6340 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

12:21:13.0468 6340 BrSerWdm - ok

12:21:13.0468 6340 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

12:21:13.0546 6340 BrUsbMdm - ok

12:21:13.0546 6340 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

12:21:13.0578 6340 BrUsbSer - ok

12:21:13.0624 6340 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys

12:21:13.0734 6340 BthEnum - ok

12:21:13.0749 6340 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

12:21:13.0796 6340 BTHMODEM - ok

12:21:13.0827 6340 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

12:21:13.0874 6340 BthPan - ok

12:21:13.0936 6340 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys

12:21:14.0046 6340 BTHPORT - ok

12:21:14.0077 6340 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

12:21:14.0170 6340 bthserv - ok

12:21:14.0186 6340 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys

12:21:14.0280 6340 BTHUSB - ok

12:21:14.0326 6340 btwaudio (a72a9101f9730db7332714e566614e4d) C:\windows\system32\drivers\btwaudio.sys

12:21:14.0436 6340 btwaudio - ok

12:21:14.0467 6340 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\windows\system32\DRIVERS\btwavdt.sys

12:21:14.0529 6340 btwavdt - ok

12:21:14.0670 6340 btwdins (c6e32a4a97b59743af1d255ab8caafe5) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

12:21:14.0779 6340 btwdins - ok

12:21:14.0810 6340 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys

12:21:14.0857 6340 btwl2cap - ok

12:21:14.0872 6340 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\windows\system32\DRIVERS\btwrchid.sys

12:21:14.0935 6340 btwrchid - ok

12:21:14.0966 6340 catchme - ok

12:21:14.0997 6340 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

12:21:15.0075 6340 cdfs - ok

12:21:15.0138 6340 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

12:21:15.0247 6340 cdrom - ok

12:21:15.0294 6340 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

12:21:15.0403 6340 CertPropSvc - ok

12:21:15.0450 6340 CipcCdp (18b2b8584fb1270df17ec1808dc3b82d) C:\windows\system32\DRIVERS\CipcCdp.sys

12:21:15.0528 6340 CipcCdp - ok

12:21:15.0559 6340 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

12:21:15.0606 6340 circlass - ok

12:21:15.0668 6340 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

12:21:15.0730 6340 CLFS - ok

12:21:15.0793 6340 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:21:15.0840 6340 clr_optimization_v2.0.50727_32 - ok

12:21:15.0886 6340 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:21:15.0918 6340 clr_optimization_v2.0.50727_64 - ok

12:21:15.0996 6340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:21:16.0105 6340 clr_optimization_v4.0.30319_32 - ok

12:21:16.0136 6340 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:21:16.0214 6340 clr_optimization_v4.0.30319_64 - ok

12:21:16.0245 6340 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

12:21:16.0308 6340 CmBatt - ok

12:21:16.0339 6340 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

12:21:16.0370 6340 cmdide - ok

12:21:16.0417 6340 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

12:21:16.0495 6340 CNG - ok

12:21:16.0573 6340 CnxtHdAudService (d7d489acf6db4c64f88f1a65739770f7) C:\windows\system32\drivers\CHDRT64.sys

12:21:16.0682 6340 CnxtHdAudService - ok

12:21:16.0713 6340 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

12:21:16.0744 6340 Compbatt - ok

12:21:16.0760 6340 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

12:21:16.0869 6340 CompositeBus - ok

12:21:16.0885 6340 COMSysApp - ok

12:21:16.0916 6340 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

12:21:16.0932 6340 crcdisk - ok

12:21:16.0978 6340 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

12:21:17.0103 6340 CryptSvc - ok

12:21:17.0150 6340 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys

12:21:17.0290 6340 CSC - ok

12:21:17.0368 6340 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll

12:21:17.0478 6340 CscService - ok

12:21:17.0524 6340 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys

12:21:17.0571 6340 dc3d - ok

12:21:17.0634 6340 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

12:21:17.0727 6340 DcomLaunch - ok

12:21:17.0758 6340 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

12:21:17.0852 6340 defragsvc - ok

12:21:17.0883 6340 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

12:21:18.0008 6340 DfsC - ok

12:21:18.0055 6340 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

12:21:18.0180 6340 Dhcp - ok

12:21:18.0211 6340 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

12:21:18.0289 6340 discache - ok

12:21:18.0336 6340 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

12:21:18.0382 6340 Disk - ok

12:21:18.0414 6340 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

12:21:18.0523 6340 Dnscache - ok

12:21:18.0570 6340 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

12:21:18.0679 6340 dot3svc - ok

12:21:18.0804 6340 DozeSvc (e6987f7818154791a6937bcc6655599b) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

12:21:18.0835 6340 DozeSvc - ok

12:21:18.0866 6340 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

12:21:18.0975 6340 DPS - ok

12:21:19.0022 6340 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

12:21:19.0069 6340 drmkaud - ok

12:21:19.0147 6340 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

12:21:19.0287 6340 DXGKrnl - ok

12:21:19.0303 6340 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\windows\system32\DRIVERS\DzHDD64.sys

12:21:19.0365 6340 DzHDD64 - ok

12:21:19.0396 6340 e1kexpress (f369e83f6cdab987ca2dd764278659a6) C:\windows\system32\DRIVERS\e1k62x64.sys

12:21:19.0474 6340 e1kexpress - ok

12:21:19.0506 6340 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

12:21:19.0599 6340 EapHost - ok

12:21:19.0818 6340 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

12:21:19.0942 6340 ebdrv - ok

12:21:20.0052 6340 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

12:21:20.0208 6340 EFS - ok

12:21:20.0286 6340 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

12:21:20.0442 6340 ehRecvr - ok

12:21:20.0473 6340 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

12:21:20.0566 6340 ehSched - ok

12:21:20.0644 6340 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

12:21:20.0707 6340 elxstor - ok

12:21:20.0863 6340 enterceptAgent (e411c3d86d3fce8373f4f73041cb3040) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

12:21:21.0066 6340 enterceptAgent - ok

12:21:21.0159 6340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

12:21:21.0222 6340 ErrDev - ok

12:21:21.0284 6340 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

12:21:21.0362 6340 EventSystem - ok

12:21:21.0409 6340 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

12:21:21.0487 6340 exfat - ok

12:21:21.0518 6340 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

12:21:21.0612 6340 fastfat - ok

12:21:21.0690 6340 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

12:21:21.0752 6340 Fax - ok

12:21:21.0768 6340 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

12:21:21.0814 6340 fdc - ok

12:21:21.0830 6340 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

12:21:21.0924 6340 fdPHost - ok

12:21:21.0939 6340 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

12:21:22.0002 6340 FDResPub - ok

12:21:22.0033 6340 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

12:21:22.0048 6340 FileInfo - ok

12:21:22.0064 6340 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

12:21:22.0126 6340 Filetrace - ok

12:21:22.0173 6340 Firehk (04eb7c3063834c50fef94ae77b05cbf9) C:\windows\system32\DRIVERS\firehk.sys

12:21:22.0220 6340 Firehk - ok

12:21:22.0220 6340 FirehkMP (04eb7c3063834c50fef94ae77b05cbf9) C:\windows\system32\DRIVERS\firehk.sys

12:21:22.0236 6340 FirehkMP - ok

12:21:22.0251 6340 firelm01 (42d51a3aac5d7811fe56ee660a6bdc82) C:\windows\system32\drivers\firelm01.sys

12:21:22.0314 6340 firelm01 - ok

12:21:22.0345 6340 FirePM (52985d550835de4c061af6745842bfa1) C:\windows\system32\Drivers\FirePM.sys

12:21:22.0423 6340 FirePM - ok

12:21:22.0454 6340 FireTDI (eb5a32e3d62ee719b2a23799f7a7c629) C:\Windows\system32\Drivers\FireTDI.sys

12:21:22.0516 6340 FireTDI - ok

12:21:22.0548 6340 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

12:21:22.0563 6340 flpydisk - ok

12:21:22.0610 6340 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

12:21:22.0688 6340 FltMgr - ok

12:21:22.0782 6340 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

12:21:22.0938 6340 FontCache - ok

12:21:23.0000 6340 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:21:23.0078 6340 FontCache3.0.0.0 - ok

12:21:23.0125 6340 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

12:21:23.0140 6340 FsDepends - ok

12:21:23.0187 6340 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\windows\system32\DRIVERS\fssfltr.sys

12:21:23.0234 6340 fssfltr - ok

12:21:23.0406 6340 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

12:21:23.0530 6340 fsssvc - ok

12:21:23.0655 6340 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

12:21:23.0718 6340 Fs_Rec - ok

12:21:23.0780 6340 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

12:21:23.0858 6340 fvevol - ok

12:21:23.0905 6340 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

12:21:23.0936 6340 gagp30kx - ok

12:21:23.0998 6340 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

12:21:24.0076 6340 gpsvc - ok

12:21:24.0186 6340 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:21:24.0217 6340 gupdate - ok

12:21:24.0248 6340 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:21:24.0279 6340 gupdatem - ok

12:21:24.0326 6340 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

12:21:24.0357 6340 gusvc - ok

12:21:24.0388 6340 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

12:21:24.0466 6340 hcw85cir - ok

12:21:24.0529 6340 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

12:21:24.0638 6340 HdAudAddService - ok

12:21:24.0700 6340 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

12:21:24.0763 6340 HDAudBus - ok

12:21:24.0794 6340 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

12:21:24.0856 6340 HECIx64 - ok

12:21:24.0872 6340 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

12:21:24.0919 6340 HidBatt - ok

12:21:24.0919 6340 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

12:21:24.0966 6340 HidBth - ok

12:21:24.0997 6340 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

12:21:25.0059 6340 HidIr - ok

12:21:25.0090 6340 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll

12:21:25.0153 6340 hidserv - ok

12:21:25.0184 6340 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

12:21:25.0247 6340 HidUsb - ok

12:21:25.0278 6340 HIPK (f891cf7cfe0c79a338532cc51a041863) C:\windows\system32\drivers\HIPK.sys

12:21:25.0356 6340 HIPK - ok

12:21:25.0356 6340 HIPPSK (0ee6520112c757acd976be6775214817) C:\windows\system32\drivers\HIPPSK.sys

12:21:25.0418 6340 HIPPSK - ok

12:21:25.0434 6340 HIPQK (040a3b1129b99a27f039bf69c7eb8ae8) C:\windows\system32\drivers\HIPQK.sys

12:21:25.0481 6340 HIPQK - ok

12:21:25.0559 6340 hips (0f1ea100c7270ce9263c7bf11ba6aa67) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

12:21:25.0637 6340 hips - ok

12:21:25.0668 6340 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

12:21:25.0761 6340 hkmsvc - ok

12:21:25.0793 6340 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

12:21:25.0933 6340 HomeGroupListener - ok

12:21:25.0964 6340 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

12:21:26.0011 6340 HomeGroupProvider - ok

12:21:26.0058 6340 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

12:21:26.0136 6340 HpSAMD - ok

12:21:26.0167 6340 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\windows\system32\Drivers\ANDROIDUSB.sys

12:21:26.0323 6340 HTCAND64 - ok

12:21:26.0354 6340 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\windows\system32\DRIVERS\htcnprot.sys

12:21:26.0417 6340 htcnprot - ok

12:21:26.0495 6340 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

12:21:26.0619 6340 HTTP - ok

12:21:26.0651 6340 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

12:21:26.0697 6340 hwpolicy - ok

12:21:26.0729 6340 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

12:21:26.0775 6340 i8042prt - ok

12:21:26.0838 6340 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys

12:21:26.0869 6340 iaStor - ok

12:21:26.0931 6340 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

12:21:27.0009 6340 iaStorV - ok

12:21:27.0041 6340 IBMPMDRV (3761fab385f1c2f51b2fad48cfabbe9d) C:\windows\system32\DRIVERS\ibmpmdrv.sys

12:21:27.0087 6340 IBMPMDRV - ok

12:21:27.0119 6340 IBMPMSVC (fc22310f3862e2c7c8722ef4778d5cc3) C:\windows\system32\ibmpmsvc.exe

12:21:27.0165 6340 IBMPMSVC - ok

12:21:27.0275 6340 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:21:27.0384 6340 idsvc - ok

12:21:28.0086 6340 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\windows\system32\DRIVERS\igdkmd64.sys

12:21:28.0538 6340 igfx - ok

12:21:28.0663 6340 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

12:21:28.0710 6340 iirsp - ok

12:21:28.0788 6340 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

12:21:28.0913 6340 IKEEXT - ok

12:21:28.0975 6340 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys

12:21:29.0115 6340 Impcd - ok

12:21:29.0147 6340 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\windows\system32\DRIVERS\IntcDAud.sys

12:21:29.0271 6340 IntcDAud - ok

12:21:29.0303 6340 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

12:21:29.0318 6340 intelide - ok

12:21:29.0349 6340 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

12:21:29.0381 6340 intelppm - ok

12:21:29.0427 6340 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

12:21:29.0490 6340 IPBusEnum - ok

12:21:29.0537 6340 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

12:21:29.0646 6340 IpFilterDriver - ok

12:21:29.0724 6340 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

12:21:29.0864 6340 iphlpsvc - ok

12:21:29.0895 6340 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

12:21:29.0958 6340 IPMIDRV - ok

12:21:29.0989 6340 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

12:21:30.0083 6340 IPNAT - ok

12:21:30.0114 6340 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

12:21:30.0207 6340 IRENUM - ok

12:21:30.0223 6340 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

12:21:30.0254 6340 isapnp - ok

12:21:30.0301 6340 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

12:21:30.0410 6340 iScsiPrt - ok

12:21:30.0441 6340 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

12:21:30.0457 6340 kbdclass - ok

12:21:30.0488 6340 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

12:21:30.0551 6340 kbdhid - ok

12:21:30.0582 6340 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

12:21:30.0613 6340 KeyIso - ok

12:21:30.0629 6340 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

12:21:30.0675 6340 KSecDD - ok

12:21:30.0691 6340 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

12:21:30.0769 6340 KSecPkg - ok

12:21:30.0785 6340 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

12:21:30.0831 6340 ksthunk - ok

12:21:30.0878 6340 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

12:21:30.0987 6340 KtmRm - ok

12:21:31.0034 6340 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll

12:21:31.0159 6340 LanmanServer - ok

12:21:31.0206 6340 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

12:21:31.0284 6340 LanmanWorkstation - ok

12:21:31.0362 6340 LENOVO.MICMUTE (c88eb33793420a79f601fb5e33e2edd9) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

12:21:31.0455 6340 LENOVO.MICMUTE - ok

12:21:31.0487 6340 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\windows\system32\DRIVERS\smiifx64.sys

12:21:31.0533 6340 lenovo.smi - ok

12:21:31.0565 6340 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

12:21:31.0627 6340 lltdio - ok

12:21:31.0674 6340 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

12:21:31.0783 6340 lltdsvc - ok

12:21:31.0814 6340 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

12:21:31.0861 6340 lmhosts - ok

12:21:31.0892 6340 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

12:21:31.0923 6340 LSI_FC - ok

12:21:31.0939 6340 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

12:21:31.0970 6340 LSI_SAS - ok

12:21:31.0970 6340 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

12:21:32.0001 6340 LSI_SAS2 - ok

12:21:32.0017 6340 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

12:21:32.0048 6340 LSI_SCSI - ok

12:21:32.0064 6340 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

12:21:32.0126 6340 luafv - ok

12:21:32.0220 6340 McAfee SiteAdvisor Enterprise Service (20f77f14fe972aa028454047632b2ac8) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

12:21:32.0251 6340 McAfee SiteAdvisor Enterprise Service - ok

12:21:32.0298 6340 McAfeeEngineService (5d992ca633358dd0e7a16d88829da087) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe

12:21:32.0360 6340 McAfeeEngineService - ok

12:21:32.0438 6340 McAfeeFramework (3ef9511390f9106dd8cf0747baeb335c) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

12:21:32.0469 6340 McAfeeFramework - ok

12:21:32.0485 6340 McShield (320bfa711222e371ef70e2acce7fa091) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe

12:21:32.0547 6340 McShield - ok

12:21:32.0594 6340 McTaskManager (3077feefa81b025390092f7fbf2b51c5) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

12:21:32.0594 6340 McTaskManager - ok

12:21:32.0625 6340 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

12:21:32.0688 6340 Mcx2Svc - ok

12:21:32.0688 6340 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

12:21:32.0719 6340 megasas - ok

12:21:32.0750 6340 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

12:21:32.0781 6340 MegaSR - ok

12:21:32.0813 6340 mfeapfk (07795c10658fa4350d222c7ef9077798) C:\windows\system32\drivers\mfeapfk.sys

12:21:32.0875 6340 mfeapfk - ok

12:21:32.0891 6340 mfeavfk (3825f334915733b85eed24f0640fadae) C:\windows\system32\drivers\mfeavfk.sys

12:21:32.0953 6340 mfeavfk - ok

12:21:32.0984 6340 MfeEERM (6962491bbb831657850dc38dbca2db16) C:\windows\system32\drivers\MfeEERM.sys

12:21:33.0062 6340 MfeEERM - ok

12:21:33.0109 6340 mfehidk (6fe6964a4b4797eb6ef253e0de8d64e4) C:\windows\system32\drivers\mfehidk.sys

12:21:33.0203 6340 mfehidk - ok

12:21:33.0218 6340 mferkdet (5f21288266b9b51a61272b192365e87c) C:\windows\system32\drivers\mferkdet.sys

12:21:33.0281 6340 mferkdet - ok

12:21:33.0296 6340 mfetdik (b6170fad509317a963be6d4c2e104d2f) C:\windows\system32\drivers\mfetdik.sys

12:21:33.0343 6340 mfetdik - ok

12:21:33.0374 6340 mfevtp (edee0ad70a1461ab45bd62a07751a34b) C:\windows\system32\mfevtps.exe

12:21:33.0421 6340 mfevtp - ok

12:21:33.0452 6340 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

12:21:33.0499 6340 MMCSS - ok

12:21:33.0530 6340 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

12:21:33.0593 6340 Modem - ok

12:21:33.0639 6340 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

12:21:33.0671 6340 monitor - ok

12:21:33.0733 6340 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

12:21:33.0764 6340 mouclass - ok

12:21:33.0795 6340 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

12:21:33.0842 6340 mouhid - ok

12:21:33.0873 6340 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

12:21:33.0951 6340 mountmgr - ok

12:21:33.0983 6340 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

12:21:34.0076 6340 mpio - ok

12:21:34.0107 6340 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

12:21:34.0154 6340 mpsdrv - ok

12:21:34.0248 6340 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

12:21:34.0373 6340 MpsSvc - ok

12:21:34.0404 6340 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

12:21:34.0513 6340 MRxDAV - ok

12:21:34.0560 6340 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

12:21:34.0716 6340 mrxsmb - ok

12:21:34.0763 6340 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

12:21:34.0887 6340 mrxsmb10 - ok

12:21:34.0965 6340 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

12:21:35.0059 6340 mrxsmb20 - ok

12:21:35.0075 6340 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

12:21:35.0137 6340 msahci - ok

12:21:35.0215 6340 MSCamSvc (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

12:21:35.0309 6340 MSCamSvc - ok

12:21:35.0340 6340 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

12:21:35.0433 6340 msdsm - ok

12:21:35.0465 6340 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

12:21:35.0511 6340 MSDTC - ok

12:21:35.0543 6340 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

12:21:35.0605 6340 Msfs - ok

12:21:35.0636 6340 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

12:21:35.0699 6340 mshidkmdf - ok

12:21:35.0730 6340 MSHUSBVideo (bb590070d606ae6f008341fc9a7b2ad7) C:\windows\system32\Drivers\nx6000.sys

12:21:35.0777 6340 MSHUSBVideo - ok

12:21:35.0823 6340 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

12:21:35.0839 6340 msisadrv - ok

12:21:35.0886 6340 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

12:21:35.0979 6340 MSiSCSI - ok

12:21:35.0995 6340 msiserver - ok

12:21:36.0026 6340 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

12:21:36.0089 6340 MSKSSRV - ok

12:21:36.0104 6340 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

12:21:36.0167 6340 MSPCLOCK - ok

12:21:36.0182 6340 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

12:21:36.0245 6340 MSPQM - ok

12:21:36.0291 6340 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

12:21:36.0369 6340 MsRPC - ok

12:21:36.0385 6340 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

12:21:36.0401 6340 mssmbios - ok

12:21:36.0416 6340 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

12:21:36.0479 6340 MSTEE - ok

12:21:36.0494 6340 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

12:21:36.0541 6340 MTConfig - ok

12:21:36.0572 6340 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

12:21:36.0588 6340 Mup - ok

12:21:36.0744 6340 MyDesktopWindows (29757099c684927c439847dd51a4fefa) C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe

12:21:36.0806 6340 MyDesktopWindows ( UnsignedFile.Multi.Generic ) - warning

12:21:36.0806 6340 MyDesktopWindows - detected UnsignedFile.Multi.Generic (1)

12:21:36.0853 6340 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

12:21:36.0947 6340 napagent - ok

12:21:37.0025 6340 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

12:21:37.0103 6340 NativeWifiP - ok

12:21:37.0196 6340 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

12:21:37.0243 6340 NDIS - ok

12:21:37.0274 6340 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

12:21:37.0337 6340 NdisCap - ok

12:21:37.0352 6340 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

12:21:37.0399 6340 NdisTapi - ok

12:21:37.0415 6340 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

12:21:37.0508 6340 Ndisuio - ok

12:21:37.0539 6340 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

12:21:37.0664 6340 NdisWan - ok

12:21:37.0711 6340 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

12:21:37.0789 6340 NDProxy - ok

12:21:37.0820 6340 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

12:21:37.0883 6340 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

12:21:37.0883 6340 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

12:21:37.0914 6340 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

12:21:37.0976 6340 NetBIOS - ok

12:21:38.0023 6340 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

12:21:38.0148 6340 NetBT - ok

12:21:38.0195 6340 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

12:21:38.0210 6340 Netlogon - ok

12:21:38.0257 6340 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

12:21:38.0351 6340 Netman - ok

12:21:38.0397 6340 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

12:21:38.0460 6340 netprofm - ok

12:21:38.0538 6340 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:21:38.0569 6340 NetTcpPortSharing - ok

12:21:39.0037 6340 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\windows\system32\DRIVERS\NETw5s64.sys

12:21:39.0365 6340 NETw5s64 - ok

12:21:39.0489 6340 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

12:21:39.0521 6340 nfrd960 - ok

12:21:39.0583 6340 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

12:21:39.0677 6340 NlaSvc - ok

12:21:39.0692 6340 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

12:21:39.0755 6340 Npfs - ok

12:21:39.0786 6340 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

12:21:39.0864 6340 nsi - ok

12:21:39.0879 6340 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

12:21:39.0942 6340 nsiproxy - ok

12:21:40.0067 6340 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

12:21:40.0223 6340 Ntfs - ok

12:21:40.0363 6340 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\windows\system32\DRIVERS\NuidFltr.sys

12:21:40.0457 6340 NuidFltr - ok

12:21:40.0488 6340 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

12:21:40.0550 6340 Null - ok

12:21:40.0581 6340 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

12:21:40.0644 6340 nvraid - ok

12:21:40.0675 6340 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

12:21:40.0753 6340 nvstor - ok

12:21:40.0784 6340 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

12:21:40.0815 6340 nv_agp - ok

12:21:40.0878 6340 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:21:40.0971 6340 odserv - ok

12:21:41.0003 6340 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

12:21:41.0065 6340 ohci1394 - ok

12:21:41.0112 6340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:21:41.0190 6340 ose - ok

12:21:41.0237 6340 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

12:21:41.0330 6340 p2pimsvc - ok

12:21:41.0377 6340 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

12:21:41.0439 6340 p2psvc - ok

12:21:41.0471 6340 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

12:21:41.0502 6340 Parport - ok

12:21:41.0533 6340 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

12:21:41.0595 6340 partmgr - ok

12:21:41.0673 6340 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

12:21:41.0736 6340 PassThru Service ( UnsignedFile.Multi.Generic ) - warning

12:21:41.0736 6340 PassThru Service - detected UnsignedFile.Multi.Generic (1)

12:21:41.0767 6340 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

12:21:41.0814 6340 PcaSvc - ok

12:21:41.0876 6340 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\windows\system32\DRIVERS\pccsmcfdx64.sys

12:21:41.0970 6340 pccsmcfd - ok

12:21:42.0001 6340 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

12:21:42.0110 6340 pci - ok

12:21:42.0126 6340 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

12:21:42.0141 6340 pciide - ok

12:21:42.0173 6340 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

12:21:42.0219 6340 pcmcia - ok

12:21:42.0235 6340 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

12:21:42.0251 6340 pcw - ok

12:21:42.0297 6340 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

12:21:42.0407 6340 PEAUTH - ok

12:21:42.0516 6340 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll

12:21:42.0672 6340 PeerDistSvc - ok

12:21:42.0750 6340 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

12:21:42.0812 6340 PerfHost - ok

12:21:43.0015 6340 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

12:21:43.0171 6340 pla - ok

12:21:43.0218 6340 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

12:21:43.0358 6340 PlugPlay - ok

12:21:43.0389 6340 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

12:21:43.0452 6340 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

12:21:43.0452 6340 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

12:21:43.0483 6340 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

12:21:43.0514 6340 PNRPAutoReg - ok

12:21:43.0561 6340 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

12:21:43.0592 6340 PNRPsvc - ok

12:21:43.0655 6340 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys

12:21:43.0733 6340 Point64 - ok

12:21:43.0779 6340 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

12:21:43.0904 6340 PolicyAgent - ok

12:21:43.0935 6340 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

12:21:44.0013 6340 Power - ok

12:21:44.0107 6340 Power Manager DBC Service (5bda59a2d27f18663c00aebadabaed07) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

12:21:44.0185 6340 Power Manager DBC Service - ok

12:21:44.0232 6340 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

12:21:44.0325 6340 PptpMiniport - ok

12:21:44.0372 6340 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

12:21:44.0403 6340 Processor - ok

12:21:44.0450 6340 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll

12:21:44.0528 6340 ProfSvc - ok

12:21:44.0559 6340 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

12:21:44.0575 6340 ProtectedStorage - ok

12:21:44.0606 6340 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

12:21:44.0715 6340 Psched - ok

12:21:44.0747 6340 PwmEWSvc (091e25def0bf73d129fe22e6767ffbe8) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE

12:21:44.0840 6340 PwmEWSvc ( UnsignedFile.Multi.Generic ) - warning

12:21:44.0840 6340 PwmEWSvc - detected UnsignedFile.Multi.Generic (1)

12:21:44.0965 6340 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

12:21:45.0074 6340 ql2300 - ok

12:21:45.0199 6340 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

12:21:45.0246 6340 ql40xx - ok

12:21:45.0339 6340 QOSMyDesktop (f87e3f7372b185566d6bae80399961dd) C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe

12:21:45.0402 6340 QOSMyDesktop ( UnsignedFile.Multi.Generic ) - warning

12:21:45.0402 6340 QOSMyDesktop - detected UnsignedFile.Multi.Generic (1)

12:21:45.0449 6340 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

12:21:45.0495 6340 QWAVE - ok

12:21:45.0511 6340 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

12:21:45.0558 6340 QWAVEdrv - ok

12:21:45.0589 6340 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

12:21:45.0636 6340 RasAcd - ok

12:21:45.0667 6340 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

12:21:45.0729 6340 RasAgileVpn - ok

12:21:45.0761 6340 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

12:21:45.0823 6340 RasAuto - ok

12:21:45.0870 6340 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

12:21:45.0948 6340 Rasl2tp - ok

12:21:45.0979 6340 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

12:21:46.0073 6340 RasMan - ok

12:21:46.0088 6340 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

12:21:46.0166 6340 RasPppoe - ok

12:21:46.0197 6340 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

12:21:46.0275 6340 RasSstp - ok

12:21:46.0307 6340 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

12:21:46.0400 6340 rdbss - ok

12:21:46.0431 6340 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

12:21:46.0463 6340 rdpbus - ok

12:21:46.0494 6340 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

12:21:46.0556 6340 RDPCDD - ok

12:21:46.0603 6340 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys

12:21:46.0728 6340 RDPDR - ok

12:21:46.0728 6340 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

12:21:46.0806 6340 RDPENCDD - ok

12:21:46.0821 6340 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

12:21:46.0884 6340 RDPREFMP - ok

12:21:46.0931 6340 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

12:21:47.0055 6340 RDPWD - ok

12:21:47.0102 6340 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

12:21:47.0196 6340 rdyboost - ok

12:21:47.0227 6340 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

12:21:47.0305 6340 RemoteAccess - ok

12:21:47.0336 6340 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

12:21:47.0430 6340 RemoteRegistry - ok

12:21:47.0477 6340 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

12:21:47.0523 6340 RFCOMM - ok

12:21:47.0555 6340 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\windows\system32\DRIVERS\rimspe64.sys

12:21:47.0679 6340 rimspci - ok

12:21:47.0711 6340 rixdpcie (be42f817597d3049960a54ce280c2493) C:\windows\system32\DRIVERS\rixdpe64.sys

12:21:47.0820 6340 rixdpcie - ok

12:21:47.0851 6340 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

12:21:47.0913 6340 RpcEptMapper - ok

12:21:47.0945 6340 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

12:21:47.0976 6340 RpcLocator - ok

12:21:48.0038 6340 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

12:21:48.0101 6340 RpcSs - ok

12:21:48.0132 6340 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

12:21:48.0194 6340 rspndr - ok

12:21:48.0241 6340 RsvLock (f2c5f396230b736215248bec914b1d3e) C:\windows\system32\drivers\RsvLock.sys

12:21:48.0288 6340 RsvLock - ok

12:21:48.0319 6340 s3cap (e60c0a09f997826c7627b244195ab581) C:\windows\system32\drivers\vms3cap.sys

12:21:48.0397 6340 s3cap - ok

12:21:48.0444 6340 SafeBoot (30bdf53bbd36ec5bc23769dff34b03e5) C:\windows\system32\drivers\SafeBoot.sys

12:21:48.0444 6340 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 30bdf53bbd36ec5bc23769dff34b03e5

12:21:48.0444 6340 SafeBoot ( LockedFile.Multi.Generic ) - warning

12:21:48.0444 6340 SafeBoot - detected LockedFile.Multi.Generic (1)

12:21:48.0553 6340 SafeBootClientManager (ecbc215270fa2753a35059ca3026db23) C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

12:21:48.0584 6340 SafeBootClientManager ( UnsignedFile.Multi.Generic ) - warning

12:21:48.0584 6340 SafeBootClientManager - detected UnsignedFile.Multi.Generic (1)

12:21:48.0631 6340 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

12:21:48.0662 6340 SamSs - ok

12:21:48.0693 6340 SBAlg (945847879212999199f78a840785d3bb) C:\windows\system32\drivers\SBAlg.sys

12:21:48.0756 6340 SBAlg - ok

12:21:48.0787 6340 SBAlg00 (158b4ec67f47a09b38fe5236f1920406) C:\windows\system32\drivers\SBAlg00.sys

12:21:48.0834 6340 SBAlg00 - ok

12:21:48.0865 6340 SBAlg01 (3788c365cfa56de62260068f51aac497) C:\windows\system32\drivers\SBAlg01.sys

12:21:48.0927 6340 SBAlg01 - ok

12:21:48.0943 6340 SBAlg11 (5cb01703fa2a757b7832882a78033326) C:\windows\system32\drivers\SBAlg11.sys

12:21:49.0005 6340 SBAlg11 - ok

12:21:49.0021 6340 SBAlg12 (fd8714a36c4646de22ddc7e36f6d09ef) C:\windows\system32\drivers\SBAlg12.sys

12:21:49.0068 6340 SBAlg12 - ok

12:21:49.0115 6340 SbCe (134ed5ea896095c6abc04f1974d1180c) C:\windows\system32\drivers\SbCe.sys

12:21:49.0224 6340 SbCe - ok

12:21:49.0239 6340 SbCeCd (b6c30ed245d127c36305ab9d1781cdf1) C:\windows\system32\drivers\SbCeCd.sys

12:21:49.0302 6340 SbCeCd - ok

12:21:49.0364 6340 SbCeCoreService (9ebdfcf2bbc421b43c13519a5e879ec3) C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe

12:21:49.0442 6340 SbCeCoreService - ok

12:21:49.0473 6340 SbFlop (afe6b8c10a2344a84afa461d38047738) C:\windows\system32\drivers\SbFlop.sys

12:21:49.0520 6340 SbFlop - ok

12:21:49.0567 6340 SbFsLock (5adde68127aa3598a1dc9763acf73152) C:\windows\system32\drivers\SbFsLock.sys

12:21:49.0614 6340 SbFsLock - ok

12:21:49.0661 6340 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

12:21:49.0723 6340 sbp2port - ok

12:21:49.0754 6340 SbRegFlt (7013fa21b3eacadd5cd231c05613488e) C:\windows\system32\drivers\SbRegFlt.sys

12:21:49.0817 6340 SbRegFlt - ok

12:21:49.0848 6340 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

12:21:49.0910 6340 SCardSvr - ok

12:21:49.0926 6340 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

12:21:50.0004 6340 scfilter - ok

12:21:50.0113 6340 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

12:21:50.0253 6340 Schedule - ok

12:21:50.0285 6340 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

12:21:50.0347 6340 SCPolicySvc - ok

12:21:50.0409 6340 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys

12:21:50.0503 6340 sdbus - ok

12:21:50.0550 6340 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

12:21:50.0659 6340 SDRSVC - ok

12:21:50.0690 6340 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

12:21:50.0753 6340 secdrv - ok

12:21:50.0768 6340 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

12:21:50.0862 6340 seclogon - ok

12:21:50.0893 6340 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll

12:21:50.0955 6340 SENS - ok

12:21:50.0971 6340 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

12:21:51.0049 6340 SensrSvc - ok

12:21:51.0065 6340 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

12:21:51.0111 6340 Serenum - ok

12:21:51.0143 6340 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

12:21:51.0189 6340 Serial - ok

12:21:51.0221 6340 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

12:21:51.0267 6340 sermouse - ok

12:21:51.0361 6340 ServiceLayer (8c1f87f5fdd92229d1754b98f073913f) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

12:21:51.0392 6340 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning

12:21:51.0392 6340 ServiceLayer - detected UnsignedFile.Multi.Generic (1)

12:21:51.0439 6340 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

12:21:51.0533 6340 SessionEnv - ok

12:21:51.0564 6340 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys

12:21:51.0657 6340 sffdisk - ok

12:21:51.0689 6340 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

12:21:51.0720 6340 sffp_mmc - ok

12:21:51.0735 6340 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\DRIVERS\sffp_sd.sys

12:21:51.0798 6340 sffp_sd - ok

12:21:51.0829 6340 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

12:21:51.0876 6340 sfloppy - ok

12:21:51.0938 6340 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

12:21:52.0032 6340 SharedAccess - ok

12:21:52.0094 6340 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

12:21:52.0188 6340 ShellHWDetection - ok

12:21:52.0250 6340 Shockprf (c45942985943fc4ab8a7ea7a92f29c00) C:\windows\system32\DRIVERS\Apsx64.sys

12:21:52.0344 6340 Shockprf - ok

12:21:52.0375 6340 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

12:21:52.0391 6340 SiSRaid2 - ok

12:21:52.0422 6340 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

12:21:52.0453 6340 SiSRaid4 - ok

12:21:52.0531 6340 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe

12:21:57.0164 6340 SkypeUpdate - ok

12:21:57.0242 6340 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

12:21:57.0336 6340 Smb - ok

12:21:57.0367 6340 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

12:21:57.0414 6340 SNMPTRAP - ok

12:21:57.0429 6340 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

12:21:57.0461 6340 spldr - ok

12:21:57.0523 6340 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

12:21:57.0648 6340 Spooler - ok

12:21:57.0897 6340 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

12:21:58.0038 6340 sppsvc - ok

12:21:58.0131 6340 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

12:21:58.0209 6340 sppuinotify - ok

12:21:58.0287 6340 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

12:21:58.0428 6340 srv - ok

12:21:58.0475 6340 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

12:21:58.0584 6340 srv2 - ok

12:21:58.0646 6340 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS

12:21:58.0724 6340 SrvHsfHDA - ok

12:21:58.0833 6340 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS

12:21:58.0927 6340 SrvHsfV92 - ok

12:21:59.0083 6340 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS

12:21:59.0177 6340 SrvHsfWinac - ok

12:21:59.0223 6340 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

12:21:59.0301 6340 srvnet - ok

12:21:59.0348 6340 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\windows\system32\DRIVERS\ssadbus.sys

12:21:59.0489 6340 ssadbus - ok

12:21:59.0520 6340 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\windows\system32\DRIVERS\ssadmdfl.sys

12:21:59.0660 6340 ssadmdfl - ok

12:21:59.0691 6340 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\windows\system32\DRIVERS\ssadmdm.sys

12:21:59.0785 6340 ssadmdm - ok

12:21:59.0816 6340 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

12:21:59.0894 6340 SSDPSRV - ok

12:21:59.0910 6340 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

12:21:59.0972 6340 SstpSvc - ok

12:21:59.0988 6340 StarOpen - ok

12:22:00.0019 6340 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

12:22:00.0050 6340 stexstor - ok

12:22:00.0113 6340 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

12:22:00.0206 6340 stisvc - ok

12:22:00.0237 6340 storflt (7785dc213270d2fc066538daf94087e7) C:\windows\system32\drivers\vmstorfl.sys

12:22:00.0315 6340 storflt - ok

12:22:00.0331 6340 StorSvc (c40841817ef57d491f22eb103da587cc) C:\windows\system32\storsvc.dll

12:22:00.0393 6340 StorSvc - ok

12:22:00.0425 6340 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\windows\system32\drivers\storvsc.sys

12:22:00.0471 6340 storvsc - ok

12:22:00.0503 6340 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

12:22:00.0518 6340 swenum - ok

12:22:00.0565 6340 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

12:22:00.0643 6340 swprv - ok

12:22:00.0783 6340 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

12:22:00.0939 6340 SysMain - ok

12:22:01.0064 6340 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

12:22:01.0158 6340 TabletInputService - ok

12:22:01.0205 6340 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

12:22:01.0314 6340 TapiSrv - ok

12:22:01.0361 6340 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

12:22:01.0423 6340 TBS - ok

12:22:01.0579 6340 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

12:22:01.0735 6340 Tcpip - ok

12:22:01.0953 6340 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

12:22:02.0047 6340 TCPIP6 - ok

12:22:02.0141 6340 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

12:22:02.0234 6340 tcpipreg - ok

12:22:02.0281 6340 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

12:22:02.0390 6340 TDPIPE - ok

12:22:02.0421 6340 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

12:22:02.0484 6340 TDTCP - ok

12:22:02.0531 6340 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

12:22:02.0655 6340 tdx - ok

12:22:02.0687 6340 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

12:22:02.0733 6340 TermDD - ok

12:22:02.0811 6340 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

12:22:02.0921 6340 TermService - ok

12:22:02.0967 6340 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

12:22:03.0014 6340 Themes - ok

12:22:03.0045 6340 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

12:22:03.0077 6340 THREADORDER - ok

12:22:03.0170 6340 TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

12:22:03.0264 6340 TomTomHOMEService - ok

12:22:03.0295 6340 TPDIGIMN (6db3fae611554dc373e266ed50111b1c) C:\windows\system32\DRIVERS\ApsHM64.sys

12:22:03.0342 6340 TPDIGIMN - ok

12:22:03.0373 6340 TPHDEXLGSVC (47d2009fdc682833ee03b6dcba23fdd2) C:\windows\system32\TPHDEXLG64.exe

12:22:03.0435 6340 TPHDEXLGSVC - ok

12:22:03.0498 6340 TPHKSVC (2cf225e19490f499528b926263fe4554) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

12:22:03.0591 6340 TPHKSVC - ok

12:22:03.0623 6340 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys

12:22:03.0654 6340 TPM - ok

12:22:03.0716 6340 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\windows\system32\drivers\Tppwr64v.sys

12:22:03.0794 6340 TPPWRIF - ok

12:22:03.0825 6340 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

12:22:03.0903 6340 TrkWks - ok

12:22:03.0966 6340 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

12:22:04.0091 6340 TrustedInstaller - ok

12:22:04.0137 6340 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

12:22:04.0215 6340 tssecsrv - ok

12:22:04.0247 6340 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

12:22:04.0356 6340 TsUsbFlt - ok

12:22:04.0403 6340 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

12:22:04.0512 6340 tunnel - ok

12:22:04.0543 6340 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

12:22:04.0559 6340 uagp35 - ok

12:22:04.0621 6340 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

12:22:04.0746 6340 udfs - ok

12:22:04.0777 6340 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

12:22:04.0808 6340 UI0Detect - ok

12:22:04.0855 6340 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

12:22:04.0871 6340 uliagpkx - ok

12:22:04.0917 6340 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

12:22:04.0980 6340 umbus - ok

12:22:05.0011 6340 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

12:22:05.0042 6340 UmPass - ok

12:22:05.0089 6340 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll

12:22:05.0167 6340 UmRdpService - ok

12:22:05.0214 6340 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

12:22:05.0307 6340 upnphost - ok

12:22:05.0354 6340 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys

12:22:05.0432 6340 usbaudio - ok

12:22:05.0479 6340 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

12:22:05.0619 6340 usbccgp - ok

12:22:05.0651 6340 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

12:22:05.0697 6340 usbcir - ok

12:22:05.0729 6340 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

12:22:05.0807 6340 usbehci - ok

12:22:05.0853 6340 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

12:22:05.0963 6340 usbhub - ok

12:22:05.0994 6340 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

12:22:06.0056 6340 usbohci - ok

12:22:06.0103 6340 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

12:22:06.0150 6340 usbprint - ok

12:22:06.0181 6340 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

12:22:06.0290 6340 USBSTOR - ok

12:22:06.0306 6340 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

12:22:06.0399 6340 usbuhci - ok

12:22:06.0415 6340 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

12:22:06.0509 6340 usbvideo - ok

12:22:06.0540 6340 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

12:22:06.0602 6340 UxSms - ok

12:22:06.0649 6340 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

12:22:06.0665 6340 VaultSvc - ok

12:22:06.0711 6340 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

12:22:06.0743 6340 vdrvroot - ok

12:22:06.0805 6340 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

12:22:06.0945 6340 vds - ok

12:22:06.0977 6340 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

12:22:07.0008 6340 vga - ok

12:22:07.0023 6340 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

12:22:07.0086 6340 VgaSave - ok

12:22:07.0133 6340 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

12:22:07.0226 6340 vhdmp - ok

12:22:07.0242 6340 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

12:22:07.0273 6340 viaide - ok

12:22:07.0289 6340 vmbus (86ea3e79ae350fea5331a1303054005f) C:\windows\system32\drivers\vmbus.sys

12:22:07.0367 6340 vmbus - ok

12:22:07.0382 6340 VMBusHID (7de90b48f210d29649380545db45a187) C:\windows\system32\drivers\VMBusHID.sys

12:22:07.0445 6340 VMBusHID - ok

12:22:07.0476 6340 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

12:22:07.0538 6340 volmgr - ok

12:22:07.0554 6340 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

12:22:07.0647 6340 volmgrx - ok

12:22:07.0679 6340 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

12:22:07.0757 6340 volsnap - ok

12:22:07.0866 6340 vpnagent (193d323a88f442334d652ac5c1f56414) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

12:22:07.0975 6340 vpnagent - ok

12:22:08.0006 6340 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\windows\system32\DRIVERS\vpnva64.sys

12:22:08.0069 6340 vpnva - ok

12:22:08.0100 6340 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

12:22:08.0147 6340 vsmraid - ok

12:22:08.0271 6340 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

12:22:08.0427 6340 VSS - ok

12:22:08.0537 6340 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

12:22:08.0599 6340 vwifibus - ok

12:22:08.0630 6340 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

12:22:08.0661 6340 vwififlt - ok

12:22:08.0739 6340 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

12:22:08.0817 6340 W32Time - ok

12:22:08.0833 6340 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

12:22:08.0880 6340 WacomPen - ok

12:22:08.0927 6340 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

12:22:09.0020 6340 WANARP - ok

12:22:09.0036 6340 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

12:22:09.0083 6340 Wanarpv6 - ok

12:22:09.0192 6340 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

12:22:09.0348 6340 WatAdminSvc - ok

12:22:09.0473 6340 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

12:22:09.0629 6340 wbengine - ok

12:22:09.0753 6340 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

12:22:09.0800 6340 WbioSrvc - ok

12:22:09.0863 6340 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

12:22:09.0956 6340 wcncsvc - ok

12:22:09.0972 6340 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

12:22:10.0065 6340 WcsPlugInService - ok

12:22:10.0097 6340 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

12:22:10.0128 6340 Wd - ok

12:22:10.0190 6340 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

12:22:10.0268 6340 Wdf01000 - ok

12:22:10.0284 6340 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

12:22:10.0377 6340 WdiServiceHost - ok

12:22:10.0377 6340 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

12:22:10.0409 6340 WdiSystemHost - ok

12:22:10.0455 6340 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

12:22:10.0549 6340 WebClient - ok

12:22:10.0596 6340 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

12:22:10.0674 6340 Wecsvc - ok

12:22:10.0705 6340 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

12:22:10.0767 6340 wercplsupport - ok

12:22:10.0799 6340 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

12:22:10.0861 6340 WerSvc - ok

12:22:10.0923 6340 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

12:22:11.0017 6340 WfpLwf - ok

12:22:11.0048 6340 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

12:22:11.0064 6340 WIMMount - ok

12:22:11.0095 6340 WinDefend - ok

12:22:11.0126 6340 WinHttpAutoProxySvc - ok

12:22:11.0189 6340 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

12:22:11.0282 6340 Winmgmt - ok

12:22:11.0438 6340 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

12:22:11.0594 6340 WinRM - ok

12:22:11.0750 6340 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

12:22:11.0813 6340 WinUsb - ok

12:22:11.0891 6340 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

12:22:11.0984 6340 Wlansvc - ok

12:22:12.0062 6340 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:22:12.0140 6340 wlcrasvc - ok

12:22:12.0327 6340 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:22:12.0483 6340 wlidsvc - ok

12:22:12.0608 6340 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

12:22:12.0655 6340 WmiAcpi - ok

12:22:12.0717 6340 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

12:22:12.0795 6340 wmiApSrv - ok

12:22:12.0842 6340 WMPNetworkSvc - ok

12:22:12.0873 6340 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

12:22:12.0951 6340 WPCSvc - ok

12:22:12.0983 6340 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

12:22:13.0045 6340 WPDBusEnum - ok

12:22:13.0076 6340 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

12:22:13.0123 6340 ws2ifsl - ok

12:22:13.0139 6340 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll

12:22:13.0185 6340 wscsvc - ok

12:22:13.0201 6340 WSearch - ok

12:22:13.0357 6340 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll

12:22:13.0529 6340 wuauserv - ok

12:22:13.0653 6340 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

12:22:13.0763 6340 WudfPf - ok

12:22:13.0794 6340 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

12:22:13.0934 6340 WUDFRd - ok

12:22:13.0965 6340 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

12:22:14.0028 6340 wudfsvc - ok

12:22:14.0075 6340 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

12:22:14.0137 6340 WwanSvc - ok

12:22:14.0184 6340 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

12:22:14.0496 6340 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

12:22:14.0496 6340 \Device\Harddisk0\DR0 - detected TDSS File System (1)

12:22:14.0527 6340 Boot (0x1200) (9d53a81218feda0ebfedbae44202fda3) \Device\Harddisk0\DR0\Partition0

12:22:14.0527 6340 \Device\Harddisk0\DR0\Partition0 - ok

12:22:14.0527 6340 Boot (0x1200) (bf0cd63da3e780197dc2cbae1bec41c6) \Device\Harddisk0\DR0\Partition1

12:22:14.0527 6340 \Device\Harddisk0\DR0\Partition1 - ok

12:22:14.0558 6340 Boot (0x1200) (82e5af2408c35412d08c7b3d722502ff) \Device\Harddisk0\DR0\Partition2

12:22:14.0558 6340 \Device\Harddisk0\DR0\Partition2 - ok

12:22:14.0558 6340 ============================================================

12:22:14.0558 6340 Scan finished

12:22:14.0558 6340 ============================================================

12:22:14.0574 5564 Detected object count: 10

12:22:14.0574 5564 Actual detected object count: 10

12:23:12.0497 5564 MyDesktopWindows ( UnsignedFile.Multi.Generic ) - skipped by user

12:23:12.0497 5564 MyDesktopWindows ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:23:12.0497 5564 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

12:23:12.0497 5564 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:23:12.0512 5564 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user

12:23:12.0512 5564 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:23:12.0512 5564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

12:23:12.0512 5564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:23:12.0512 5564 PwmEWSvc ( UnsignedFile.Multi.Generic ) - skipped by user

12:23:12.0512 5564 PwmEWSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:23:12.0512 5564 QOSMyDesktop ( UnsignedFile.Multi.Generic ) - skipped by user

12:23:12.0512 5564 QOSMyDesktop ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:23:12.0512 5564 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user

12:23:12.0512 5564 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip

12:23:12.0512 5564 SafeBootClientManager ( UnsignedFile.Multi.Generic ) - skipped by user

12:23:12.0512 5564 SafeBootClientManager ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:23:12.0512 5564 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user

12:23:12.0512 5564 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:23:12.0512 5564 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

12:23:12.0512 5564 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

3. Checkup log

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

McAfee VirusScan Enterprise

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

McAfee AntiSpyware Enterprise Module

Spybot - Search & Destroy

McAfee SiteAdvisor Enterprise Plus

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 29

Java version out of Date!

Adobe Reader X (10.1.3)

````````Process Check: objlist.exe by Laurent````````

McAfee VirusScan Enterprise x64 engineserver.exe

McAfee VirusScan Enterprise vstskmgr.exe

McAfee VirusScan Enterprise x64 mcshield.exe

McAfee VirusScan Enterprise x64 mfeann.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

[Maurice Naggar]

No need to run DrWebCure-it.

It is important you keep going on running these tools in a timely manner. Do as much as possible of the following.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member joecris only. If you are a casual viewer, do NOT try this on your system!

If you are not joecris and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

You have RKILL from before. Run it one more time.

Step 2

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 5

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• Right click on RSITx64.exe & select Run as Administrator to start RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
  

Edited June 25, 2012 by Maurice Naggar

[joecris]

Maurice, I'm unable to post the logs as I get a 'post too long' error message. Should I create a new thread?

[Maurice Naggar]

No, please, not a new thread. Use the attach feature (if needed). Press the More Reply Options button. Then, >> press Browse.....locate your log/file .....then press Attach This file.

Do that as many times as needed. You may also use a separate reply for each log.

My preference is to Copy & Paste logs In-line ....but it is more important to get moving on fixes.

[joecris]

Hi Maurice, This post has two logs attached - rkill, combofix

rkill.log

Edited July 2, 2012 by Maurice Naggar
re-attach Combofix log

[joecris]

And this one has the following attachments - aswMBR, rsit.

As usual, when I ran MBAM (in full scan as instructed) it closed unannounced and so it did not leave a log. I re-ran MBAM to find infections in quarantine. I deleted these and rebooted. I followed this up with a quick scan (with anti-virus deactivated) and again it closed by itself with no logs created. The quarantine folder was empty.

Also, McAffee Onaccess scanner picked up combofix.exe as an artermis trojan. I deleted this. Should I download another copy an re-run this?

Many thanks!

Logfile of random's system information tool 1.09 (written by random/random)

Run by jcrisologo at 2012-06-26 17:47:39

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 122 GB (61%) free of 201 GB

Total RAM: 3892 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:48:01 PM, on 26/06/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\trend micro\jcrisologo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.oracleads.com;*.us.oracle.com;*.oraclecorp.com;*.uk.oracle.com;*.sg.oracle.com;*.au.oracle.com;*.nz.oracle.com;*.ap.oracle.com;*.in.oracle.com;*.tw.oracle.com;*.jp.oracle.com;*.cn.oracle.com;*.kr.oracle.com;*.th.oracle.com;*.oracle.com;*.;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [safeBootTrayManager] "C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

O4 - HKLM\..\Run: [safeBootTokenWatcher] "C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\RunOnce: [ClickToCallConfig] C:\ProgramData\Oracle\BaseImage\config\realplayerent_config.exe /SS=YES (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [iPCConfig] C:\ProgramData\Oracle\BaseImage\config\cisco_ipcommunicator-cfg.exe /SS=YES (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [ClickToCallConfig] C:\ProgramData\Oracle\BaseImage\config\realplayerent_config.exe /SS=YES (User 'Default user')

O4 - .DEFAULT User Startup: startControlconfig.lnk = C:\ProgramData\Oracle\Baseimage\utils\startControlConfig.hta (User 'Default user')

O4 - Global Startup: Bluetooth.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {75D1753A-6250-4894-8E33-30969331D642} (Siebel iHelp) - https://gcmau.oraclecorp.com/prmmanager_enu/20436/applets/SiebelAx_iHelp.cab

O16 - DPF: {9392A5E9-E2B1-4090-B58A-84216D06DBB9} (Siebel High Interactivity Framework) - https://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D847E32E-BEE3-4B37-A1E2-D5AF9099A8AC} (Siebel High Interactivity Framework) - https://global-crm.oraclecorp.com/prmmanager_enu/20436/applets/SiebelAx_HI_Client.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://enablement20.webex.com/client/WBXclient-T27L10NSP28EP2-12243/nbr/ieatgpc1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = au.oracle.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = au.oracle.com

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = au.oracle.com

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\windows\system32\ibmpmsvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: MyDesktopService (MyDesktopWindows) - Oracle Corporation - C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Unknown owner - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE

O23 - Service: QOS MyDesktop (QOSMyDesktop) - Oracle - C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: SafeBoot Client Manager (SafeBootClientManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Endpoint Encryption Core Service (SbCeCoreService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)

O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 17862 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\ibmpmsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9b6a748a-6aa8-4213-b653-d48812885992 -SystemEventPortName:HostProcess-670edb52-85e0-4328-9666-7d19f8ca69fc -IoCancelEventPortName:HostProcess-10f97456-be3b-45b6-b47c-8cf278243bc7 -NonStateChangingEventPortName:HostProcess-48bf391a-ea66-42d0-81dc-e5df8f8366a2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6ac49389-82e7-4792-8ed4-3b44491c531a

"C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"

C:\windows\system32\svchost.exe -k NetworkService

winlogon.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe"

"C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe"

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"

"C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe"

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe"

"C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe"

"C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe"

"C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe"

"C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe" /ServiceStart

"C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe"

C:\windows\system32\mfevtps.exe

"C:\Program Files\Microsoft LifeCam\MSCamS64.exe"

C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe

C:\windows\System32\svchost.exe -k HPZ12

"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"

C:\windows\System32\svchost.exe -k HPZ12

C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe

"C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe"

"C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe" -Embedding

"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe"

"C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE"

WLIDSvcM.exe 3056

"C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe" 2224

\??\C:\windows\system32\conhost.exe "-1518321036-9060827531236450459796359485948068372-227880525789078051044892860

"C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe" -Embedding

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\SearchIndexer.exe /Embedding

"taskhost.exe"

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

"C:\windows\system32\Dwm.exe"

C:\windows\Explorer.EXE

"C:\Windows\System32\TpShocks.exe"

"C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe"

"C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Microsoft LifeChat\LifeChat.exe"

"C:\Program Files\Microsoft IntelliType Pro\itype.exe"

C:\windows\system32\igfxsrvc.exe -Embedding

"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

"C:\Windows\System32\igfxtray.exe"

"C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeProxy32.exe" -Embedding

"C:\Windows\System32\hkcmd.exe"

"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

"C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"

"C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe"

"C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe"

"C:\Program Files\Lenovo\Zoom\TpScrex.exe"

"C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

"C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe"

"C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

"C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe"

"C:\Windows\System32\rundll32.exe" C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

"C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"

"C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

/load

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\windows\system32\igfxext.exe -Embedding

"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"

{B656F006-5A88-4403-903F-0FAE55608616}

"C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:456 CREDAT:71937

"C:\Users\jcrisologo\Desktop\RSITx64.exe"

C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job

C:\windows\tasks\GoogleUpdateTaskMachineCore.job

C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-06-13 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll [2012-06-13 346168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-01-03 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll [2011-03-29 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-06-13 192112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-06-13 1003576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2010-03-25 116032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll [2011-03-29 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-03 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-06-13 253040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2010-03-25 116032]

{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll [2011-03-29 176936]

{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll [2011-03-29 176936]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-06-13 192112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"TpShocks"=C:\windows\system32\TpShocks.exe [2009-12-11 380776]

"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2009-12-21 69568]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe []

"SbCeCore"=C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCore.exe [2010-12-18 388936]

"Persistence"=C:\windows\system32\igfxpers.exe [2009-12-31 410136]

"LifeChat"=C:\Program Files\Microsoft LifeChat\LifeChat.exe [2009-09-24 371712]

"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-08-01 1873288]

"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01 2417032]

"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-12-31 166424]

"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-12-31 390680]

"EEPCSyncNotify"=C:\ProgramData\Oracle\BaseImage\eepc-sync-notify.exe [2011-12-21 560312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2012-05-04 21392]

"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2012-05-16 11921064]

"KiesHelper"=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2012-05-04 955792]

"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-06-13 39408]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2011-06-20 180224]

"ShStatEXE"=C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [2010-08-25 124224]

"SafeBootTrayManager"=C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe [2009-08-19 69632]

"SafeBootTokenWatcher"=C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe [2011-07-28 172092]

"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor []

"McAfee Host Intrusion Prevention Tray"=C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [2010-02-16 979104]

"LifeCam"=C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2010-12-13 135536]

"HTC Sync Loader"=C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-01 634880]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2012-05-04 3521424]

"McAfeeUpdaterUI"=C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [2011-11-15 333376]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\windows\system32\igfxdev.dll [2010-11-29 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2010-11-20 290304]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=sbnp

scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SbCeCoreService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"disablecad"=0

"HideFastUserSwitching"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"Btn_Home"=0

"Btn_Fullscreen"=0

"Btn_Tools"=0

"Btn_Print"=0

"Btn_Edit"=0

"Btn_Cut"=0

"Btn_Copy"=0

"Btn_Paste"=0

"Btn_Encoding"=0

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoMSAppLogo5ChannelNotify"=0

"NoBandCustomize"=0

"NoDrives"=0

"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

"wave2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux2"=wdmaud.drv

"wave4"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer4"=wdmaud.drv

"aux3"=wdmaud.drv

"wave5"=wdmaud.drv

"midi4"=wdmaud.drv

"mixer5"=wdmaud.drv

"aux4"=wdmaud.drv

"wave6"=wdmaud.drv

"midi5"=wdmaud.drv

"mixer6"=wdmaud.drv

"wave7"=wdmaud.drv

"midi6"=wdmaud.drv

"mixer7"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-06-26 17:47:39 ----D---- C:\rsit

2012-06-26 17:47:39 ----D---- C:\Program Files\trend micro

2012-06-26 17:15:03 ----A---- C:\windows\SYSWOW64\api_hook_list.dat

2012-06-26 17:15:03 ----A---- C:\windows\system32\api_hook_list.dat

2012-06-26 09:57:38 ----D---- C:\windows\temp

2012-06-26 09:30:50 ----D---- C:\$RECYCLE.BIN

2012-06-24 13:45:53 ----A---- C:\windows\SYSWOW64\HIPIS0e011b3.dll

2012-06-24 13:45:53 ----A---- C:\windows\system32\HIPIS0e011b3.dll

2012-06-16 22:17:58 ----A---- C:\windows\system32\ieframe.dll

2012-06-16 22:17:57 ----A---- C:\windows\SYSWOW64\ieframe.dll

2012-06-16 22:17:56 ----A---- C:\windows\system32\mshtml.dll

2012-06-16 22:17:54 ----A---- C:\windows\SYSWOW64\mshtml.dll

2012-06-16 22:17:54 ----A---- C:\windows\system32\msfeeds.dll

2012-06-16 22:17:53 ----A---- C:\windows\SYSWOW64\msfeeds.dll

2012-06-16 22:17:51 ----A---- C:\windows\SYSWOW64\iertutil.dll

2012-06-16 22:17:51 ----A---- C:\windows\system32\mshtmled.dll

2012-06-16 22:17:50 ----A---- C:\windows\SYSWOW64\urlmon.dll

2012-06-16 22:17:50 ----A---- C:\windows\SYSWOW64\mshtmled.dll

2012-06-16 22:17:50 ----A---- C:\windows\system32\urlmon.dll

2012-06-16 22:17:49 ----A---- C:\windows\SYSWOW64\wininet.dll

2012-06-16 22:17:49 ----A---- C:\windows\system32\wininet.dll

2012-06-16 22:17:47 ----A---- C:\windows\SYSWOW64\ieui.dll

2012-06-16 22:17:47 ----A---- C:\windows\system32\ieui.dll

2012-06-16 22:17:46 ----A---- C:\windows\system32\iertutil.dll

2012-06-16 22:17:44 ----A---- C:\windows\SYSWOW64\url.dll

2012-06-16 22:17:44 ----A---- C:\windows\SYSWOW64\jsproxy.dll

2012-06-16 22:17:44 ----A---- C:\windows\system32\url.dll

2012-06-16 22:17:44 ----A---- C:\windows\system32\jsproxy.dll

2012-06-16 16:08:14 ----A---- C:\windows\system32\rdrmemptylst.exe

2012-06-16 16:08:14 ----A---- C:\windows\system32\rdpwsx.dll

2012-06-16 16:08:14 ----A---- C:\windows\system32\rdpcorekmts.dll

2012-06-16 15:45:12 ----A---- C:\windows\system32\ntoskrnl.exe

2012-06-16 15:45:10 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe

2012-06-16 15:45:09 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe

2012-06-16 15:43:42 ----A---- C:\windows\system32\win32k.sys

2012-06-16 15:43:34 ----A---- C:\windows\system32\drivers\rdpwd.sys

2012-06-13 11:34:20 ----D---- C:\Users\jcrisologo\AppData\Roaming\Google

2012-06-13 11:33:56 ----D---- C:\Program Files\Google

2012-06-13 11:33:39 ----D---- C:\ProgramData\Google

2012-06-12 09:23:27 ----A---- C:\windows\zip.exe

2012-06-12 09:23:27 ----A---- C:\windows\SWSC.exe

2012-06-12 09:23:27 ----A---- C:\windows\SWREG.exe

2012-06-12 09:23:27 ----A---- C:\windows\sed.exe

2012-06-12 09:23:27 ----A---- C:\windows\PEV.exe

2012-06-12 09:23:27 ----A---- C:\windows\NIRCMD.exe

2012-06-12 09:23:27 ----A---- C:\windows\MBR.exe

2012-06-12 09:23:27 ----A---- C:\windows\grep.exe

2012-06-12 09:22:57 ----AD---- C:\Qoobox

2012-06-11 14:21:24 ----D---- C:\windows\ERDNT

2012-06-11 14:19:25 ----D---- C:\Program Files (x86)\ERUNT

2012-06-09 10:00:55 ----A---- C:\windows\system32\aswBoot.exe

2012-06-09 09:59:53 ----D---- C:\ProgramData\AVAST Software

2012-06-09 09:59:53 ----D---- C:\Program Files\AVAST Software

2012-05-27 14:24:26 ----D---- C:\ProgramData\InstallShield

2012-05-27 13:44:45 ----D---- C:\Program Files (x86)\Magellan

2012-05-27 13:44:45 ----D---- C:\MagellanDrivers

======List of files/folders modified in the last 1 month======

2012-06-26 17:47:58 ----D---- C:\windows\Prefetch

2012-06-26 17:47:39 ----RD---- C:\Program Files

2012-06-26 17:25:23 ----D---- C:\windows\system32\config

2012-06-26 17:15:18 ----AD---- C:\Windows

2012-06-26 17:15:04 ----D---- C:\windows\SysWOW64

2012-06-26 17:15:03 ----AD---- C:\windows\System32

2012-06-26 09:57:40 ----D---- C:\windows\system32\drivers

2012-06-26 09:35:52 ----D---- C:\Quarantine

2012-06-26 09:32:12 ----D---- C:\windows\system32\wdi

2012-06-26 09:31:01 ----A---- C:\windows\system.ini

2012-06-26 09:30:48 ----D---- C:\windows\system32\drivers\etc

2012-06-26 09:21:17 ----D---- C:\windows\SYSWOW64\drivers

2012-06-26 09:21:16 ----D---- C:\windows\AppPatch

2012-06-26 09:21:13 ----D---- C:\Program Files\Common Files

2012-06-26 09:21:13 ----D---- C:\Program Files (x86)\Common Files

2012-06-26 09:01:38 ----SHD---- C:\System Volume Information

2012-06-26 07:50:23 ----SHD---- C:\windows\Installer

2012-06-24 13:52:46 ----D---- C:\windows\inf

2012-06-24 13:52:46 ----A---- C:\windows\system32\PerfStringBackup.INI

2012-06-23 14:28:21 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe

2012-06-20 22:46:55 ----D---- C:\Users\jcrisologo\AppData\Roaming\Skype

2012-06-18 09:56:03 ----AD---- C:\ProgramData

2012-06-17 13:29:10 ----D---- C:\windows\Microsoft.NET

2012-06-17 13:28:45 ----RSD---- C:\windows\assembly

2012-06-17 13:11:27 ----D---- C:\ProgramData\Skype

2012-06-17 13:11:27 ----D---- C:\Config.Msi

2012-06-17 12:36:14 ----D---- C:\windows\winsxs

2012-06-17 12:33:44 ----D---- C:\windows\SYSWOW64\migration

2012-06-17 12:33:44 ----D---- C:\Program Files (x86)\Internet Explorer

2012-06-17 12:33:42 ----D---- C:\windows\system32\migration

2012-06-17 12:33:41 ----D---- C:\Program Files\Internet Explorer

2012-06-17 10:41:48 ----D---- C:\ProgramData\Microsoft Help

2012-06-16 15:55:22 ----D---- C:\windows\system32\catroot2

2012-06-16 15:55:22 ----D---- C:\windows\system32\catroot

2012-06-15 20:16:30 ----D---- C:\Users\jcrisologo\AppData\Roaming\uTorrent

2012-06-14 21:07:57 ----D---- C:\Users\jcrisologo\AppData\Roaming\vlc

2012-06-13 11:33:55 ----D---- C:\Program Files (x86)\Google

2012-06-12 09:49:46 ----A---- C:\windows\ntbtlog.txt

2012-06-11 20:46:46 ----A---- C:\windows\SYSWOW64\KevlarSigs.dll

2012-06-11 14:19:25 ----RD---- C:\Program Files (x86)

2012-06-09 10:04:08 ----D---- C:\windows\system32\Tasks

2012-06-08 01:50:23 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-01 13:39:09 ----D---- C:\windows\system32\DriverStore

2012-05-27 17:50:48 ----D---- C:\Users\jcrisologo\AppData\Roaming\Spotify

2012-05-27 13:46:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DzHDD64;DzHDD64; C:\windows\System32\DRIVERS\DzHDD64.sys [2011-04-19 31344]

R0 FirePM;McAfee HIP Component FirePM; C:\windows\system32\Drivers\FirePM.sys [2010-02-16 187808]

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]

R0 MfeEERM;MfeEERM; C:\windows\system32\drivers\MfeEERM.sys [2010-12-18 226504]

R0 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [2010-08-25 470808]

R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2011-07-28 62792]

R0 SBAlg;SBAlg; C:\windows\system32\drivers\SBAlg.sys [2011-10-11 60128]

R0 SBAlg00;SBAlg00; C:\windows\system32\drivers\SBAlg00.sys [2009-06-04 18176]

R0 SBAlg01;SBAlg01; C:\windows\system32\drivers\SBAlg01.sys [2009-06-04 18176]

R0 SBAlg11;SBAlg11; C:\windows\system32\drivers\SBAlg11.sys [2009-06-04 36096]

R0 SBAlg12;SBAlg12; C:\windows\system32\drivers\SBAlg12.sys [2009-06-04 60160]

R0 SbCe;SbCe; C:\windows\system32\drivers\SbCe.sys [2010-12-18 698312]

R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2011-07-28 15688]

R0 Shockprf;Shockprf; C:\windows\System32\DRIVERS\Apsx64.sys [2009-10-09 136744]

R0 TPDIGIMN;TPDIGIMN; C:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-20 514560]

R1 FireTDI;McAfee HIP Component FireTDI; \??\C:\Windows\system32\Drivers\FireTDI.sys [2010-02-16 254520]

R1 lenovo.smi;Lenovo System Interface Driver; C:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]

R1 mfetdik;McAfee Inc. mfetdik; C:\windows\system32\drivers\mfetdik.sys [2010-08-25 84424]

R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2011-07-28 58184]

R1 SbFlop;SbFlop; C:\windows\system32\drivers\SbFlop.sys [2011-07-28 23368]

R1 SbRegFlt;SbRegFlt; C:\windows\system32\drivers\SbRegFlt.sys [2011-07-28 15688]

R1 TPPWRIF;TPPWRIF; C:\windows\System32\drivers\Tppwr64v.sys [2011-04-19 14960]

R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 CipcCdp;Cisco IP Communicator driver for CDP; C:\windows\system32\DRIVERS\CipcCdp.sys [2010-07-21 27200]

R2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2010-01-20 682040]

R3 dc3d;MS Hardware Device Detection Driver (USB); C:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\windows\system32\DRIVERS\e1k62x64.sys [2009-12-10 294064]

R3 FirehkMP;FirehkMP; C:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]

R3 firelm01;firelm01; \??\C:\windows\system32\drivers\firelm01.sys [2010-02-16 39480]

R3 HECIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

R3 HIPK;McAfee Inc. HIPK; C:\windows\system32\drivers\HIPK.sys [2009-11-24 138776]

R3 HIPPSK;McAfee Inc. HIPPSK; C:\windows\system32\drivers\HIPPSK.sys [2009-11-24 45424]

R3 HIPQK;McAfee Inc. HIPQK; C:\windows\system32\drivers\HIPQK.sys [2009-11-24 40152]

R3 IBMPMDRV;IBMPMDRV; C:\windows\system32\DRIVERS\ibmpmdrv.sys [2009-11-18 32880]

R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2010-11-29 12252192]

R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]

R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]

R3 mfeapfk;McAfee Inc. mfeapfk; C:\windows\system32\drivers\mfeapfk.sys [2010-08-25 98088]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\windows\system32\drivers\mfeavfk.sys [2010-08-25 120224]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETw5s64.sys [2010-04-05 7680512]

R3 NuidFltr;NUID filter driver; C:\windows\system32\DRIVERS\NuidFltr.sys [2011-04-13 23960]

R3 Point64;Microsoft IntelliPoint Filter Driver; C:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

R3 SbCeCd;SbCeCd; C:\windows\system32\drivers\SbCeCd.sys [2010-12-18 132808]

R3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]

R3 SrvHsfHDA;SrvHsfHDA; C:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-11 292864]

R3 SrvHsfV92;SrvHsfV92; C:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-11 1485312]

R3 SrvHsfWinac;SrvHsfWinac; C:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-11 740864]

R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]

S3 BthEnum;Bluetooth Enumerator Service; C:\windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552960]

S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]

S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-06-17 98344]

S3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-06-17 132648]

S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-17 35104]

S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-06-17 21288]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 Firehk;McAfee NDIS Intermediate Filter; C:\windows\system32\DRIVERS\firehk.sys [2008-10-17 56648]

S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488]

S3 HTCAND64;HTC Device Driver; C:\windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]

S3 htcnprot;HTC NDIS Protocol Driver; C:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]

S3 mferkdet;McAfee Inc. mferkdet; C:\windows\system32\drivers\mferkdet.sys [2010-08-25 78768]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver; C:\windows\System32\Drivers\nx6000.sys [2010-12-13 36720]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]

S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

S3 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe64.sys [2009-09-29 55808]

S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]

S3 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys []

S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]

S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64; C:\windows\system32\DRIVERS\vpnva64.sys [2011-06-11 22264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2010-06-11 873248]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]

R2 enterceptAgent;McAfee Host Intrusion Prevention Service; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [2010-02-16 1498224]

R2 hips;McAfee HIPSCore Service; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [2009-11-24 39840]

R2 IBMPMSVC;ThinkPad PM Service; C:\windows\system32\ibmpmsvc.exe [2009-11-18 45928]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]

R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2010-03-25 226624]

R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-08-25 20792]

R2 McAfeeFramework;McAfee Framework Service; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-11-15 132672]

R2 McShield;McAfee McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-08-25 181480]

R2 McTaskManager;McAfee Task Manager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-08-25 66880]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\windows\system32\mfevtps.exe [2010-08-25 77968]

R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [2010-12-13 194416]

R2 MyDesktopWindows;MyDesktopService; C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [2011-10-29 1038848]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]

R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 27136]

R2 PwmEWSvc;Cisco EnergyWise Enabler; C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-04-19 143360]

R2 QOSMyDesktop;QOS MyDesktop; C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [2009-10-14 470016]

R2 SafeBootClientManager;SafeBoot Client Manager; C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2011-07-28 385084]

R2 SbCeCoreService;McAfee Endpoint Encryption Core Service; C:\Program Files (x86)\McAfee\Endpoint Encryption for Files and Folders\SbCeCoreService.exe [2010-12-18 203080]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]

R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-06-11 641464]

R3 DozeSvc;Lenovo Doze Mode Service; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-04-19 477032]

R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]

R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-25 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-06-13 182768]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]

S3 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-04-19 83304]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]

S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\windows\System32\TPHDEXLG64.exe [2009-10-09 47656]

-----------------EOF-----------------

aswMBR.txt

Edited July 2, 2012 by Maurice Naggar

[Maurice Naggar]

Also, McAffee Onaccess scanner picked up combofix.exe as an artermis trojan. I deleted this. Should I download another copy an re-run this?

No, do not run anything. Wait for my next reply. First, I need to review your last logs.

Speaking of logs: do NOT attach them. That takes up more time, and it is much easier to read the logs Inline (within the main body of reply).

On McAfee: you should have made certain that McAfee was completly OFF before starting Combofix.

Tell me: is your McAfee license current / up-to-date ?

[Maurice Naggar]

More questions for you:

Does the computer-in-question belong to your company or does it belong to you, or a friend/relative?

It appears that encryption is used on this system. such as McAfee encryption? any MS Windows encryption too?

Has this pc ever been without antivirus?

What antivirus, if any, was installed before McAfee?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!