Jump to content

Olmarik.tdl4 remnant issues. Help appreciated.


Recommended Posts

I noticed a few days ago that, all of a sudden, even though I could connect to the Internet/other websites, whenever I tried to search through Google I would get a 404 error saying I could not connect to Google's site. I ran Malwarebytes and it found some kind of Rootkit trojan, then after I removed it and restarted, Google search worked; I thought the problem went away but when I tried Google search a few hours later, I got the same "cannot connect" error message.

I ran my AV software, ESET NOD32, which did not detect anything at first, and then I ran TDSSKiller, which caught the fact I was infected with the Olmarik.tdl4 trojan at which point my AV software now "caught" and alerted that Olmarik.tdl4 was detected in my system and quarantined it.

I am experiencing the Google search issues again so I came in here asking for help. I have attached my DDS and Attach files. I would appreciate any help in getting this trojan (and others, if any are lurking in my system) completely removed and making my computer malware free. Thanks for your help.

Note: I previously ran Rogue Killer to try and see if that would detect anything. Any time I ran it, when I clicked Scan, it would start and then all of a sudden my computer would BSOD. I restarted, ran it again, and then it BSOD'd again. After this second failure, I decided not to try it again anymore. However, when I restarted my computer after the second time, although my desktop would load, the taskbar would not (it would either not appear, or if it did appear, it would not respond and I couldn't click anything on it). Another issue I found was that I could not click any of my desktop icons and my Start menu was unaccessible. Even when I pressed the "Windows" key on my keyboard, the Start menu would not appear. Even trying to bring up the Task Manager through "Ctrl-Alt-Del" did not do anything. Basically, my computer was frozen/unusable.

Luckily I was able to restart, boot into safe mode, restore my computer to an earlier point before I ran Rogue Killer, and this seemed to solve the issue. Just wanted to point this out in case the first recommendation was to try to run RK.

dds.txt

attach.txt

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Hello jgowell21 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please manually delete your TDSSKiller copy and then download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log file

Link to post
Share on other sites

Hi Maniac, thanks for your reply and support. Although I understand this computer may never be safe because of the Backdoor, I would like to try to fix it for now.

Here is the information you requested:

1) TDSSKiller log

10:03:14.0234 6068 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30

10:03:14.0671 6068 ============================================================

10:03:14.0671 6068 Current date / time: 2012/07/23 10:03:14.0671

10:03:14.0671 6068 SystemInfo:

10:03:14.0671 6068

10:03:14.0671 6068 OS Version: 5.1.2600 ServicePack: 3.0

10:03:14.0671 6068 Product type: Workstation

10:03:14.0671 6068 ComputerName: BCS-FF2C23D2798

10:03:14.0671 6068 UserName: d

10:03:14.0671 6068 Windows directory: C:\WINDOWS

10:03:14.0671 6068 System windows directory: C:\WINDOWS

10:03:14.0671 6068 Processor architecture: Intel x86

10:03:14.0671 6068 Number of processors: 2

10:03:14.0671 6068 Page size: 0x1000

10:03:14.0671 6068 Boot type: Normal boot

10:03:14.0671 6068 ============================================================

10:03:15.0625 6068 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054

10:03:15.0625 6068 ============================================================

10:03:15.0625 6068 \Device\Harddisk0\DR0:

10:03:15.0625 6068 MBR partitions:

10:03:15.0625 6068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE4D0800

10:03:15.0625 6068 ============================================================

10:03:15.0625 6068 C: <-> \Device\Harddisk0\DR0\Partition0

10:03:15.0625 6068 ============================================================

10:03:15.0625 6068 Initialize success

10:03:15.0625 6068 ============================================================

10:03:22.0781 5036 ============================================================

10:03:22.0781 5036 Scan started

10:03:22.0781 5036 Mode: Manual; SigCheck; TDLFS;

10:03:22.0781 5036 ============================================================

10:03:22.0890 5036 5U875UVC (42b72495b6d3390ec54850d8036a7d7c) C:\WINDOWS\system32\DRIVERS\RCUVCMNP.sys

10:03:23.0625 5036 5U875UVC - ok

10:03:23.0640 5036 Abiosdsk - ok

10:03:23.0640 5036 abp480n5 - ok

10:03:23.0656 5036 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:03:23.0968 5036 ACPI - ok

10:03:23.0968 5036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

10:03:24.0109 5036 ACPIEC - ok

10:03:24.0125 5036 ADMonitor (a71390ee50feff7f799f3cb0c4a98533) C:\WINDOWS\system32\ADMonitor.exe

10:03:24.0125 5036 ADMonitor ( UnsignedFile.Multi.Generic ) - warning

10:03:24.0125 5036 ADMonitor - detected UnsignedFile.Multi.Generic (1)

10:03:24.0140 5036 adpu160m - ok

10:03:24.0156 5036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:03:24.0296 5036 aec - ok

10:03:24.0296 5036 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

10:03:24.0328 5036 AFD - ok

10:03:24.0328 5036 Aha154x - ok

10:03:24.0343 5036 aic78u2 - ok

10:03:24.0343 5036 aic78xx - ok

10:03:24.0359 5036 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

10:03:24.0468 5036 Alerter - ok

10:03:24.0468 5036 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

10:03:24.0531 5036 ALG - ok

10:03:24.0531 5036 AliIde - ok

10:03:24.0531 5036 ALvldr (ae68476b848da5ae8329bd47daec1b29) C:\WINDOWS\system32\DRIVERS\ALvldr.sys

10:03:24.0578 5036 ALvldr ( UnsignedFile.Multi.Generic ) - warning

10:03:24.0578 5036 ALvldr - detected UnsignedFile.Multi.Generic (1)

10:03:24.0578 5036 amsint - ok

10:03:24.0593 5036 ApfiltrService (baaa6516aec2622b8fba6165ff5d68c2) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

10:03:24.0625 5036 ApfiltrService - ok

10:03:24.0640 5036 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:03:24.0656 5036 Apple Mobile Device - ok

10:03:24.0671 5036 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

10:03:24.0718 5036 AppMgmt - ok

10:03:24.0734 5036 asc - ok

10:03:24.0734 5036 asc3350p - ok

10:03:24.0734 5036 asc3550 - ok

10:03:24.0765 5036 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

10:03:24.0781 5036 aspnet_state - ok

10:03:24.0796 5036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:03:24.0921 5036 AsyncMac - ok

10:03:24.0937 5036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:03:25.0046 5036 atapi - ok

10:03:25.0046 5036 Atdisk - ok

10:03:25.0062 5036 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:03:25.0203 5036 Atmarpc - ok

10:03:25.0312 5036 ATService (9c4df8d13e5ea12a747bad0773d47b01) C:\WINDOWS\system32\AtService.exe

10:03:25.0671 5036 ATService - ok

10:03:25.0734 5036 ATSwpWDF (2540b733f644b200dba9aa64d870de8d) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys

10:03:26.0015 5036 ATSwpWDF - ok

10:03:26.0015 5036 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

10:03:26.0140 5036 AudioSrv - ok

10:03:26.0140 5036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:03:26.0281 5036 audstub - ok

10:03:26.0281 5036 AX88772 - ok

10:03:26.0296 5036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:03:26.0421 5036 Beep - ok

10:03:26.0453 5036 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

10:03:26.0593 5036 BITS - ok

10:03:26.0609 5036 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

10:03:26.0734 5036 Browser - ok

10:03:26.0734 5036 catchme - ok

10:03:26.0750 5036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:03:26.0875 5036 cbidf2k - ok

10:03:26.0890 5036 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

10:03:27.0015 5036 CCDECODE - ok

10:03:27.0031 5036 cd20xrnt - ok

10:03:27.0031 5036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:03:27.0171 5036 Cdaudio - ok

10:03:27.0187 5036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:03:27.0296 5036 Cdfs - ok

10:03:27.0312 5036 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:03:27.0453 5036 Cdrom - ok

10:03:27.0453 5036 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

10:03:27.0484 5036 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

10:03:27.0484 5036 cercsr6 - detected UnsignedFile.Multi.Generic (1)

10:03:27.0484 5036 Changer - ok

10:03:27.0500 5036 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

10:03:27.0609 5036 CiSvc - ok

10:03:27.0609 5036 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

10:03:27.0734 5036 ClipSrv - ok

10:03:27.0750 5036 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:03:27.0765 5036 clr_optimization_v2.0.50727_32 - ok

10:03:27.0781 5036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:03:27.0796 5036 clr_optimization_v4.0.30319_32 - ok

10:03:27.0812 5036 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

10:03:27.0937 5036 CmBatt - ok

10:03:27.0937 5036 CmdIde - ok

10:03:28.0000 5036 CnxtHdAudService (8e00f3c5697f967e3529309657e462cb) C:\WINDOWS\system32\drivers\CHDAU32.sys

10:03:28.0296 5036 CnxtHdAudService - ok

10:03:28.0296 5036 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

10:03:28.0437 5036 Compbatt - ok

10:03:28.0437 5036 COMSysApp - ok

10:03:28.0453 5036 Cpqarray - ok

10:03:28.0468 5036 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

10:03:28.0484 5036 cpudrv - ok

10:03:28.0484 5036 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

10:03:28.0609 5036 CryptSvc - ok

10:03:28.0609 5036 dac2w2k - ok

10:03:28.0609 5036 dac960nt - ok

10:03:28.0640 5036 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

10:03:28.0921 5036 DcomLaunch - ok

10:03:28.0937 5036 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

10:03:29.0078 5036 Dhcp - ok

10:03:29.0093 5036 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:03:29.0234 5036 Disk - ok

10:03:29.0234 5036 DisplayLinkFilter (b9945d61ecc0afa6e0e13a7c120ad4cd) C:\WINDOWS\system32\DRIVERS\DisplayLinkFilter.sys

10:03:29.0265 5036 DisplayLinkFilter - ok

10:03:29.0265 5036 DisplayLinkmirror (b27a1c70013724709b2e712a747b5c78) C:\WINDOWS\system32\DRIVERS\DisplayLinkmirrorport.sys

10:03:29.0281 5036 DisplayLinkmirror - ok

10:03:29.0562 5036 DisplayLinkService (3404bb885d265549c2fcc7cb24b4828d) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

10:03:30.0078 5036 DisplayLinkService - ok

10:03:30.0109 5036 dmadmin - ok

10:03:30.0140 5036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:03:30.0562 5036 dmboot - ok

10:03:30.0578 5036 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

10:03:30.0703 5036 dmio - ok

10:03:30.0718 5036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:03:30.0828 5036 dmload - ok

10:03:30.0843 5036 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

10:03:30.0953 5036 dmserver - ok

10:03:30.0953 5036 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:03:31.0078 5036 DMusic - ok

10:03:31.0078 5036 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

10:03:31.0109 5036 Dnscache - ok

10:03:31.0125 5036 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

10:03:31.0234 5036 Dot3svc - ok

10:03:31.0234 5036 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys

10:03:31.0281 5036 DozeHDD - ok

10:03:31.0296 5036 DozeSvc (003acee8650bfd49e4121289bbf59480) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

10:03:31.0312 5036 DozeSvc - ok

10:03:31.0312 5036 dpti2o - ok

10:03:31.0328 5036 dqbridge (caace74359c1845c0703df131fdd5676) C:\WINDOWS\system32\DRIVERS\dqbridge.sys

10:03:31.0343 5036 dqbridge ( UnsignedFile.Multi.Generic ) - warning

10:03:31.0343 5036 dqbridge - detected UnsignedFile.Multi.Generic (1)

10:03:31.0343 5036 dqusb (22c1879ea61b615c21369d5f0835c979) C:\WINDOWS\system32\DRIVERS\dqusb.sys

10:03:31.0375 5036 dqusb - ok

10:03:31.0375 5036 dqVDDrv (5d115c71939c06aeb5468115f307460a) C:\WINDOWS\system32\DRIVERS\dqVDDrvK.sys

10:03:31.0406 5036 dqVDDrv ( UnsignedFile.Multi.Generic ) - warning

10:03:31.0406 5036 dqVDDrv - detected UnsignedFile.Multi.Generic (1)

10:03:31.0406 5036 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:03:31.0546 5036 drmkaud - ok

10:03:31.0562 5036 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

10:03:31.0609 5036 dtsoftbus01 - ok

10:03:31.0609 5036 dtsvc (f74f18dff9fb2797c3df33c75962ee2e) C:\WINDOWS\system32\DTS.exe

10:03:31.0625 5036 dtsvc ( UnsignedFile.Multi.Generic ) - warning

10:03:31.0625 5036 dtsvc - detected UnsignedFile.Multi.Generic (1)

10:03:31.0640 5036 e1yexpress (25c954c8e80eeca41dfc03946ef3fbf4) C:\WINDOWS\system32\DRIVERS\e1y5132.sys

10:03:31.0687 5036 e1yexpress - ok

10:03:31.0703 5036 eamon (55e754e04c09daf19fc0054e72713d80) C:\WINDOWS\system32\DRIVERS\eamon.sys

10:03:31.0718 5036 eamon - ok

10:03:31.0734 5036 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

10:03:31.0843 5036 EapHost - ok

10:03:31.0859 5036 ehdrv (6f2441c26d74bde88c25e240a2720eeb) C:\WINDOWS\system32\DRIVERS\ehdrv.sys

10:03:31.0890 5036 ehdrv - ok

10:03:31.0906 5036 EhttpSrv (ee0f138e023787de4d3f1c86a6907cc4) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

10:03:31.0921 5036 EhttpSrv - ok

10:03:31.0968 5036 ekrn (cd76857c30bb34d5d9e02a7c9de5fb9e) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

10:03:32.0281 5036 ekrn - ok

10:03:32.0296 5036 epfwtdir (a8317313533e02d573e9da4962ce1bad) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

10:03:32.0343 5036 epfwtdir - ok

10:03:32.0359 5036 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

10:03:32.0468 5036 ERSvc - ok

10:03:32.0484 5036 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

10:03:32.0500 5036 Eventlog - ok

10:03:32.0515 5036 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

10:03:32.0546 5036 EventSystem - ok

10:03:32.0593 5036 EvtEng (8597822f0e0eaa61a9ffd18778828792) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

10:03:32.0687 5036 EvtEng - ok

10:03:32.0703 5036 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:03:32.0812 5036 Fastfat - ok

10:03:32.0812 5036 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:03:32.0843 5036 FastUserSwitchingCompatibility - ok

10:03:32.0843 5036 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

10:03:32.0984 5036 Fdc - ok

10:03:33.0000 5036 FingerprintServer (f0213914c54cb202efd69968357e6386) C:\WINDOWS\system32\FpLogonServ.exe

10:03:33.0000 5036 FingerprintServer ( UnsignedFile.Multi.Generic ) - warning

10:03:33.0000 5036 FingerprintServer - detected UnsignedFile.Multi.Generic (1)

10:03:33.0000 5036 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:03:33.0140 5036 Fips - ok

10:03:33.0140 5036 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

10:03:33.0281 5036 Flpydisk - ok

10:03:33.0296 5036 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

10:03:33.0421 5036 FltMgr - ok

10:03:33.0437 5036 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

10:03:33.0453 5036 FontCache3.0.0.0 - ok

10:03:33.0453 5036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:03:33.0593 5036 Fs_Rec - ok

10:03:33.0609 5036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:03:33.0734 5036 Ftdisk - ok

10:03:33.0734 5036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

10:03:33.0750 5036 GEARAspiWDM - ok

10:03:33.0765 5036 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:03:33.0890 5036 Gpc - ok

10:03:33.0906 5036 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

10:03:34.0046 5036 HDAudBus - ok

10:03:34.0062 5036 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

10:03:34.0171 5036 helpsvc - ok

10:03:34.0187 5036 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

10:03:34.0296 5036 HidServ - ok

10:03:34.0312 5036 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:03:34.0437 5036 HidUsb - ok

10:03:34.0453 5036 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

10:03:34.0593 5036 hkmsvc - ok

10:03:34.0593 5036 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys

10:03:34.0640 5036 HPFXBULK - ok

10:03:34.0640 5036 hpn - ok

10:03:34.0656 5036 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys

10:03:34.0671 5036 HTCAND32 - ok

10:03:34.0687 5036 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys

10:03:34.0703 5036 htcnprot - ok

10:03:34.0718 5036 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:03:34.0796 5036 HTTP - ok

10:03:34.0796 5036 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

10:03:34.0906 5036 HTTPFilter - ok

10:03:34.0906 5036 i2omgmt - ok

10:03:34.0921 5036 i2omp - ok

10:03:34.0921 5036 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:03:35.0078 5036 i8042prt - ok

10:03:35.0203 5036 ialm (7df53bb1f78de5dca8ac842868d34b01) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

10:03:35.0546 5036 ialm - ok

10:03:35.0578 5036 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

10:03:35.0593 5036 IBMPMDRV - ok

10:03:35.0593 5036 IBMPMSVC (06af18300c5b511a3d85c3e0b7909c10) C:\WINDOWS\system32\ibmpmsvc.exe

10:03:35.0609 5036 IBMPMSVC - ok

10:03:35.0671 5036 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:03:35.0984 5036 idsvc - ok

10:03:36.0000 5036 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:03:36.0140 5036 Imapi - ok

10:03:36.0140 5036 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

10:03:36.0265 5036 ImapiService - ok

10:03:36.0265 5036 ini910u - ok

10:03:36.0281 5036 IntelIde - ok

10:03:36.0296 5036 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:03:36.0421 5036 intelppm - ok

10:03:36.0437 5036 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

10:03:36.0593 5036 Ip6Fw - ok

10:03:36.0593 5036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:03:36.0703 5036 IpFilterDriver - ok

10:03:36.0718 5036 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:03:36.0843 5036 IpInIp - ok

10:03:36.0859 5036 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:03:37.0000 5036 IpNat - ok

10:03:37.0046 5036 iPod Service (32cdedd15e2d1a557cd54552ae78ff86) C:\Program Files\iPod\bin\iPodService.exe

10:03:37.0343 5036 iPod Service - ok

10:03:37.0359 5036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:03:37.0468 5036 IPSec - ok

10:03:37.0468 5036 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:03:37.0515 5036 IRENUM - ok

10:03:37.0531 5036 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:03:37.0656 5036 isapnp - ok

10:03:37.0671 5036 JavaQuickStarterService (bc0feada7a5a69787c70b03ebc51b582) C:\Program Files\Java\jre7\bin\jqs.exe

10:03:37.0703 5036 JavaQuickStarterService - ok

10:03:37.0703 5036 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:03:37.0812 5036 Kbdclass - ok

10:03:37.0828 5036 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:03:37.0937 5036 kbdhid - ok

10:03:37.0953 5036 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:03:38.0062 5036 kmixer - ok

10:03:38.0062 5036 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:03:38.0109 5036 KSecDD - ok

10:03:38.0125 5036 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

10:03:38.0140 5036 lanmanserver - ok

10:03:38.0156 5036 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

10:03:38.0171 5036 lanmanworkstation - ok

10:03:38.0171 5036 lbrtfdc - ok

10:03:38.0187 5036 LENOVO.MICMUTE (c88eb33793420a79f601fb5e33e2edd9) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

10:03:38.0203 5036 LENOVO.MICMUTE - ok

10:03:38.0203 5036 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys

10:03:38.0234 5036 lenovo.smi - ok

10:03:38.0250 5036 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

10:03:38.0359 5036 LmHosts - ok

10:03:38.0375 5036 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys

10:03:38.0390 5036 MBAMProtector - ok

10:03:38.0437 5036 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

10:03:38.0718 5036 MBAMService - ok

10:03:38.0718 5036 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

10:03:38.0843 5036 Messenger - ok

10:03:38.0843 5036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:03:38.0968 5036 mnmdd - ok

10:03:38.0984 5036 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

10:03:39.0093 5036 mnmsrvc - ok

10:03:39.0093 5036 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:03:39.0203 5036 Modem - ok

10:03:39.0218 5036 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:03:39.0343 5036 Mouclass - ok

10:03:39.0359 5036 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:03:39.0484 5036 mouhid - ok

10:03:39.0484 5036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:03:39.0593 5036 MountMgr - ok

10:03:39.0609 5036 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

10:03:39.0656 5036 MozillaMaintenance - ok

10:03:39.0656 5036 mraid35x - ok

10:03:39.0671 5036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:03:39.0828 5036 MRxDAV - ok

10:03:39.0843 5036 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:03:39.0890 5036 MRxSmb - ok

10:03:39.0906 5036 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

10:03:40.0015 5036 MSDTC - ok

10:03:40.0031 5036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:03:40.0171 5036 Msfs - ok

10:03:40.0187 5036 MSIServer - ok

10:03:40.0187 5036 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:03:40.0312 5036 MSKSSRV - ok

10:03:40.0328 5036 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:03:40.0453 5036 MSPCLOCK - ok

10:03:40.0453 5036 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:03:40.0562 5036 MSPQM - ok

10:03:40.0578 5036 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:03:40.0703 5036 mssmbios - ok

10:03:40.0703 5036 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

10:03:40.0843 5036 MSTEE - ok

10:03:40.0843 5036 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:03:40.0890 5036 Mup - ok

10:03:40.0906 5036 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

10:03:41.0046 5036 NABTSFEC - ok

10:03:41.0062 5036 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

10:03:41.0171 5036 napagent - ok

10:03:41.0187 5036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:03:41.0312 5036 NDIS - ok

10:03:41.0312 5036 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

10:03:41.0421 5036 NdisIP - ok

10:03:41.0421 5036 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:03:41.0468 5036 NdisTapi - ok

10:03:41.0468 5036 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:03:41.0609 5036 Ndisuio - ok

10:03:41.0609 5036 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:03:41.0718 5036 NdisWan - ok

10:03:41.0718 5036 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:03:41.0750 5036 NDProxy - ok

10:03:41.0750 5036 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\WINDOWS\system32\HPZinw12.dll

10:03:41.0750 5036 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

10:03:41.0750 5036 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

10:03:41.0765 5036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:03:41.0906 5036 NetBIOS - ok

10:03:41.0906 5036 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:03:42.0015 5036 NetBT - ok

10:03:42.0031 5036 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

10:03:42.0140 5036 NetDDE - ok

10:03:42.0156 5036 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

10:03:42.0265 5036 NetDDEdsdm - ok

10:03:42.0265 5036 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:03:42.0375 5036 Netlogon - ok

10:03:42.0390 5036 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

10:03:42.0500 5036 Netman - ok

10:03:42.0515 5036 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:03:42.0546 5036 NetTcpPortSharing - ok

10:03:42.0906 5036 NETw5x32 (e0e8dfcd98bdbe8468f0202a64541222) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

10:03:43.0562 5036 NETw5x32 - ok

10:03:43.0593 5036 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

10:03:43.0625 5036 Nla - ok

10:03:43.0640 5036 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:03:43.0765 5036 Npfs - ok

10:03:43.0812 5036 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:03:43.0984 5036 Ntfs - ok

10:03:43.0984 5036 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:03:44.0093 5036 NtLmSsp - ok

10:03:44.0125 5036 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

10:03:44.0265 5036 NtmsSvc - ok

10:03:44.0281 5036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:03:44.0406 5036 Null - ok

10:03:44.0421 5036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:03:44.0562 5036 NwlnkFlt - ok

10:03:44.0562 5036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:03:44.0859 5036 NwlnkFwd - ok

10:03:44.0875 5036 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:03:44.0890 5036 ose - ok

10:03:44.0890 5036 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

10:03:45.0031 5036 Parport - ok

10:03:45.0031 5036 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:03:45.0171 5036 PartMgr - ok

10:03:45.0171 5036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:03:45.0296 5036 ParVdm - ok

10:03:45.0312 5036 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

10:03:45.0312 5036 PassThru Service ( UnsignedFile.Multi.Generic ) - warning

10:03:45.0312 5036 PassThru Service - detected UnsignedFile.Multi.Generic (1)

10:03:45.0328 5036 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:03:45.0437 5036 PCI - ok

10:03:45.0453 5036 PCIDump - ok

10:03:45.0453 5036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

10:03:45.0609 5036 PCIIde - ok

10:03:45.0625 5036 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:03:45.0734 5036 Pcmcia - ok

10:03:45.0734 5036 PDCOMP - ok

10:03:45.0750 5036 PDFRAME - ok

10:03:45.0750 5036 PDRELI - ok

10:03:45.0765 5036 PDRFRAME - ok

10:03:45.0765 5036 perc2 - ok

10:03:45.0765 5036 perc2hib - ok

10:03:45.0796 5036 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

10:03:45.0812 5036 PlugPlay - ok

10:03:45.0812 5036 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\WINDOWS\system32\HPZipm12.dll

10:03:45.0828 5036 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

10:03:45.0828 5036 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

10:03:45.0828 5036 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:03:45.0937 5036 PolicyAgent - ok

10:03:45.0953 5036 Power Manager DBC Service (03622184b29fe20a2f3071ec9c5560ca) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

10:03:45.0953 5036 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning

10:03:45.0953 5036 Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)

10:03:45.0953 5036 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:03:46.0093 5036 PptpMiniport - ok

10:03:46.0093 5036 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:03:46.0203 5036 ProtectedStorage - ok

10:03:46.0218 5036 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys

10:03:46.0234 5036 psadd - ok

10:03:46.0250 5036 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:03:46.0390 5036 PSched - ok

10:03:46.0406 5036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:03:46.0500 5036 Ptilink - ok

10:03:46.0500 5036 ql1080 - ok

10:03:46.0515 5036 Ql10wnt - ok

10:03:46.0515 5036 ql12160 - ok

10:03:46.0531 5036 ql1240 - ok

10:03:46.0531 5036 ql1280 - ok

10:03:46.0531 5036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:03:46.0671 5036 RasAcd - ok

10:03:46.0671 5036 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

10:03:46.0796 5036 RasAuto - ok

10:03:46.0796 5036 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:03:46.0937 5036 Rasl2tp - ok

10:03:46.0953 5036 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

10:03:47.0062 5036 RasMan - ok

10:03:47.0078 5036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:03:47.0203 5036 RasPppoe - ok

10:03:47.0218 5036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:03:47.0343 5036 Raspti - ok

10:03:47.0359 5036 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:03:47.0546 5036 Rdbss - ok

10:03:47.0546 5036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:03:47.0671 5036 RDPCDD - ok

10:03:47.0703 5036 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:03:47.0812 5036 rdpdr - ok

10:03:47.0828 5036 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

10:03:47.0875 5036 RDPWD - ok

10:03:47.0875 5036 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

10:03:48.0000 5036 RDSessMgr - ok

10:03:48.0000 5036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:03:48.0109 5036 redbook - ok

10:03:48.0140 5036 RegSrvc (7afcbe32616e08d45e4eaadb0a1dd5cf) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

10:03:48.0187 5036 RegSrvc - ok

10:03:48.0203 5036 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

10:03:48.0312 5036 RemoteAccess - ok

10:03:48.0328 5036 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

10:03:48.0437 5036 RemoteRegistry - ok

10:03:48.0437 5036 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

10:03:48.0546 5036 RpcLocator - ok

10:03:48.0578 5036 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

10:03:48.0625 5036 RpcSs - ok

10:03:48.0640 5036 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

10:03:48.0750 5036 RSVP - ok

10:03:48.0812 5036 S24EventMonitor (17a717278a538543c93b64cf5cb3ff31) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

10:03:49.0109 5036 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning

10:03:49.0109 5036 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)

10:03:49.0109 5036 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys

10:03:49.0125 5036 s24trans - ok

10:03:49.0140 5036 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

10:03:49.0234 5036 SamSs - ok

10:03:49.0250 5036 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

10:03:49.0359 5036 SCardSvr - ok

10:03:49.0375 5036 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

10:03:49.0484 5036 Schedule - ok

10:03:49.0500 5036 ScrProj (97ed6bd999e1eb6125488f9e730755c5) C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqscrproj.exe

10:03:49.0500 5036 ScrProj ( UnsignedFile.Multi.Generic ) - warning

10:03:49.0500 5036 ScrProj - detected UnsignedFile.Multi.Generic (1)

10:03:49.0515 5036 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:03:49.0593 5036 Secdrv - ok

10:03:49.0593 5036 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

10:03:49.0703 5036 seclogon - ok

10:03:49.0703 5036 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

10:03:49.0812 5036 SENS - ok

10:03:49.0828 5036 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

10:03:49.0984 5036 Serial - ok

10:03:50.0000 5036 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:03:50.0140 5036 Sfloppy - ok

10:03:50.0156 5036 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

10:03:50.0531 5036 SharedAccess - ok

10:03:50.0546 5036 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:03:50.0562 5036 ShellHWDetection - ok

10:03:50.0578 5036 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\WINDOWS\system32\DRIVERS\Apsx86.sys

10:03:50.0640 5036 Shockprf - ok

10:03:50.0640 5036 Simbad - ok

10:03:50.0656 5036 SlingAgentService (e15176399af40b56ac09a823708b85d7) C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

10:03:50.0671 5036 SlingAgentService - ok

10:03:50.0671 5036 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

10:03:50.0812 5036 SLIP - ok

10:03:50.0812 5036 Sparrow - ok

10:03:50.0828 5036 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:03:50.0921 5036 splitter - ok

10:03:50.0937 5036 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

10:03:50.0953 5036 Spooler - ok

10:03:50.0968 5036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:03:51.0062 5036 sr - ok

10:03:51.0078 5036 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

10:03:51.0140 5036 srservice - ok

10:03:51.0156 5036 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:03:51.0468 5036 Srv - ok

10:03:51.0484 5036 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

10:03:51.0546 5036 SSDPSRV - ok

10:03:51.0562 5036 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

10:03:51.0703 5036 stisvc - ok

10:03:51.0703 5036 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

10:03:51.0828 5036 streamip - ok

10:03:51.0843 5036 SUService (f1262146970c5b73159e3727acde8278) C:\Program Files\Lenovo\System Update\SUService.exe

10:03:51.0843 5036 SUService ( UnsignedFile.Multi.Generic ) - warning

10:03:51.0843 5036 SUService - detected UnsignedFile.Multi.Generic (1)

10:03:51.0859 5036 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:03:51.0984 5036 swenum - ok

10:03:51.0984 5036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:03:52.0156 5036 swmidi - ok

10:03:52.0156 5036 SwPrv - ok

10:03:52.0156 5036 symc810 - ok

10:03:52.0171 5036 symc8xx - ok

10:03:52.0171 5036 sym_hi - ok

10:03:52.0187 5036 sym_u3 - ok

10:03:52.0187 5036 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:03:52.0296 5036 sysaudio - ok

10:03:52.0312 5036 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

10:03:52.0421 5036 SysmonLog - ok

10:03:52.0437 5036 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

10:03:52.0562 5036 TapiSrv - ok

10:03:52.0578 5036 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:03:52.0890 5036 Tcpip - ok

10:03:52.0906 5036 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:03:53.0031 5036 TDPIPE - ok

10:03:53.0031 5036 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:03:53.0140 5036 TDTCP - ok

10:03:53.0156 5036 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:03:53.0265 5036 TermDD - ok

10:03:53.0281 5036 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

10:03:53.0390 5036 TermService - ok

10:03:53.0406 5036 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

10:03:53.0421 5036 Themes - ok

10:03:53.0453 5036 ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

10:03:53.0765 5036 ThinkVantage Registry Monitor Service - ok

10:03:53.0781 5036 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

10:03:53.0828 5036 TlntSvr - ok

10:03:53.0828 5036 TosIde - ok

10:03:53.0843 5036 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys

10:03:53.0875 5036 TPDIGIMN - ok

10:03:53.0890 5036 TPHDEXLGSVC (3775e4aa5f72264dbab7a578dd913ecf) C:\WINDOWS\system32\TPHDEXLG.exe

10:03:53.0906 5036 TPHDEXLGSVC - ok

10:03:53.0906 5036 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys

10:03:53.0937 5036 TPHKDRV - ok

10:03:53.0937 5036 TPHKSVC (2cf225e19490f499528b926263fe4554) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

10:03:53.0953 5036 TPHKSVC - ok

10:03:53.0953 5036 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys

10:03:53.0968 5036 tpm ( UnsignedFile.Multi.Generic ) - warning

10:03:53.0968 5036 tpm - detected UnsignedFile.Multi.Generic (1)

10:03:53.0968 5036 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

10:03:54.0000 5036 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning

10:03:54.0000 5036 TPPWRIF - detected UnsignedFile.Multi.Generic (1)

10:03:54.0000 5036 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

10:03:54.0125 5036 TrkWks - ok

10:03:54.0187 5036 TVT Scheduler (e9ea448f1174be4052416b62263ea4ee) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

10:03:54.0718 5036 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning

10:03:54.0718 5036 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)

10:03:54.0718 5036 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:03:54.0859 5036 Udfs - ok

10:03:54.0859 5036 ultra - ok

10:03:54.0984 5036 UNS (69975db5aff9918a4138f3781e9ca009) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

10:03:55.0343 5036 UNS - ok

10:03:55.0406 5036 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:03:55.0578 5036 Update - ok

10:03:55.0593 5036 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

10:03:55.0640 5036 upnphost - ok

10:03:55.0656 5036 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

10:03:55.0765 5036 UPS - ok

10:03:55.0765 5036 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

10:03:55.0828 5036 USBAAPL - ok

10:03:55.0843 5036 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

10:03:56.0203 5036 usbaudio - ok

10:03:56.0218 5036 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:03:56.0343 5036 usbccgp - ok

10:03:56.0343 5036 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:03:56.0484 5036 usbehci - ok

10:03:56.0484 5036 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:03:56.0640 5036 usbhub - ok

10:03:56.0640 5036 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:03:56.0750 5036 usbprint - ok

10:03:56.0750 5036 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:03:56.0875 5036 usbscan - ok

10:03:56.0890 5036 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:03:56.0984 5036 USBSTOR - ok

10:03:57.0000 5036 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:03:57.0125 5036 usbuhci - ok

10:03:57.0140 5036 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

10:03:57.0250 5036 usbvideo - ok

10:03:57.0250 5036 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

10:03:57.0390 5036 usb_rndisx - ok

10:03:57.0390 5036 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:03:57.0515 5036 VgaSave - ok

10:03:57.0531 5036 ViaIde - ok

10:03:57.0531 5036 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:03:57.0656 5036 VolSnap - ok

10:03:57.0671 5036 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

10:03:57.0750 5036 VSS - ok

10:03:57.0750 5036 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

10:03:57.0875 5036 W32Time - ok

10:03:57.0875 5036 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:03:58.0015 5036 Wanarp - ok

10:03:58.0046 5036 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

10:03:58.0109 5036 Wdf01000 - ok

10:03:58.0109 5036 WDICA - ok

10:03:58.0125 5036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:03:58.0218 5036 wdmaud - ok

10:03:58.0234 5036 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

10:03:58.0343 5036 WebClient - ok

10:03:58.0359 5036 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

10:03:58.0468 5036 winmgmt - ok

10:03:58.0484 5036 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll

10:03:58.0515 5036 WmdmPmSN - ok

10:03:58.0546 5036 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

10:03:58.0859 5036 Wmi - ok

10:03:58.0859 5036 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

10:03:58.0953 5036 WmiAcpi - ok

10:03:58.0984 5036 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

10:03:59.0093 5036 WmiApSrv - ok

10:03:59.0140 5036 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe

10:03:59.0468 5036 WMPNetworkSvc - ok

10:03:59.0531 5036 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

10:03:59.0828 5036 WPFFontCache_v0400 - ok

10:03:59.0859 5036 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

10:03:59.0984 5036 WS2IFSL - ok

10:03:59.0984 5036 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

10:04:00.0109 5036 wscsvc - ok

10:04:00.0109 5036 WSearch - ok

10:04:00.0125 5036 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

10:04:00.0218 5036 WSTCODEC - ok

10:04:00.0234 5036 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

10:04:00.0343 5036 wuauserv - ok

10:04:00.0343 5036 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:04:00.0390 5036 WudfPf - ok

10:04:00.0406 5036 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:04:00.0421 5036 WudfRd - ok

10:04:00.0421 5036 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

10:04:00.0453 5036 WudfSvc - ok

10:04:00.0484 5036 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

10:04:01.0078 5036 WZCSVC - ok

10:04:01.0078 5036 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

10:04:01.0187 5036 xmlprov - ok

10:04:01.0218 5036 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

10:04:01.0562 5036 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:04:01.0562 5036 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:04:01.0562 5036 Boot (0x1200) (fd6acd789d9547e7119d34188676f8a2) \Device\Harddisk0\DR0\Partition0

10:04:01.0562 5036 \Device\Harddisk0\DR0\Partition0 - ok

10:04:01.0562 5036 ============================================================

10:04:01.0562 5036 Scan finished

10:04:01.0562 5036 ============================================================

10:04:01.0671 4532 Detected object count: 18

10:04:01.0671 4532 Actual detected object count: 18

10:04:38.0406 4532 ADMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0406 4532 ADMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0406 4532 ALvldr ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0406 4532 ALvldr ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0406 4532 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0406 4532 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0406 4532 dqbridge ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0406 4532 dqbridge ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0406 4532 dqVDDrv ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0406 4532 dqVDDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0421 4532 dtsvc ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0421 4532 dtsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0421 4532 FingerprintServer ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0421 4532 FingerprintServer ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0421 4532 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0421 4532 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0421 4532 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0421 4532 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0421 4532 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0421 4532 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0421 4532 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0421 4532 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0421 4532 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0421 4532 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0437 4532 ScrProj ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0437 4532 ScrProj ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0437 4532 SUService ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0437 4532 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0437 4532 tpm ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0437 4532 tpm ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0437 4532 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0437 4532 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0437 4532 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user

10:04:38.0437 4532 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:04:38.0437 4532 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:04:38.0437 4532 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

10:06:24.0218 5264 Deinitialize success

2) Malwarebytes Log

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.23.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

d :: BCS-FF2C23D2798 [administrator]

Protection: Enabled

7/23/2012 10:08:21 AM

mbam-log-2012-07-23 (10-08-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM

Scan options disabled: Heuristics/Shuriken | P2P

Objects scanned: 187666

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

3) aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-23 10:13:03

-----------------------------

10:13:03.171 OS Version: Windows 5.1.2600 Service Pack 3

10:13:03.171 Number of processors: 2 586 0x1706

10:13:03.171 ComputerName: BCS-FF2C23D2798 UserName: d

10:13:03.703 Initialize success

10:14:34.687 AVAST engine defs: 12072301

10:14:40.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

10:14:40.375 Disk 0 Vendor: SAMSUNG_MMCQE28G8MUP-0VA VAM08L1Q Size: 122104MB BusType: 3

10:14:40.390 Disk 0 MBR read successfully

10:14:40.390 Disk 0 MBR scan

10:14:40.406 Disk 0 Windows XP default MBR code

10:14:40.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 117153 MB offset 2048

10:14:40.406 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4949 MB offset 239931392

10:14:40.421 Disk 0 scanning sectors +250066944

10:14:40.437 Disk 0 scanning C:\WINDOWS\system32\drivers

10:14:52.343 Service scanning

10:15:12.218 Modules scanning

10:15:14.890 Disk 0 trace - called modules:

10:15:14.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

10:15:14.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab94030]

10:15:14.921 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\00000079[0x8abbd260]

10:15:14.921 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac2ed98]

10:15:15.406 AVAST engine scan C:\WINDOWS

10:15:20.500 AVAST engine scan C:\WINDOWS\system32

10:18:08.890 AVAST engine scan C:\WINDOWS\system32\drivers

10:18:22.890 AVAST engine scan C:\Documents and Settings\d

10:21:14.078 AVAST engine scan C:\Documents and Settings\All Users

10:21:25.218 Scan finished successfully

10:21:37.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\d\Desktop\MBR.dat"

10:21:37.734 The log file has been saved successfully to "C:\Documents and Settings\d\Desktop\aswMBR.txt"

4) Fresh DDS Log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.0

Run by d at 10:22:11 on 2012-07-23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2968.1688 [GMT -4:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\DTS.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\AtService.exe

C:\WINDOWS\system32\FpLogonServ.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\Program Files\RotateImage\RCIMGDIR.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dCute.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Apoint2K\Apntex.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqscrproj.exe

C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqScrProxy.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\d\Desktop\aswMBR.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [RotateImage] c:\program files\rotateimage\RCIMGDIR.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [TpShocks] TpShocks.exe

mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup

mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Lenovo dCute] "c:\program files\lenovo\lenovo usb port replicator with digital video\dCute.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341536361125

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{821D4603-DA1E-47B9-8BD9-E97EEBC1D518} : DhcpNameServer = 75.75.75.75 75.75.76.76

Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\d\application data\mozilla\firefox\profiles\i2udtmcg.default\

FF - plugin: c:\documents and settings\d\application data\mozilla\firefox\profiles\i2udtmcg.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

R0 ALvldr;ALvldr;c:\windows\system32\drivers\ALvldr.sys [2011-5-16 29656]

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-9-21 24304]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]

R1 dqbridge;dqbridge;c:\windows\system32\drivers\dqbridge.sys [2011-5-16 55256]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-9 242240]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-2-22 114984]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-2-22 95872]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-9-20 13480]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-2-5 1824064]

R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2011-4-10 5240168]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-9-21 132456]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-2-5 98304]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-2-22 810120]

R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2010-2-5 118784]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-5 655944]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-3-23 87040]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-9-21 53248]

R2 ScrProj;Lenovo USB Display Screen Projector;c:\program files\lenovo\lenovo usb port replicator with digital video\dqscrproj.exe [2011-5-16 85464]

R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2010-11-3 94024]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-9-27 63928]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-9-20 2058776]

R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [2010-9-20 187776]

R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-9-20 661448]

R3 DisplayLinkFilter;DisplayLinkFilter;c:\windows\system32\drivers\DisplayLinkFilter.sys [2011-4-10 7296]

R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2011-4-10 24448]

R3 dqVDDrv;dqVDDrv;c:\windows\system32\drivers\dqVDDrvK.sys [2010-7-14 19928]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-19 243856]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-5 22344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-9-27 45496]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-2-5 106496]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]

S3 dqusb;Driver for Lenovo USB port rep;c:\windows\system32\drivers\dqusb.sys [2010-7-14 25560]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-5-28 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-07-23 04:46:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-23 04:46:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-23 01:33:08 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-23 01:22:09 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-07-23 01:22:09 -------- d-----w- c:\windows\system32\wbem\Repository

2012-07-23 00:38:32 -------- d-----w- c:\program files\Oracle

2012-07-23 00:38:12 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-22 22:12:18 -------- d-----w- c:\documents and settings\d\local settings\application data\ESET

2012-07-22 20:42:01 -------- d-----w- c:\program files\ESET

2012-07-22 19:57:19 98816 ----a-w- c:\windows\sed.exe

2012-07-22 19:57:19 518144 ----a-w- c:\windows\SWREG.exe

2012-07-22 19:57:19 256000 ----a-w- c:\windows\PEV.exe

2012-07-22 19:57:19 208896 ----a-w- c:\windows\MBR.exe

2012-07-20 23:30:11 -------- d-----w- c:\documents and settings\d\local settings\application data\CutePDF Writer

2012-07-20 23:29:44 -------- d-----w- c:\program files\GPLGS

2012-07-20 23:28:14 88656 ----a-w- c:\windows\system32\cpwmon2k.dll

2012-07-20 23:28:05 -------- d-----w- c:\program files\Acro Software

2012-07-17 22:44:15 -------- d-----w- c:\program files\SystemRequirementsLab

2012-07-17 22:22:51 -------- d-----w- c:\program files\Lenovo USB Port Replicator

2012-07-06 01:01:14 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-07-06 01:01:14 3072 ------w- c:\windows\system32\iacenc.dll

2012-07-06 00:59:41 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-07-05 23:29:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:17:45 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-07-03 13:17:45 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll

.

==================== Find3M ====================

.

2012-07-23 00:37:00 687600 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 10:22:30.90 ===============

Link to post
Share on other sites

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

10:04:38.0437 4532 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

10:04:38.0437 4532 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

1) Removed that entry as suggested. Let me know if you want to see the log.

2) Combofix log

ComboFix 12-07-21.01 - d 07/23/2012 11:26:04.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2968.1942 [GMT -4:00]

Running from: c:\documents and settings\d\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))

.

.

2012-07-23 04:46 . 2012-07-23 04:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-23 04:46 . 2012-07-23 04:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-23 01:33 . 2012-07-23 15:22 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-23 01:22 . 2012-07-23 01:22 -------- d-----w- c:\windows\system32\wbem\Repository

2012-07-23 00:39 . 2012-07-23 00:39 -------- d-----w- c:\program files\Common Files\Java

2012-07-23 00:38 . 2012-07-23 00:38 -------- d-----w- c:\program files\Oracle

2012-07-23 00:38 . 2012-07-23 00:37 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-23 00:36 . 2012-07-23 00:36 -------- d-----w- c:\program files\Java

2012-07-23 00:36 . 2012-07-23 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2012-07-22 22:12 . 2012-07-22 22:12 -------- d-----w- c:\documents and settings\d\Local Settings\Application Data\ESET

2012-07-22 20:42 . 2012-07-22 20:42 -------- d-----w- c:\program files\ESET

2012-07-22 20:42 . 2012-07-22 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2012-07-22 02:15 . 2012-07-22 02:15 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2012-07-20 23:30 . 2012-07-20 23:31 -------- d-----w- c:\documents and settings\d\Local Settings\Application Data\CutePDF Writer

2012-07-20 23:29 . 2012-07-20 23:29 -------- d-----w- c:\program files\GPLGS

2012-07-20 23:28 . 2012-03-11 18:55 88656 ----a-w- c:\windows\system32\cpwmon2k.dll

2012-07-20 23:28 . 2012-07-20 23:28 -------- d-----w- c:\program files\Acro Software

2012-07-17 22:44 . 2012-07-17 22:44 -------- d-----w- c:\program files\SystemRequirementsLab

2012-07-17 22:44 . 2012-07-17 22:44 -------- d-----w- c:\documents and settings\d\Application Data\SystemRequirementsLab

2012-07-17 22:22 . 2012-07-17 22:22 -------- d-----w- c:\program files\Lenovo USB Port Replicator

2012-07-15 08:13 . 2012-07-15 08:13 -------- d-s---w- c:\documents and settings\LocalService\UserData

2012-07-06 01:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-07-06 01:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-07-06 00:59 . 2012-06-02 19:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-07-05 23:29 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 13:17 . 2012-07-03 13:17 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-07-03 13:17 . 2012-07-03 13:17 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-23 00:37 . 2012-05-28 23:16 687600 ----a-w- c:\windows\system32\deployJava1.dll

2012-06-13 13:19 . 2008-04-14 06:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-04-14 10:42 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-14 10:42 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 21:35 . 2010-09-20 16:02 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-04 04:32 . 2008-04-14 10:42 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2010-09-20 16:02 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2010-09-20 16:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2010-09-28 01:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2010-09-20 16:02 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2010-09-20 16:02 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2008-04-14 10:41 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2010-09-20 16:02 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2010-09-20 16:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-05-31 13:22 . 2008-04-14 10:41 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-28 22:59 . 2012-05-28 22:59 1915071 ----a-w- C:\mini-adb_tbolt2.zip

2012-05-16 07:58 . 2008-04-14 10:42 667136 ----a-w- c:\windows\system32\wininet.dll

2012-05-04 13:16 . 2008-04-14 05:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2010-09-20 16:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-17 22:04 . 2011-12-28 06:56 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-22_20.06.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-23 07:24 . 2012-07-23 07:24 16384 c:\windows\Temp\Perflib_Perfdata_c50.dat

+ 2004-08-04 10:00 . 2012-07-23 01:10 90122 c:\windows\system32\perfc009.dat

+ 2010-02-22 20:51 . 2010-02-22 20:51 95872 c:\windows\system32\drivers\epfwtdir.sys

+ 2012-07-22 20:43 . 2012-07-22 20:43 10134 c:\windows\Installer\{87B8375F-AAC4-417D-BB00-2EE6FBF898E7}\callmsi.exe

+ 2012-07-05 16:56 . 2012-07-23 01:23 972968 c:\windows\system32\Restore\rstrlog.dat

+ 2004-08-04 10:00 . 2012-07-23 01:10 507488 c:\windows\system32\perfh009.dat

+ 2012-07-23 04:46 . 2012-07-23 04:46 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe

- 2012-04-10 13:41 . 2012-07-04 00:13 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-04-10 13:41 . 2012-07-23 04:46 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-07-23 00:38 . 2012-07-23 00:37 227824 c:\windows\system32\javaws.exe

+ 2012-07-23 00:38 . 2012-07-23 00:37 174064 c:\windows\system32\javaw.exe

+ 2012-07-23 00:38 . 2012-07-23 00:37 174064 c:\windows\system32\java.exe

+ 2010-09-20 08:49 . 2012-07-23 07:24 204120 c:\windows\system32\FNTCACHE.DAT

- 2010-09-20 08:49 . 2012-07-06 02:44 204120 c:\windows\system32\FNTCACHE.DAT

+ 2010-02-22 20:50 . 2010-02-22 20:50 114984 c:\windows\system32\drivers\ehdrv.sys

+ 2010-02-22 20:47 . 2010-02-22 20:47 139192 c:\windows\system32\drivers\eamon.sys

+ 2008-04-14 10:42 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll

+ 2010-09-20 16:01 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll

- 2010-09-20 16:01 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll

+ 2012-07-22 20:55 . 2012-07-22 20:55 500736 c:\windows\Installer\5aca2a.msi

+ 2012-07-22 20:43 . 2012-07-22 20:43 950272 c:\windows\Installer\5aca23.msi

+ 2012-07-23 00:38 . 2012-07-23 00:38 461312 c:\windows\Installer\503bbf.msi

+ 2012-07-23 00:36 . 2012-07-23 00:36 863744 c:\windows\Installer\503bbe.msi

+ 2012-07-22 20:43 . 2012-07-22 20:43 101480 c:\windows\Installer\{87B8375F-AAC4-417D-BB00-2EE6FBF898E7}\egui.exe

+ 2012-06-25 20:07 . 2012-06-25 20:07 1394248 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.30.2114.0_x-ww_ea694a9a\msxml4.dll

+ 2008-04-14 10:42 . 2012-06-08 14:26 8462848 c:\windows\system32\shell32.dll

+ 2012-07-23 04:46 . 2012-07-23 04:46 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll

+ 2008-04-14 06:00 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys

+ 2008-04-14 10:42 . 2012-06-08 14:26 8462848 c:\windows\system32\dllcache\shell32.dll

- 2008-04-14 10:42 . 2009-07-31 17:05 1372672 c:\windows\system32\dllcache\msxml6.dll

+ 2008-04-14 10:42 . 2012-06-05 15:50 1372672 c:\windows\system32\dllcache\msxml6.dll

- 2008-04-14 10:42 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll

+ 2008-04-14 10:42 . 2012-06-05 15:50 1172480 c:\windows\system32\dllcache\msxml3.dll

+ 2010-09-20 13:46 . 2012-07-03 07:13 57442464 c:\windows\system32\MRT.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"RotateImage"="c:\program files\RotateImage\RCIMGDIR.exe" [2008-10-30 31744]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-09 176128]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 357400]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-25 517480]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]

"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-17 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-17 170008]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-17 145432]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-10-06 30264]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Lenovo dCute"="c:\program files\Lenovo\Lenovo USB Port Replicator with Digital Video\dCute.exe" [2011-05-16 676312]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-22 2140880]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

2010-02-05 10:44 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2/5/2010 6:39 AM 1824064]

R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [4/10/2011 4:06 PM 5240168]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [9/21/2010 2:22 AM 132456]

R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2/5/2010 6:43 AM 98304]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/22/2010 4:50 PM 810120]

R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2/5/2010 6:44 AM 118784]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/5/2012 7:30 PM 655944]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [3/23/2012 2:25 PM 87040]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/21/2010 2:22 AM 53248]

R2 ScrProj;Lenovo USB Display Screen Projector;c:\program files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqscrproj.exe [5/16/2011 3:49 PM 85464]

R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [11/3/2010 7:19 PM 94024]

R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [9/27/2010 8:09 PM 63928]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [9/20/2010 2:58 PM 2058776]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [9/27/2010 8:09 PM 45496]

S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2/5/2010 6:43 AM 106496]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:13 AM 113120]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 00615313

*NewlyCreated* - 10270388

*NewlyCreated* - ASWMBR

*Deregistered* - 00615313

*Deregistered* - 10270388

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-23 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-09-21 05:28]

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\i2udtmcg.default\

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-Wdf01000.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-23 11:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

"value"="?\04\01\1e\139\15?"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]

@Denied: (Full) (Administrators)

"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd

"LastWPAEventLogged"=hex:da,07,09,00,01,00,14,00,10,00,09,00,0b,00,5d,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(908)

c:\windows\system32\FpWinLogonNp.dll

c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll

c:\program files\Lenovo Fingerprint Software\SharedResources.dll

c:\program files\Lenovo Fingerprint Software\FPResource.dll

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'explorer.exe'(492)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-07-23 11:32:06

ComboFix-quarantined-files.txt 2012-07-23 15:32

.

Pre-Run: 1,041,076,224 bytes free

Post-Run: 1,583,157,248 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - D79B831513B055057E737492EB28D003

Link to post
Share on other sites

Here is the Log from my ESET Scan (only 2 "new" items were found; the other 8 "cleaned" items were those previously reported by TDSSKiller as noted in my original post).

<?xml version="1.0" encoding="utf-8" ?>

- <ESET>

- <LOG>

- <RECORD>

<COLUMN NAME="Log">Scan Log</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">Version of virus signature database: 7322 (20120723)</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">Date: 7/23/2012 Time: 11:54:39 AM</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\hiberfil.sys - error opening [4]</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\mini-adb_tbolt2.zip » ZIP » psneuter - Android/Exploit.Lotoor.AK trojan</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\pagefile.sys - error opening [4]</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\Retail- Controls.engt » ZIP » -US02.1 Retail - Controls/14dfdcbd-481b-48e9-9ba4-195eada4a288/14dfdcbd-481b-48e9-9ba4-195eada4a288.BAK - error - unknown compression method</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\Retail- Controls.engt » ZIP » -US02.1 Retail - Controls/14dfdcbd-481b-48e9-9ba4-195eada4a288/BusinessUnit.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\Retail- Controls.engt » ZIP » -US02.1 Retail - Controls/14dfdcbd-481b-48e9-9ba4-195eada4a288/BusinessUnitQns.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\Retail- Controls.engt » ZIP » -US02.1 Retail - Controls/14dfdcbd-481b-48e9-9ba4-195eada4a288/EngagementProfile.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\Retail- Controls.engt » ZIP » -US02.1 Retail - Controls/14dfdcbd-481b-48e9-9ba4-195eada4a288/EngagementVersionInfo.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 1- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-17-35 PM.eng » ZIP » -Build 1- ICA Pretty Liquid 2011/de8fb99f-6773-4c0a-a970-761656975f51/BusinessUnit.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 1- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-17-35 PM.eng » ZIP » -Build 1- ICA Pretty Liquid 2011/de8fb99f-6773-4c0a-a970-761656975f51/BusinessUnitQns.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 1- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-17-35 PM.eng » ZIP » -Build 1- ICA Pretty Liquid 2011/de8fb99f-6773-4c0a-a970-761656975f51/EngagementProfile.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 1- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-17-35 PM.eng » ZIP » -Build 1- ICA Pretty Liquid 2011/de8fb99f-6773-4c0a-a970-761656975f51/EngagementVersionInfo.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 1- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-17-35 PM.eng » ZIP » -Build 1- ICA Pretty Liquid 2011/de8fb99f-6773-4c0a-a970-761656975f51/de8fb99f-6773-4c0a-a970-761656975f51.BAK - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 2- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-18-25 PM.eng » ZIP » -Build 2- ICA Pretty Liquid 2011/07bb12ea-ff2a-4f49-b93f-02c283bc3de0/07bb12ea-ff2a-4f49-b93f-02c283bc3de0.BAK - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 2- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-18-25 PM.eng » ZIP » -Build 2- ICA Pretty Liquid 2011/07bb12ea-ff2a-4f49-b93f-02c283bc3de0/BusinessUnit.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 2- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-18-25 PM.eng » ZIP » -Build 2- ICA Pretty Liquid 2011/07bb12ea-ff2a-4f49-b93f-02c283bc3de0/BusinessUnitQns.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 2- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-18-25 PM.eng » ZIP » -Build 2- ICA Pretty Liquid 2011/07bb12ea-ff2a-4f49-b93f-02c283bc3de0/EngagementProfile.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 2- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-18-25 PM.eng » ZIP » -Build 2- ICA Pretty Liquid 2011/07bb12ea-ff2a-4f49-b93f-02c283bc3de0/EngagementVersionInfo.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Final- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-19-20 PM.eng » ZIP » -Final- ICA Pretty Liquid 2011/8add8dd0-4911-4cef-84b0-f77083ea7a3d/8add8dd0-4911-4cef-84b0-f77083ea7a3d.BAK - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Final- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-19-20 PM.eng » ZIP » -Final- ICA Pretty Liquid 2011/8add8dd0-4911-4cef-84b0-f77083ea7a3d/BusinessUnit.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Final- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-19-20 PM.eng » ZIP » -Final- ICA Pretty Liquid 2011/8add8dd0-4911-4cef-84b0-f77083ea7a3d/BusinessUnitQns.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Final- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-19-20 PM.eng » ZIP » -Final- ICA Pretty Liquid 2011/8add8dd0-4911-4cef-84b0-f77083ea7a3d/EngagementProfile.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Final- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-19-20 PM.eng » ZIP » -Final- ICA Pretty Liquid 2011/8add8dd0-4911-4cef-84b0-f77083ea7a3d/EngagementVersionInfo.xml - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Local Settings\Application Data\Identities\{F47FDC73-345A-491C-A75F-BF15193BA2A4}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2\29636cc2-72519e87 » ZIP » vjlkintv - a variant of Win32/Kryptik.AIUD trojan</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\1BD6C0069E5D.rar.part » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\653D54609706.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\7BD1D041EC5E.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\7D07244EFAE1.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\84D44A2EBC58.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\9CF49EB6C419.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\A2A504162D6B.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\B6DCF57DD561.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\bitdefender-rescue-cd.iso » ISO » FILESYSTEM.SQUASHFS - archive damaged</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\com207.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\D6AAFB86FC4B.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\EF89851ECB03.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\F2B52FCC02AC.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\jxpiinstall.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\jxpiinstall.exe » CAB » task.xml - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\jxpiinstall.exe » CAB » task64.xml - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\spybotsd162.exe » INNO » {app}\Plugins\Fennel.dll - is OK</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\TC009.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\tensah.rar » RAR - error - password-protected file</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\My Pictures\Singapore video\Singapore video.part01.rar » RAR » Singapore video 001.avi - next archive volume not found</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\sdk\java-jre-6u24.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\sdk\java-jre-6u24.exe » CAB » task.xml - next archive volume not found</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023565.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023565.exe » CAB » task.xml - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023565.exe » CAB » task64.xml - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023566.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023566.exe » CAB » task.xml - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023566.exe » CAB » task64.xml - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029438.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029438.exe » CAB » task.xml - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029438.exe » CAB » task64.xml - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029439.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029439.exe » CAB » task.xml - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029439.exe » CAB » task64.xml - archive damaged - the file could not be extracted.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0001.dta - Win32/Olmarik.AYI trojan - cleaned by deleting - quarantined [1]</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0002.dta - Win64/Olmarik.AK trojan - cleaned by deleting - quarantined [1]</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0003.dta - Win32/Olmarik.AYH trojan - cleaned by deleting - quarantined [1]</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0004.dta - Win64/Olmarik.AL trojan - cleaned by deleting - quarantined [1]</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0005.dta - Win32/Olmarik.AWO trojan - cleaned by deleting - quarantined [1]</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0006.dta - Win64/Olmarik.AK trojan - cleaned by deleting - quarantined [1]</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0010.dta - Win32/Olmarik.AFK trojan - cleaned by deleting - quarantined [1]</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0011.dta - Win64/Olmarik.AK trojan - cleaned by deleting - quarantined [1]</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">Number of scanned objects: 166527</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">Number of threats found: 10</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">Number of cleaned objects: 8</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">Time of completion: 12:42:39 PM Total scanning time: 2880 sec (00:48:00)</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log" />

</RECORD>

- <RECORD>

<COLUMN NAME="Log">Notes:</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">[1] Object has been deleted as it only contained the virus body.</COLUMN>

</RECORD>

- <RECORD>

<COLUMN NAME="Log">[4] Object cannot be opened. It may be in use by another application or operating system.</COLUMN>

</RECORD>

</LOG>

</ESET>

Link to post
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your system's version)
  • Run the installer
  • Close JavaRa

Link to post
Share on other sites

I ran JavaRa and clicked on "Remove Older Versions." Once that was completed, where do you see the "Next" button and "Java Manual Download" link? I clicked on "Search for Updates -->Update Using SunJava website" but an IE window popped up with no link/webpage displayed

Link to post
Share on other sites

Clicked the provided link. After I downloaded the Windows version, when I double-clicked the .exe file to install, it told me "Another version of this product is already installed..." so I went to add/remove programs in my Control Panel, noticed the only Java item listed was "Java 7 Update 5" but when I try to remove/uninstall it, it tells me "Fatal Error during Installation" (even though I am trying to Uninstall it).

Please advise.

Link to post
Share on other sites

Tried again after reboot:

Used JavaRa and clicked on Remove Older Versions. Then went to Add/Remove Programs in CP and tried to Uninstall "Java 7 Update 5" but received the same "Fatal" error message. Tried to install via downloaded exe on Sun Java's website and received same error message that other versions were already installed.

Went back to JavaRa, clicked "search for updates --> Update using Sun Java website" and got the IE window with nothing displayed

Link to post
Share on other sites

Yes it says "You have the recommended Java installed (Version 7 Update 5)." However, should it concern me that I cannot seem to uninstall it as previously mentioned? Also, when I click on "start menu --> run" and type it "%appdata%" (without the quotes) I see folders for both Sun and Oracle; shouldn't there only be either Sun or Oracle and not both?

Link to post
Share on other sites

FWIW in the Oracle folder the directory goes "Oracle --> Java --> FX2.0" Should I be worried then about the fact I cant seem to uninstall Java via Add/Remove programs?

No in the next Java update that will be fixed. Don't worry.

Also, any further steps related to getting rid of the Olmarik.tdl4 remnants?

Cleared everything I could find, but as we said at the outset - there is no 100% guarantee.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.