Jump to content

any scan crashes- malwarebytes crashed when updated - I dont know what to do


Recommended Posts

OMG

last night I do some work on my laptop adn no problems, then Malwarebyes says I am not protected.Some screen comes up...

I go for a update... crashes and everything starts there

Blue Screen

Long story and trying to cut it short

Malwarebyes scans crash in safe and normal quick and long

Malwarebytes updates crashed

uninstalled reinstalled made things worse

tried a number of online scans either they cant find anything or they too crash during a scan

Avira long scan crashes but lists tons of win32 malware - lets me delete but crashes during the process

This time I am getting really worried

the computer is really slow and every software is crashing and unable to do more than one task at a time

At some stage I did an microsft update last night which was ok

Some how after a few hard reboots in a few crashes I manage to download the dds file and see attached:

So rather than try anymore, I need help and may I ask someone to help me please,

mandy

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello Mandy and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

Hi maniac

Updated. No update required as I did it last night

quick scan. ... Crashes 1 second into it

Everything crashes. Hav to hard boot.

Switched laptop on

Now black screen checking file system. It happens everytime I switch on

Will attempt to quick scan as soon as I can and update you

Sorry for type error as I'm

On my iphone

Mandy

Link to post
Share on other sites

Ok just logged on after file system

Started quick scan and after 5 mins stops. The screen goes feint. This has happened a few time before and at some stage just crashes. SO far 10 mins in goes back to normalScreen but has stopped. How long should I wait til I switch off?

Now avast is asking to be turned on but it should be on

Mandy

Link to post
Share on other sites

hi again

managed to get a quick scan but nothing found see below. It is on long scan that it found any threats but crashed twice.

The aswmbr started ok but think I think is has crashed as it has not done anything for 5 minutes. Whats should I do?

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.04.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

m nathali :: MNATHALI-THINK [administrator]

Protection: Enabled

04-Aug-12 10:26:35 PM

mbam-log-2012-08-04 (22-26-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 238175

Time elapsed: 16 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Proceed with the next tool. If you have no succeed in Normal mode, go try in Safe mode with Networking

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

it stopped but managed to get some of the log... will procedd with the next step

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-04 22:45:45

-----------------------------

22:45:45.052 OS Version: Windows x64 6.1.7601 Service Pack 1

22:45:45.052 Number of processors: 4 586 0x2A07

22:45:45.052 ComputerName: MNATHALI-THINK UserName: m nathali

22:45:46.519 Initialize success

22:45:46.675 AVAST engine defs: 12080400

22:45:53.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

22:45:53.196 Disk 0 Vendor: HITACHI_ GG2Z Size: 476940MB BusType: 3

22:45:53.289 Disk 0 MBR read successfully

22:45:53.289 Disk 0 MBR scan

22:45:53.289 Disk 0 unknown MBR code

22:45:53.289 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048

22:45:53.305 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459438 MB offset 3074048

22:45:53.336 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16000 MB offset 944003072

22:45:53.367 Disk 0 scanning C:\Windows\system32\drivers

22:46:00.278 Service scanning

22:46:29.887 Modules scanning

22:46:29.887 Disk 0 trace - called modules:

22:46:29.902 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

22:46:29.902 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800972a060]

22:46:29.918 3 CLASSPNP.SYS[fffff88001b8943f] -> nt!IofCallDriver -> [0xfffffa8008483550]

22:46:29.918 5 ACPI.sys[fffff88000f437a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008487050]

22:46:31.072 AVAST engine scan C:\Windows

22:46:33.896 AVAST engine scan C:\Windows\system32

22:48:31.006 AVAST engine scan C:\Windows\system32\drivers

22:48:39.883 AVAST engine scan C:\Users\m nathali

23:01:57.869 Disk 0 MBR has been saved successfully to "C:\Users\m nathali\Desktop\MBR.dat"

23:01:57.869 The log file has been saved successfully to "C:\Users\m nathali\Desktop\aswMBR.txt"

Link to post
Share on other sites

Hi again

Yes it did finish in the end and yes I have a log but now I cannot open any of my browsers It says illegal operation attempted on a registry key that has been marked for deletion.

What other way can I get you my combo log?

I'm goingbtobyry to reboot and see what happens...

Link to post
Share on other sites

After a reboot I was able tyo get online again. see the combo log below

plewase let me know what i should do next

kind regard

mandy

ComboFix 12-08-04.02 - m nathali 04-Aug-12 23:13:55.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8103.5570 [GMT 8:00]

Running from: c:\users\m nathali\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\windows\SysWow64\SET590D.tmp

c:\windows\SysWow64\SET6453.tmp

c:\windows\SysWow64\SET7193.tmp

Q:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))

.

.

2012-08-04 15:39 . 2012-08-04 15:39 -------- d-----w- c:\users\Seonah\AppData\Local\temp

2012-08-04 15:39 . 2012-08-04 15:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-04 15:39 . 2012-08-04 15:39 -------- d-----w- c:\users\Dan\AppData\Local\temp

2012-08-03 15:35 . 2012-08-03 15:35 -------- d-----w- c:\users\m nathali\AppData\Roaming\Malwarebytes

2012-08-03 15:35 . 2012-08-03 15:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-03 15:35 . 2012-08-03 15:35 -------- d-----w- c:\programdata\Malwarebytes

2012-08-03 15:35 . 2012-07-03 05:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-03 15:01 . 2012-08-03 15:01 -------- d-----w- c:\users\m nathali\AppData\Roaming\QuickScan

2012-08-03 12:45 . 2012-08-03 12:45 -------- d-----w- c:\users\m nathali\AppData\Local\Apple

2012-08-03 12:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2ABD556A-8D9E-4D41-B38B-F564015BF49B}\mpengine.dll

2012-08-01 01:55 . 2012-08-01 01:55 -------- d-----w- c:\users\m nathali\AppData\Local\Adobe

2012-07-31 13:39 . 2012-07-31 13:39 -------- d-----w- c:\program files (x86)\Microsoft

2012-07-31 13:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-31 13:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-25 02:11 . 2012-07-25 02:11 -------- d-----w- C:\found.000

2012-07-11 07:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 06:02 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 06:02 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 06:02 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-11 06:02 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-11 06:02 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-11 06:02 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 14:25 . 2012-04-03 05:29 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-03 14:25 . 2012-01-04 13:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 07:02 . 2012-01-09 12:16 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 16:21 . 2012-02-26 04:56 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-07-03 16:21 . 2011-12-22 05:26 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2011-12-22 05:26 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2011-12-22 05:26 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2011-12-22 05:26 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-03 16:21 . 2011-12-22 05:26 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2011-12-22 05:25 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2011-12-22 05:25 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-03 16:21 . 2011-12-22 05:26 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-02 22:19 . 2012-06-24 15:16 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-24 15:17 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-24 15:17 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-24 15:17 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-24 15:16 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-24 15:17 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-24 15:16 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 07:19 . 2012-06-24 15:16 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 07:15 . 2012-06-24 15:16 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 04:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-07-20 12:04 220624 ----a-w- c:\users\m nathali\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-07-20 12:04 220624 ----a-w- c:\users\m nathali\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-07-20 12:04 220624 ----a-w- c:\users\m nathali\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\m nathali\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\m nathali\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\m nathali\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-02 39408]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"SkyDrive"="c:\users\m nathali\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-07-20 238544]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ODDEject"="c:\program files (x86)\ODD Eject\ODDEject.exe" [2010-11-02 267632]

"Integrated Camera_Monitor"="c:\program files (x86)\Integrated Camera\monitor.exe" [2011-04-29 275320]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-11-30 1631808]

"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-02-03 506712]

"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"ACWLIcon"="c:\program files (x86)\Lenovo\Access Connections\ACWLIcon.exe" [2011-10-20 195648]

"ACTray"="c:\program files (x86)\Lenovo\Access Connections\ACTray.exe" [2011-10-20 433216]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\m nathali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\m nathali\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-12-28 113664]

Bluetooth.lnk - c:\program files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe [N/A]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 136176]

R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-09 144232]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]

R3 ASNDIS4;ASNDIS4 Protocol Driver;c:\windows\system32\ASNDIS4.SYS [x]

R3 btusb64h;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\btusb64h.sys [2009-06-24 28728]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 136176]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]

R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2010-09-15 60288]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]

R3 netr7364;ASUS USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-11-30 89152]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-11-30 175168]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-09 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]

S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 203264]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]

S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-01 446800]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-28 2656280]

S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-06-30 82544]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-08 9319424]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 304128]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-10-17 437288]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-10-17 39976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-08 12289472]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2011-06-22 2949112]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 14:25]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 01:35]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02 01:35]

.

2012-08-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]

.

2012-08-04 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-07-20 12:04 244688 ----a-w- c:\users\m nathali\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-07-20 12:04 244688 ----a-w- c:\users\m nathali\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-07-20 12:04 244688 ----a-w- c:\users\m nathali\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\m nathali\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\m nathali\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\m nathali\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\m nathali\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]

"TpShocks"="TpShocks.exe" [2011-03-29 380776]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]

"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]

"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]

"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]

"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]

"combofix"="c:\combofix\CF1715.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

TCP: DhcpNameServer = 192.168.8.1

TCP: Interfaces\{9D811D26-7626-4837-953C-B93EB2B1B403}: NameServer = 203.198.23.208 218.102.32.208

TCP: Interfaces\{BD135B90-16EA-4D8B-BF62-CFB29B00474B}: NameServer = 0.0.0.0

FF - ProfilePath - c:\users\m nathali\AppData\Roaming\Mozilla\Firefox\Profiles\46oq1nja.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]

"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\windows\SysWOW64\SAsrv.exe

c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe

c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE

c:\program files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Lenovo\System Update\SUService.exe

c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe

.

**************************************************************************

.

Completion time: 2012-08-05 00:11:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-04 16:11

.

Pre-Run: 303,989,612,544 bytes free

Post-Run: 303,846,912,000 bytes free

.

- - End Of File - - 6C9481FEBB49D1A320B07E20876EB893

Link to post
Share on other sites

see below the log...

what next?

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-04 22:45:45

-----------------------------

22:45:45.052 OS Version: Windows x64 6.1.7601 Service Pack 1

22:45:45.052 Number of processors: 4 586 0x2A07

22:45:45.052 ComputerName: MNATHALI-THINK UserName: m nathali

22:45:46.519 Initialize success

22:45:46.675 AVAST engine defs: 12080400

22:45:53.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

22:45:53.196 Disk 0 Vendor: HITACHI_ GG2Z Size: 476940MB BusType: 3

22:45:53.289 Disk 0 MBR read successfully

22:45:53.289 Disk 0 MBR scan

22:45:53.289 Disk 0 unknown MBR code

22:45:53.289 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048

22:45:53.305 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459438 MB offset 3074048

22:45:53.336 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16000 MB offset 944003072

22:45:53.367 Disk 0 scanning C:\Windows\system32\drivers

22:46:00.278 Service scanning

22:46:29.887 Modules scanning

22:46:29.887 Disk 0 trace - called modules:

22:46:29.902 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

22:46:29.902 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800972a060]

22:46:29.918 3 CLASSPNP.SYS[fffff88001b8943f] -> nt!IofCallDriver -> [0xfffffa8008483550]

22:46:29.918 5 ACPI.sys[fffff88000f437a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008487050]

22:46:31.072 AVAST engine scan C:\Windows

22:46:33.896 AVAST engine scan C:\Windows\system32

22:48:31.006 AVAST engine scan C:\Windows\system32\drivers

22:48:39.883 AVAST engine scan C:\Users\m nathali

23:01:57.869 Disk 0 MBR has been saved successfully to "C:\Users\m nathali\Desktop\MBR.dat"

23:01:57.869 The log file has been saved successfully to "C:\Users\m nathali\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-05 00:43:27

-----------------------------

00:43:27.482 OS Version: Windows x64 6.1.7601 Service Pack 1

00:43:27.482 Number of processors: 4 586 0x2A07

00:43:27.482 ComputerName: MNATHALI-THINK UserName: m nathali

00:43:28.824 Initialize success

00:43:29.006 AVAST engine defs: 12080400

00:43:41.508 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

00:43:41.508 Disk 0 Vendor: HITACHI_ GG2Z Size: 476940MB BusType: 3

00:43:41.523 Disk 0 MBR read successfully

00:43:41.539 Disk 0 MBR scan

00:43:41.539 Disk 0 unknown MBR code

00:43:41.539 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048

00:43:41.554 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459438 MB offset 3074048

00:43:41.586 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16000 MB offset 944003072

00:43:41.617 Disk 0 scanning C:\Windows\system32\drivers

00:43:48.701 Service scanning

00:44:18.367 Modules scanning

00:44:18.367 Disk 0 trace - called modules:

00:44:18.367 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

00:44:18.882 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800972c060]

00:44:18.882 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80078173a0]

00:44:18.882 5 ACPI.sys[fffff88000f437a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007840050]

00:44:19.943 AVAST engine scan C:\Windows

00:44:23.390 AVAST engine scan C:\Windows\system32

00:46:20.133 AVAST engine scan C:\Windows\system32\drivers

00:46:28.978 AVAST engine scan C:\Users\m nathali

01:05:09.450 AVAST engine scan C:\ProgramData

01:08:17.540 Scan finished successfully

01:09:04.554 Verifying

01:09:14.632 Disk 0 Windows 601 MBR fixed successfully

01:09:20.981 Disk 0 MBR has been saved successfully to "C:\Users\m nathali\Desktop\MBR.dat"

01:09:20.981 The log file has been saved successfully to "C:\Users\m nathali\Desktop\aswMBR.txt"

Link to post
Share on other sites

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Link to post
Share on other sites

here you go...

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: LENOVO

BIOS Manufacturer: LENOVO

System Manufacturer: LENOVO

System Product Name: 44016PB

Logical Drives Mask: 0x0003000c

Kernel Drivers (total 227):

0x0305F000 \SystemRoot\system32\ntoskrnl.exe

0x03016000 \SystemRoot\system32\hal.dll

0x00BAF000 \SystemRoot\system32\kdcom.dll

0x00CA4000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CF3000 \SystemRoot\system32\PSHED.dll

0x00D07000 \SystemRoot\system32\CLFS.SYS

0x00EF2000 \SystemRoot\system32\CI.dll

0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00D65000 \SystemRoot\system32\drivers\ACPI.sys

0x00EB3000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00EBC000 \SystemRoot\system32\drivers\msisadrv.sys

0x00FB2000 \SystemRoot\system32\drivers\pci.sys

0x00FE5000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00EC6000 \SystemRoot\System32\drivers\partmgr.sys

0x00EDB000 \SystemRoot\system32\drivers\compbatt.sys

0x00EE4000 \SystemRoot\system32\drivers\BATTC.SYS

0x00DBC000 \SystemRoot\system32\drivers\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys

0x01048000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x0119C000 \SystemRoot\system32\drivers\atapi.sys

0x011A5000 \SystemRoot\system32\drivers\ataport.SYS

0x011CF000 \SystemRoot\system32\drivers\msahci.sys

0x011DA000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x011EA000 \SystemRoot\system32\drivers\amdxata.sys

0x0125F000 \SystemRoot\system32\drivers\fltmgr.sys

0x012AB000 \SystemRoot\system32\drivers\fileinfo.sys

0x0143B000 \SystemRoot\System32\Drivers\Ntfs.sys

0x012BF000 \SystemRoot\System32\Drivers\msrpc.sys

0x015DE000 \SystemRoot\System32\Drivers\ksecdd.sys

0x0131D000 \SystemRoot\System32\Drivers\cng.sys

0x01400000 \SystemRoot\System32\drivers\pcw.sys

0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01628000 \SystemRoot\system32\drivers\ndis.sys

0x0171B000 \SystemRoot\system32\drivers\NETIO.SYS

0x0177B000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01835000 \SystemRoot\System32\drivers\tcpip.sys

0x01A38000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01A82000 \SystemRoot\system32\drivers\volsnap.sys

0x01ACE000 \SystemRoot\System32\DRIVERS\ApsHM64.sys

0x01AD8000 \SystemRoot\System32\Drivers\spldr.sys

0x01AE0000 \SystemRoot\System32\drivers\rdyboost.sys

0x01B1A000 \SystemRoot\System32\DRIVERS\Apsx64.sys

0x01B40000 \SystemRoot\System32\Drivers\mup.sys

0x01B52000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01B5B000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01B95000 \SystemRoot\system32\drivers\disk.sys

0x01BAB000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x0417C000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x02E8E000 \SystemRoot\System32\Drivers\aswSnx.SYS

0x02F7C000 \SystemRoot\System32\Drivers\Null.SYS

0x02F85000 \SystemRoot\System32\Drivers\Beep.SYS

0x0F243000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS

0x103E8000 \SystemRoot\System32\drivers\vga.sys

0x0F200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0F225000 \SystemRoot\System32\drivers\watchdog.sys

0x0F235000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x103F6000 \SystemRoot\system32\drivers\rdpencdd.sys

0x02F8C000 \SystemRoot\system32\drivers\rdprefmp.sys

0x02F95000 \SystemRoot\System32\Drivers\Msfs.SYS

0x02FA0000 \SystemRoot\System32\Drivers\Npfs.SYS

0x02FB1000 \SystemRoot\system32\DRIVERS\tdx.sys

0x02FD3000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02FE0000 \SystemRoot\System32\Drivers\aswTdi.SYS

0x02E00000 \SystemRoot\system32\drivers\afd.sys

0x041A6000 \SystemRoot\System32\Drivers\aswrdr2.sys

0x041B6000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02FF2000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x04000000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x01800000 \SystemRoot\system32\DRIVERS\pacer.sys

0x01BE9000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x01826000 \SystemRoot\system32\DRIVERS\netbios.sys

0x017A5000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x04009000 \SystemRoot\System32\drivers\Tppwr64v.sys

0x017C0000 \SystemRoot\system32\DRIVERS\termdd.sys

0x0138F000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x017D4000 \SystemRoot\system32\drivers\nsiproxy.sys

0x017E0000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x017EB000 \SystemRoot\system32\DRIVERS\smiifx64.sys

0x01600000 \SystemRoot\System32\drivers\discache.sys

0x0141B000 \SystemRoot\System32\Drivers\dfsc.sys

0x0160F000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x01200000 \SystemRoot\System32\Drivers\aswSP.SYS

0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0421F000 \SystemRoot\system32\DRIVERS\atikmpag.sys

0x04A37000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x05834000 \SystemRoot\system32\DRIVERS\igdpmd64.sys

0x0426E000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x0536C000 \SystemRoot\System32\drivers\dxgmms1.sys

0x063ED000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x05800000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x04362000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x053B2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x066D0000 \SystemRoot\system32\DRIVERS\NETwNs64.sys

0x06F56000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x06F63000 \SystemRoot\system32\DRIVERS\jmcr.sys

0x06F91000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x06600000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x06685000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x05405000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x0546B000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x0546D000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x0547C000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys

0x05489000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x05492000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x05497000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x054A6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x054B3000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x054C9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x054D9000 \SystemRoot\system32\DRIVERS\serscan.sys

0x054E1000 \SystemRoot\system32\drivers\ksthunk.sys

0x054E7000 \SystemRoot\system32\drivers\ks.sys

0x0552A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x05540000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x05564000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x05570000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0559F000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x055BA000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x055DB000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x066A3000 \SystemRoot\system32\DRIVERS\psadd.sys

0x055F5000 \SystemRoot\system32\DRIVERS\swenum.sys

0x066B1000 \SystemRoot\system32\DRIVERS\iwdbus.sys

0x066BD000 \SystemRoot\system32\DRIVERS\umbus.sys

0x07434000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x0748E000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x09063000 \SystemRoot\system32\drivers\CHDRT64.sys

0x09000000 \SystemRoot\system32\drivers\portcls.sys

0x0903D000 \SystemRoot\system32\drivers\drmk.sys

0x074A3000 \SystemRoot\system32\DRIVERS\IntcDAud.sys

0x000A0000 \SystemRoot\System32\win32k.sys

0x091F1000 \SystemRoot\System32\drivers\Dxapi.sys

0x074F6000 \SystemRoot\System32\Drivers\crashdmp.sys

0x04010000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x07504000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x07517000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x0260C000 \SystemRoot\System32\Drivers\SPUVCbv_x64.sys

0x028DB000 \SystemRoot\System32\Drivers\STREAM.SYS

0x02ABB000 \SystemRoot\system32\DRIVERS\btwampfl.sys

0x02DAB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x02DB4000 \SystemRoot\System32\Drivers\BTHUSB.sys

0x02A00000 \SystemRoot\System32\Drivers\bthport.sys

0x02A8C000 \SystemRoot\system32\DRIVERS\rfcomm.sys

0x02DCC000 \SystemRoot\system32\DRIVERS\BthEnum.sys

0x02DDC000 \SystemRoot\system32\DRIVERS\bthpan.sys

0x0292E000 \SystemRoot\system32\DRIVERS\bthmodem.sys

0x02945000 \SystemRoot\system32\DRIVERS\hidbth.sys

0x02963000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x0297C000 \SystemRoot\system32\DRIVERS\btwavdt.sys

0x07534000 \SystemRoot\system32\drivers\btwaudio.sys

0x028EC000 \SystemRoot\system32\DRIVERS\btwl2cap.sys

0x02DFC000 \SystemRoot\system32\DRIVERS\btwrchid.sys

0x028FA000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x02907000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00430000 \SystemRoot\System32\TSDDD.dll

0x006A0000 \SystemRoot\System32\cdd.dll

0x075C8000 \SystemRoot\system32\drivers\luafv.sys

0x07400000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

0x02915000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0x0291E000 \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

0x06FC0000 \SystemRoot\system32\drivers\WudfPf.sys

0x07421000 \SystemRoot\system32\DRIVERS\WinUSB.sys

0x04A00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x075EB000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x03C72000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x03CC5000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x03CD8000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x03CF0000 \SystemRoot\system32\drivers\HTTP.sys

0x03DB9000 \SystemRoot\system32\DRIVERS\bowser.sys

0x03DD7000 \SystemRoot\System32\drivers\mpsdrv.sys

0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x064B9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x06507000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x0652B000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x06535000 \SystemRoot\system32\drivers\peauth.sys

0x065DB000 \SystemRoot\System32\Drivers\secdrv.SYS

0x06400000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x06431000 \SystemRoot\System32\drivers\tcpipreg.sys

0x06443000 \SystemRoot\System32\DRIVERS\srv2.sys

0x0C0BD000 \SystemRoot\System32\DRIVERS\srv.sys

0x0C155000 \SystemRoot\System32\drivers\ipnat.sys

0x0C184000 \??\C:\Windows\system32\drivers\mbam.sys

0x0C18E000 \SystemRoot\system32\DRIVERS\Sftvollh.sys

0x20A1F000 \SystemRoot\system32\DRIVERS\Sftfslh.sys

0x20AE0000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys

0x20B2D000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys

0x20B38000 \SystemRoot\system32\drivers\spsys.sys

0x772E0000 \Windows\System32\ntdll.dll

0x47EA0000 \Windows\System32\smss.exe

0xFF600000 \Windows\System32\apisetschema.dll

0xFF360000 \Windows\System32\autochk.exe

0xFF5E0000 \Windows\System32\lpk.dll

0x77190000 \Windows\System32\urlmon.dll

0xFF580000 \Windows\System32\Wldap32.dll

0xFF550000 \Windows\System32\imm32.dll

0xFF540000 \Windows\System32\nsi.dll

0xFF4A0000 \Windows\System32\clbcatq.dll

0xFF420000 \Windows\System32\shlwapi.dll

0x774B0000 \Windows\System32\normaliz.dll

0xFF2F0000 \Windows\System32\rpcrt4.dll

0xFF2A0000 \Windows\System32\ws2_32.dll

0xFE510000 \Windows\System32\shell32.dll

0xFE4F0000 \Windows\System32\imagehlp.dll

0xFE450000 \Windows\System32\msvcrt.dll

0xFE370000 \Windows\System32\oleaut32.dll

0xFE160000 \Windows\System32\ole32.dll

0xFE0F0000 \Windows\System32\gdi32.dll

0x77090000 \Windows\System32\user32.dll

0x774A0000 \Windows\System32\psapi.dll

0x76F30000 \Windows\System32\wininet.dll

0xFE050000 \Windows\System32\comdlg32.dll

0xFDF80000 \Windows\System32\usp10.dll

0x76D20000 \Windows\System32\iertutil.dll

0xFDE70000 \Windows\System32\msctf.dll

0xFDD90000 \Windows\System32\advapi32.dll

0xFDD70000 \Windows\System32\sechost.dll

0xFDCF0000 \Windows\System32\difxapi.dll

0x76C00000 \Windows\System32\kernel32.dll

0xFDB10000 \Windows\System32\setupapi.dll

0xFDAD0000 \Windows\System32\wintrust.dll

0xFDA60000 \Windows\System32\KernelBase.dll

0xFD8F0000 \Windows\System32\crypt32.dll

0xFD8D0000 \Windows\System32\devobj.dll

0xFD890000 \Windows\System32\cfgmgr32.dll

0xFD7F0000 \Windows\System32\comctl32.dll

0xFD7E0000 \Windows\System32\msasn1.dll

0x75260000 \Windows\SysWOW64\normaliz.dll

Processes (total 143):

0 System Idle Process

4 System

416 C:\Windows\System32\smss.exe

532 csrss.exe

640 C:\Windows\System32\wininit.exe

664 csrss.exe

700 C:\Windows\System32\services.exe

720 C:\Windows\System32\lsass.exe

728 C:\Windows\System32\lsm.exe

812 C:\Windows\System32\winlogon.exe

872 C:\Windows\System32\svchost.exe

1004 C:\Windows\System32\ibmpmsvc.exe

444 C:\Windows\System32\svchost.exe

604 C:\Windows\System32\atiesrxx.exe

544 C:\Windows\System32\svchost.exe

1060 C:\Windows\System32\svchost.exe

1092 C:\Windows\System32\svchost.exe

1164 C:\Windows\System32\audiodg.exe

1212 C:\Windows\System32\svchost.exe

1292 WUDFHost.exe

1352 C:\Windows\System32\svchost.exe

1468 C:\Program Files\AVAST Software\Avast\AvastSvc.exe

1476 C:\Windows\System32\wlanext.exe

1484 C:\Windows\System32\conhost.exe

1700 C:\Windows\System32\spoolsv.exe

1732 C:\Windows\System32\svchost.exe

1828 C:\Windows\System32\svchost.exe

1924 C:\Program Files\Lenovo\HOTKEY\tphkload.exe

1960 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

2004 C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

1376 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1616 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2056 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

2092 C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

2260 C:\Program Files\Bonjour\mDNSResponder.exe

2304 C:\Windows\System32\CxAudMsg64.exe

2352 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

2384 C:\Windows\SysWOW64\svchost.exe

2820 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

2844 C:\Program Files\Lenovo\Communications Utility\CamMute.exe

2880 C:\Program Files\Lenovo\HOTKEY\micmute.exe

2912 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

2940 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

2964 C:\Windows\System32\svchost.exe

3036 C:\Windows\System32\svchost.exe

3064 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

2152 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

2204 C:\Windows\SysWOW64\SASrv.exe

1676 C:\Windows\System32\svchost.exe

2520 C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

2764 C:\Windows\System32\svchost.exe

2992 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

3084 C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe

3484 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

3516 C:\Windows\System32\atieclxx.exe

3748 C:\Windows\System32\alg.exe

3800 C:\Windows\System32\svchost.exe

3840 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

4080 WmiPrvSE.exe

3228 unsecapp.exe

4180 C:\Windows\System32\svchost.exe

4212 C:\Windows\System32\svchost.exe

4792 C:\Windows\System32\dwm.exe

4820 C:\Windows\System32\taskhost.exe

4136 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe

4244 C:\Windows\System32\rundll32.exe

4360 C:\Windows\System32\taskeng.exe

2948 C:\PROGRA~1\Lenovo\HOTKEY\mkrmsg.exe

4348 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.exe

4436 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

3620 C:\Windows\System32\taskeng.exe

1012 C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe

5012 C:\Windows\System32\wbem\unsecapp.exe

4376 C:\Windows\explorer.exe

4880 C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe

1556 C:\Windows\System32\SearchIndexer.exe

2140 C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe

4456 C:\Windows\System32\igfxext.exe

5080 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

5092 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

904 C:\Windows\System32\TpShocks.exe

4356 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

5128 C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

5144 C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe

5168 C:\Windows\System32\hkcmd.exe

5188 C:\Windows\System32\igfxpers.exe

5224 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

5272 C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

5312 C:\Users\m nathali\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

5504 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

5568 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

5576 C:\Windows\System32\conhost.exe

5640 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

5680 C:\Users\m nathali\AppData\Roaming\Dropbox\bin\Dropbox.exe

5848 C:\Program Files (x86)\ODD Eject\ODDEject.exe

5856 C:\Program Files (x86)\Integrated Camera\Monitor.exe

5880 C:\Windows\SysWOW64\rundll32.exe

5932 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

5952 C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

6004 C:\Windows\System32\rundll32.exe

3472 C:\Program Files\Windows Media Player\wmpnetwk.exe

3224 C:\Program Files\AVAST Software\Avast\AvastUI.exe

6040 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

5972 C:\Program Files (x86)\Lenovo\Access Connections\ACWLIcon.exe

3740 C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe

3912 C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

3948 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

1084 C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.EXE

1640 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

3968 C:\Program Files (x86)\iTunes\iTunesHelper.exe

6684 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

6740 C:\Windows\System32\svchost.exe

6852 C:\Program Files\iPod\bin\iPodService.exe

3880 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

7032 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

6516 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

7392 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

7624 dllhost.exe

7892 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

8088 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

8120 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

7604 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

3612 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

7820 C:\Windows\System32\sppsvc.exe

5808 C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe

4424 unsecapp.exe

7292 C:\Program Files (x86)\Lenovo\System Update\SUService.exe

7776 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

7960 taskhost.exe

8008 C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

1968 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

4528 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

4648 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

5212 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

7020 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

8384 WmiPrvSE.exe

8680 C:\Windows\System32\svchost.exe

8872 C:\Windows\System32\wbem\WMIADAP.exe

8752 C:\Windows\System32\igfxsrvc.exe

9028 dllhost.exe

3572 dllhost.exe

8868 C:\Users\m nathali\Downloads\MBRCheck.exe

7660 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000070`88b00000 (NTFS)

\\.\R: --> error 5

PhysicalDrive0 Model Number: HITACHIHTS545050A7E380, Rev: GG2ZB600

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Link to post
Share on other sites

Good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Hi again

I attempted an avast scan but was able to cancel it as it had stopped working. A grey screen kept coming up when i tried top cancel the scan

Also when I did the eset scan - 2 times - a windows message popped up saying eset scan had stopped working

see below the log

what should i try next?

mandy

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Link to post
Share on other sites

its ok but no virus support. avast and defender are still off. I really like avast to do a complete scan without crashing. I also like to get malwarebytes to be able to scan without crashing too. I still think something is wrong... I never get black grey screens EVER and since friday night they pop up during virus scans and then the whole computer....

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.