Jump to content

Infected with Trojan.Agent


KGreen
 Share

Recommended Posts

Hi, I recently ran MBAM and it's associated beta AntiRoot Kit tool on my PC. Both report that I have an infected registry key and both programs appear to quarantine the entry. But after rebooting the PC, the key appears to come back. Is this a real threat or a false positive? No other security scanning program I have tried seems to find it. Here are the 2 files requested:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 1.6.0_39
Run by KGreen at 16:15:04 on 2013-09-08
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3979.1773 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\NSi\AutoStore Workflow 6\ASGSB.exe
C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Prism Software\DocRecord\Automation\DocRecord_AutomationSvc.exe
C:\Program Files (x86)\Prism Software\DocRecord\Server\DocRecord_DocumentSvc.exe
C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
C:\Program Files (x86)\EFI\OFASQ\lmgrd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
C:\Windows\SysWOW64\CBA\pds.exe
C:\PROGRA~2\LANDesk\LDClient\issuser.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\EFI\OFASQ\ofaApp.exe
C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PDFProFiltSrv.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Prism Software\ScanPath\ScanPath KMBS\ScanPathKmbsSvc.exe
C:\Program Files (x86)\Prism Software\ScanPath\Server\ScanPath Server Service.exe
C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~2\LANDesk\LDClient\collector.exe
C:\Program Files (x86)\EFI\OFASQ\lmgrd.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\Windows\Explorer.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~2\LANDesk\LDClient\rcgui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\KONICA MINOLTA\FTP Utility\KMFtp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PdfPro8Hook.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo Online Backup\lenovo-oldbbackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lenovo Online Backup\lenovo-oldbbackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\PlusIEContextMenu.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130222083149.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: ZeonIEEventHelper Class: {C7DA0384-42AA-428c-B832-88AC343DE1A8} - C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\GZeonIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Nuance PDF: {BCCE15AE-AC7E-4bc9-94AF-2A714A412BCB} - C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\GZeonIEFavClient.dll
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [PDF8 Registry Controller] "C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\RegistryController.exe"
mRun: [PDFProHook] "C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\pdfpro8hook.exe"
mRun: [inboxMonitor] "C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\InboxMonitor.exe" /run
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FTPUTI~1.LNK - C:\Program Files (x86)\KONICA MINOLTA\FTP Utility\KMFtp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NUANCE~1.LNK - C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: DisableLockWorkStation = dword:1
mPolicies-System: NoLogoff = dword:1
mPolicies-System: DisableChangePassword = dword:1
mPolicies-System: DisableLockWorkStation = dword:1
mPolicies-System: HideFastUserSwitching = dword:1
mPolicies-System: NoLogoff = dword:1
mPolicies-System: DisableChangePassword = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 8 - C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\cnvres_eng.dll /100
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: pwreset





TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2826F7C6-BF54-442B-AF31-7566F4CA5003} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2826F7C6-BF54-442B-AF31-7566F4CA5003}\255616C64797055726C69636 : DHCPNameServer = 4.2.2.2
TCP: Interfaces\{2826F7C6-BF54-442B-AF31-7566F4CA5003}\67963747163786F6275602D2027457563747 : DHCPNameServer = 24.93.41.125 24.93.41.126
TCP: Interfaces\{2826F7C6-BF54-442B-AF31-7566F4CA5003}\8497164747 : DHCPNameServer = 50.57.99.138 50.57.100.29 8.8.8.8
TCP: Interfaces\{2826F7C6-BF54-442B-AF31-7566F4CA5003}\A596F6E6 : DHCPNameServer = 192.168.50.15
TCP: Interfaces\{2826F7C6-BF54-442B-AF31-7566F4CA5003}\B4B4E45445 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2826F7C6-BF54-442B-AF31-7566F4CA5003}\C4162776F6 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4B06E10C-0E8D-4A04-AB4D-325C0D24397D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D342DA2B-7D40-4B58-8F45-07314AC2C384} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E20F821F-2720-4F4B-8596-BE0814BFB887} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130222083149.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Trusted Zone: pwreset
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kgreen\AppData\Roaming\Mozilla\Firefox\Profiles\6xj314mz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mykonicaminolta.com/wps/portal/mkm/hidden/login/!ut/p/b1/04_SjzQ1NDIwMTC1MNSP0I_KSyzLTE8syczPS8wB8aPM4j1cAgwsnQwdDfwNXS0NPM3DvA3cjT2NDAINgAoikRUYeLgbGHh6eAU5GQX4GVuYmhGn3wAHcDQgpD9cPwpVCRYXgBXgscLPIz83VT83KsfN0lPXEQBb47M1/dl4/d5/L2dBISEvZ0FBIS9nQSEh/|https://mail.google.com/mail/u/0/?shva=1#inbox|http://fyi.toshiba.com/|http://sertech.us/|https://eetime31.adp.com/jp5e/logon/logonWFC.html
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\Bin\nppdf.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-6-14 29512]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-8-25 665768]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-8-25 303464]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-29 25416]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-9-5 73296]
R1 lenovo-oldbFilter;lenovo-oldbFilter;C:\Windows\System32\drivers\lenovo-oldb.sys [2012-8-29 67328]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2012-6-14 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-1-2 75648]
R2 ASGSB;AutoStore General Services Broker;C:\Program Files (x86)\NSI\AutoStore Workflow 6\ASGSB.exe [2013-5-8 338232]
R2 CBA8;LANDesk® Management Agent;C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe [2011-8-1 147456]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-6-14 198784]
R2 DocRecord_AutomationSvc;DocRecord Automation Server;C:\Program Files (x86)\Prism Software\DocRecord\Automation\DocRecord_AutomationSvc.exe [2012-3-15 45056]
R2 DocRecord_DocumentSvc;DocRecord Document Server;C:\Program Files (x86)\Prism Software\DocRecord\Server\DocRecord_DocumentSvc.exe [2012-3-15 40960]
R2 EFI ES1000;EFI ES1000;C:\Program Files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [2013-1-2 11776]
R2 EFI License Manager;EFI License Manager;C:\Program Files (x86)\EFI\OFASQ\lmgrd.exe [2013-1-2 1406800]
R2 GladFileMonSvc;GladFileMonSvc;C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2012-11-13 29592]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [2012-8-29 207872]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [2012-8-29 179200]
R2 LANDesk® Out-of-Band Monitor Service;LANDesk® Out-of-Band Monitor Service;C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe [2012-8-29 1058304]
R2 lenovo-oldbbackup;Lenovo Online Backup Service;C:\Program Files\Lenovo Online Backup\lenovo-oldbbackup.exe [2011-11-30 441744]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-6-14 43584]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-6-14 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-6-14 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-6-14 133992]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2012-11-27 132712]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-8-25 201864]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2011-9-14 209760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-25 170440]
R2 ofaApp;ofaApp;C:\Program Files (x86)\EFI\OFASQ\ofaApp.exe [2013-1-2 2233856]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\eCopy PDF Pro Office 6\PDFProFiltSrv.exe [2012-11-19 135056]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-6-14 101888]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 ScanPathKmbsSvc;ScanPath KMBS Service;C:\Program Files (x86)\Prism Software\ScanPath\ScanPath KMBS\ScanPathKmbsSvc.exe [2012-10-7 12800]
R2 ScanPathSvc;ScanPathSvc;C:\Program Files (x86)\Prism Software\ScanPath\Server\ScanPath Server Service.exe [2013-1-28 15360]
R2 Softmon;LANDesk® Software Monitoring Service;C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe [2012-8-29 403632]
R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-6-14 446800]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-6-14 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-6-14 142696]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-14 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-8-26 904248]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-14 317440]
R3 ldmirror;ldmirror;C:\Windows\System32\drivers\ldmirror.sys [2012-8-29 5120]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-8-25 274880]
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\Windows\System32\drivers\mirrorflt.sys [2012-8-29 7168]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-3-26 145472]
S2 ProcTrigger;LANDesk® Process Trigger Service;C:\Program Files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe [2012-8-29 143872]
S2 tracksvc;LANDesk® Power Management Track Service;C:\Program Files (x86)\LANDesk\LDClient\tracksvc.exe [2012-8-29 66560]
S3 ASMPB;AutoStore Status Monitor Port Broker;"C:\Program Files (x86)\NSI\AutoStore\ASMPB.exe" --> C:\Program Files (x86)\NSI\AutoStore\ASMPB.exe [?]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2013-6-13 15768]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-6-14 320576]
S3 hasplms;Sentinel HASP License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
S3 ldblank;Screen Blanking driver for Remote Control;C:\Windows\System32\drivers\ldblank.sys [2012-8-29 20992]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-8-25 101200]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-6-14 1662528]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-6-14 165440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-20 19456]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-6-14 1161832]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-20 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-20 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-20 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-14 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 44896]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-09-08 21:00:23    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02B94684-04AD-4269-BDB1-2C1938F75953}\offreg.dll
2013-09-08 03:37:42    --------    d-----w-    C:\Users\kgreen\AppData\Roaming\SUPERAntiSpyware.com
2013-09-08 03:37:09    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-09-08 03:37:09    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-09-07 22:41:58    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-06 23:44:16    9515512    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02B94684-04AD-4269-BDB1-2C1938F75953}\mpengine.dll
2013-09-06 02:10:00    73296    ----a-w-    C:\Windows\System32\drivers\vsock.sys
2013-09-06 02:10:00    67664    ----a-w-    C:\Windows\System32\vsocklib.dll
2013-09-06 02:10:00    63568    ----a-w-    C:\Windows\SysWow64\vsocklib.dll
2013-09-06 02:09:58    64080    ----a-w-    C:\Windows\System32\drivers\vmx86.sys
2013-09-06 02:09:57    32848    ----a-w-    C:\Windows\System32\drivers\VMkbd.sys
2013-09-06 02:09:22    358480    ----a-w-    C:\Windows\SysWow64\vmnetdhcp.exe
2013-09-06 02:09:21    437328    ----a-w-    C:\Windows\SysWow64\vmnat.exe
2013-09-06 02:09:13    30800    ----a-w-    C:\Windows\System32\drivers\vmnetuserif.sys
2013-09-06 02:09:09    930384    ----a-w-    C:\Windows\System32\vnetlib64.dll
2013-09-06 02:09:05    53816    ----a-w-    C:\Windows\System32\drivers\hcmon.sys
2013-09-06 02:08:19    --------    d-----w-    C:\Program Files\Common Files\VMware
2013-09-06 02:07:41    --------    d-----w-    C:\Program Files (x86)\Common Files\VMware
2013-08-27 17:42:02    80464    ----a-w-    C:\Windows\System32\vmnetbridge.dll
2013-08-27 17:42:02    49232    ----a-w-    C:\Windows\System32\vnetinst.dll
2013-08-27 17:42:02    46160    ----a-w-    C:\Windows\System32\drivers\vmnetbridge.sys
2013-08-27 17:42:02    24656    ----a-w-    C:\Windows\System32\drivers\vmnet.sys
2013-08-27 17:42:02    20560    ----a-w-    C:\Windows\System32\drivers\vmnetadapter.sys
2013-08-23 13:34:31    41472    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\KOAYQA_P.DLL
2013-08-23 13:33:49    83968    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\KOAYQJ_P.DLL
2013-08-23 13:26:42    17408    ----a-w-    C:\Windows\System32\KOAYQA_L.DLL
2013-08-23 13:26:38    17408    ----a-w-    C:\Windows\System32\KOAYQJ_L.DLL
2013-08-22 23:05:02    --------    d-----w-    C:\Program Files (x86)\MFP Utility
2013-08-15 23:25:12    85584    ----a-w-    C:\Windows\System32\drivers\vmci.sys
2013-08-14 15:31:02    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-08-14 15:31:02    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-08-14 15:31:02    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-08-14 15:31:02    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-08-14 15:31:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-08-14 15:31:01    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 15:31:01    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-08-14 15:31:01    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-08-14 15:25:30    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-08-14 15:25:30    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-08-14 15:22:00    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-08-14 15:22:00    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
.
==================== Find3M  ====================
.
2013-09-08 21:02:12    17920    ----a-w-    C:\Windows\System32\rpcnetp.exe
2013-09-08 21:01:42    69792    ----a-w-    C:\Windows\SysWow64\rpcnet.dll
2013-09-08 20:04:43    17920    ----a-w-    C:\Windows\SysWow64\rpcnetp.dll
2013-09-08 20:04:13    17920    ----a-w-    C:\Windows\SysWow64\rpcnetp.exe
2013-08-31 19:33:05    952    --sha-w-    C:\ProgramData\KGyGaAvL.sys
2013-08-22 13:35:56    90112    ----a-w-    C:\Windows\SysWow64\KOBDrvAPIIF.DLL
2013-08-22 13:35:56    152064    ----a-w-    C:\Windows\KOBDrvAPIW64.EXE
2013-08-22 13:35:56    108544    ----a-w-    C:\Windows\System32\KOBDrvAPIIF.DLL
2013-08-21 04:07:44    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-21 04:07:43    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-09 04:07:29    294248    ----a-w-    C:\Windows\System32\drivers\VMM.sys
2013-07-26 05:13:37    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-26 05:12:08    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-16 17:20:12    15360    ----a-w-    C:\Windows\System32\KOAZCA_L.DLL
2013-07-16 17:19:59    15360    ----a-w-    C:\Windows\System32\KOAZCJ_L.DLL
2013-07-09 06:03:30    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-03 16:01:09    7168    ----a-w-    C:\Windows\System32\MTAG320J.DLL
2013-07-03 16:01:09    186296    ----a-w-    C:\Windows\System32\MUINST0J.EXE
2013-07-03 16:01:08    73728    ----a-w-    C:\Windows\System32\MSPOOL0J.DLL
2013-07-03 16:01:08    298496    ----a-w-    C:\Windows\System32\MSMCML0J.DLL
2013-07-03 16:01:07    61440    ----a-w-    C:\Windows\System32\MLMON_0J.DLL
2013-07-03 16:01:06    17408    ----a-w-    C:\Windows\System32\MIMF320J.DLL
2013-07-03 16:01:06    13312    ----a-w-    C:\Windows\System32\MICM__0J.DLL
2013-07-03 16:01:05    34816    ----a-w-    C:\Windows\System32\MGDI320J.DLL
2013-07-03 16:01:05    21504    ----a-w-    C:\Windows\System32\MCMM__0J.DLL
2013-06-15 04:32:16    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2012-11-21 10:00:40    4096000    ----a-w-    C:\Program Files (x86)\GUTC9E.tmp
.
============= FINISH: 16:15:56.82 ===============
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 11/21/2012 3:59:40 AM
System Uptime: 9/8/2013 4:01:08 PM (0 hours ago)
.
Motherboard: LENOVO |  | 4177RVU
Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 75.347 GiB free.
D: is CDROM ()
E: is Removable
N: is NetworkDisk (FAT) - 298 GiB total, 75.347 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter for 64-bit Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter for 64-bit Windows
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP133: 8/28/2013 8:31:45 AM - Windows Update
RP134: 8/31/2013 7:21:25 PM - Windows Update
RP135: 9/4/2013 12:39:30 AM - Windows Update
RP136: 9/6/2013 6:44:40 PM - Installed KONICA MINOLTA HDD Backup Utility.
RP137: 9/7/2013 6:29:09 PM - Malwarebytes Anti-Rootkit Restore Point
RP138: 9/7/2013 9:25:24 PM - Malwarebytes Anti-Rootkit Restore Point
RP139: 9/7/2013 10:22:32 PM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
6.0SoftwareMaintenance
Adobe Connect 9 Add-in
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.6
AutoStore 6 Framework Extensions
AutoStore 6 Service Pack 1
AutoStore Workflow 6
Burn.Now 4.5
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco Systems VPN Client 5.0.07.0290
Computrace
Conexant 20672 SmartAudio HD
Corel Burn.Now Lenovo Edition
Corel WinDVD
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DHTML Editing Component
DocRecord Advanced Viewers
DocRecord Automation Server
DocRecord Desktop Client
DocRecord Document Server
DocRecord Index Station
DocRecord OCR and Barcode Recognition
DocRecord Office Extension
DocRecord Web Server
eCopy PDF Pro Office 6
Eos for DHV
Fiery User Software-5.4.0.17
Firmware Imaging Toolkit 2006
FTP Utility
Google Chrome
Google Earth Plug-in
Google Update Helper
Hitachi ID Password Manager Local Reset Extension
Hitachi ID Password Manager Local SKA
HP Officejet Pro 8600 Basic Device Software
Intel® Control Center
Intel® Identity Protection Technology 1.0.74.0
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® Processor Graphics
IrfanView (remove only)
Japanese Fonts Support For Adobe Reader X
Java Auto Updater
Java 6 Update 39
KONICA MINOLTA 754Series(PS_PCL_FAX)
KONICA MINOLTA bizhub C650 Series
KONICA MINOLTA bizhub MarketPlace Installer 1.3.5.1
KONICA MINOLTA C364Series(PS_PCL_FAX)
KONICA MINOLTA C652Series
KONICA MINOLTA Device Set-Up
KONICA MINOLTA HDD Backup Utility
KONICA MINOLTA magicolor 3730
KONICA MINOLTA PageScope Box Operator 3.2.11000
KONICA MINOLTA TWAIN Ver.3
KONICA MINOLTA Universal PCL
LANDesk Advance Agent
LANDesk® Common Base Agent 8
Lenovo Auto Scroll Utility
Lenovo Online Backup
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Screen Reading Optimizer
Lenovo System Interface Driver
Lenovo System Update
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Agent
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft redistributable runtime DLLs VS2008 SP1(x86)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86)
Microsoft Silverlight
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Command Line Utilities
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
Microsoft WSE 3.0 Runtime
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4.0 redistributable
NSi AutoStore Solution Framework version Spring2013
Nuance Cloud Connector
OFA for Sequence 0.9.2.7 (remove only)
On Screen Display
PageScope Data Admin V4
PDL Downloader ver3.2.1
Power Manager
RapidBoot
RICOH_Media_Driver_v2.14.18.01
SAP Business Explorer
SAP GUI for Windows 7.20
ScanPath
ScanPath KMBS
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
ServiceSupportTool
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Software Maintenance
Splash Lite
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad UltraNav Utility
ThinkPad Wireless LAN Adapter Software
ThinkVantage Active Protection System
ThinkVantage Communications Utility
tools-windows
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
USB PrepTool
VMware Player
Windows Mobile Device Center
.
==== Event Viewer Messages From Past Week ========
.
9/8/2013 4:06:05 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067]  - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
9/8/2013 4:02:40 PM, Error: mbamchameleon [61440]  -
9/8/2013 4:02:30 PM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
9/8/2013 4:01:26 PM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain KMBSUS due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
9/8/2013 11:36:12 AM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
9/8/2013 11:08:53 AM, Error: Microsoft-Windows-GroupPolicy [1053]  - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:  a) Name Resolution failure on the current domain controller.  b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
9/8/2013 11:08:51 AM, Error: Microsoft-Windows-GroupPolicy [1055]  - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:  a) Name Resolution failure on the current domain controller.  b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
9/7/2013 9:29:09 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  MBAMSwissArmy
9/7/2013 4:14:09 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:14:08 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/7/2013 4:14:07 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/7/2013 4:14:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/7/2013 4:14:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/7/2013 4:14:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/7/2013 4:13:50 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/7/2013 4:13:39 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:13:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
9/7/2013 4:13:24 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache lenovo-oldbFilter lenovo.smi mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vmm vwififlt Wanarpv6 WfpLwf ws2ifsl
9/7/2013 4:13:24 PM, Error: Service Control Manager [7001]  - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The Netlogon service depends on the Workstation service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/7/2013 4:13:23 PM, Error: Service Control Manager [7001]  - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error:  The dependency service or group failed to start.
9/7/2013 4:11:52 PM, Error: Service Control Manager [7043]  - The HyperW7 Service service did not shut down properly after receiving a preshutdown control.
9/7/2013 4:02:43 PM, Error: Service Control Manager [7000]  - The World Wide Web Publishing Service service failed to start due to the following error:  A system shutdown is in progress.
9/7/2013 4:02:43 PM, Error: Service Control Manager [7000]  - The VMware USB Arbitration Service service failed to start due to the following error:  The pipe has been ended.
9/7/2013 4:02:43 PM, Error: Service Control Manager [7000]  - The IP Helper service failed to start due to the following error:  A system shutdown is in progress.
9/7/2013 4:02:42 PM, Error: Service Control Manager [7000]  - The VMware DHCP Service service failed to start due to the following error:  The pipe has been ended.
9/7/2013 4:02:42 PM, Error: Service Control Manager [7000]  - The VMware Authorization Service service failed to start due to the following error:  The pipe has been ended.
9/7/2013 11:58:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the VMware Authorization Service service to connect.
9/7/2013 11:58:34 PM, Error: Service Control Manager [7000]  - The VMware Authorization Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/7/2013 11:54:33 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service.
9/7/2013 11:10:42 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/7/2013 10:52:10 PM, Error: Service Control Manager [7034]  - The VMware Authorization Service service terminated unexpectedly.  It has done this 1 time(s).
9/5/2013 10:42:34 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the VMware DHCP Service service to connect.
9/5/2013 10:42:34 AM, Error: Service Control Manager [7000]  - The VMware DHCP Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/1/2013 1:48:02 AM, Error: Service Control Manager [7031]  - The McAfee McShield service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

Thanks for any help. KG

Link to post
Share on other sites

Hello KGreen and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please post your Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Thanks Borislav

 

MBAM Log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
KGreen :: KGREENW7 [administrator]

9/8/2013 3:21:17 PM
mbam-log-2013-09-08 (15-21-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335778
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Win32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Here is ComboFix's log:

 

ComboFix 13-09-08.02 - KGreen 09/08/2013  17:01:56.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3979.1729 [GMT -5:00]
Running from: c:\users\kgreen\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\3002.abs
c:\programdata\3002.xml
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\kgreen\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AF79B83C-52C8-4B5E-B06D-6B3DE0FDA31D}.xps
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-08 to 2013-09-08  )))))))))))))))))))))))))))))))
.
.
2013-09-08 22:09 . 2013-09-08 22:09    --------    d-----w-    c:\users\help\AppData\Local\temp
2013-09-08 21:00 . 2013-09-08 21:24    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{02B94684-04AD-4269-BDB1-2C1938F75953}\offreg.dll
2013-09-08 03:37 . 2013-09-08 03:37    --------    d-----w-    c:\users\kgreen\AppData\Roaming\SUPERAntiSpyware.com
2013-09-08 03:37 . 2013-09-08 03:37    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-09-08 03:37 . 2013-09-08 03:37    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-09-07 22:41 . 2013-09-08 20:59    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-06 23:44 . 2013-08-06 08:58    9515512    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{02B94684-04AD-4269-BDB1-2C1938F75953}\mpengine.dll
2013-09-06 02:10 . 2013-08-15 23:25    67664    ----a-w-    c:\windows\system32\vsocklib.dll
2013-09-06 02:10 . 2013-08-15 23:25    73296    ----a-w-    c:\windows\system32\drivers\vsock.sys
2013-09-06 02:10 . 2013-08-15 23:25    63568    ----a-w-    c:\windows\SysWow64\vsocklib.dll
2013-09-06 02:09 . 2013-08-27 17:42    64080    ----a-w-    c:\windows\system32\drivers\vmx86.sys
2013-09-06 02:09 . 2013-08-27 17:41    32848    ----a-w-    c:\windows\system32\drivers\VMkbd.sys
2013-09-06 02:09 . 2013-08-27 17:42    358480    ----a-w-    c:\windows\SysWow64\vmnetdhcp.exe
2013-09-06 02:09 . 2013-08-27 17:42    437328    ----a-w-    c:\windows\SysWow64\vmnat.exe
2013-09-06 02:09 . 2013-08-27 17:42    30800    ----a-w-    c:\windows\system32\drivers\vmnetuserif.sys
2013-09-06 02:09 . 2013-08-27 17:42    930384    ----a-w-    c:\windows\system32\vnetlib64.dll
2013-09-06 02:09 . 2013-08-27 04:33    53816    ----a-w-    c:\windows\system32\drivers\hcmon.sys
2013-09-06 02:08 . 2013-09-06 02:08    --------    d-----w-    c:\program files\Common Files\VMware
2013-09-06 02:07 . 2013-09-06 02:07    --------    d-----w-    c:\program files (x86)\Common Files\VMware
2013-08-27 17:42 . 2013-08-27 17:42    80464    ----a-w-    c:\windows\system32\vmnetbridge.dll
2013-08-27 17:42 . 2013-08-27 17:42    49232    ----a-w-    c:\windows\system32\vnetinst.dll
2013-08-27 17:42 . 2013-08-27 17:42    46160    ----a-w-    c:\windows\system32\drivers\vmnetbridge.sys
2013-08-27 17:42 . 2013-08-27 17:42    24656    ----a-w-    c:\windows\system32\drivers\vmnet.sys
2013-08-27 17:42 . 2013-08-27 17:42    20560    ----a-w-    c:\windows\system32\drivers\vmnetadapter.sys
2013-08-23 13:34 . 2013-08-22 13:35    41472    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\KOAYQA_P.DLL
2013-08-23 13:33 . 2013-08-22 13:35    83968    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\KOAYQJ_P.DLL
2013-08-23 13:26 . 2013-08-22 13:35    17408    ----a-w-    c:\windows\system32\KOAYQA_L.DLL
2013-08-23 13:26 . 2013-08-22 13:35    17408    ----a-w-    c:\windows\system32\KOAYQJ_L.DLL
2013-08-22 23:05 . 2013-08-22 23:05    --------    d-----w-    c:\program files (x86)\MFP Utility
2013-08-15 23:25 . 2013-08-15 23:25    85584    ----a-w-    c:\windows\system32\drivers\vmci.sys
2013-08-14 15:31 . 2013-07-09 05:52    224256    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-14 15:31 . 2013-07-09 05:46    1472512    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-14 15:31 . 2013-07-09 04:52    175104    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-08-14 15:31 . 2013-07-09 04:46    1166848    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-08-14 15:31 . 2013-07-09 05:46    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-14 15:31 . 2013-07-09 05:46    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-14 15:31 . 2013-07-09 04:46    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-08-14 15:31 . 2013-07-09 04:46    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-08-14 15:25 . 2013-07-19 01:58    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-14 15:25 . 2013-07-19 01:41    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-08-14 15:22 . 2013-07-25 09:25    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-14 15:22 . 2013-07-25 08:57    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-08 21:02 . 2012-06-13 00:01    17920    ----a-w-    c:\windows\system32\rpcnetp.exe
2013-09-08 21:01 . 2012-08-29 08:35    69792    ----a-w-    c:\windows\SysWow64\rpcnet.dll
2013-09-08 20:04 . 2012-11-27 00:46    17920    ----a-w-    c:\windows\SysWow64\rpcnetp.dll
2013-09-08 20:04 . 2012-11-27 00:46    17920    ----a-w-    c:\windows\SysWow64\rpcnetp.exe
2013-08-31 19:33 . 2012-12-19 23:32    952    --sha-w-    c:\programdata\KGyGaAvL.sys
2013-08-22 13:35 . 2013-03-04 18:22    90112    ----a-w-    c:\windows\SysWow64\KOBDrvAPIIF.DLL
2013-08-22 13:35 . 2013-03-04 18:22    152064    ----a-w-    c:\windows\KOBDrvAPIW64.EXE
2013-08-22 13:35 . 2013-03-04 18:22    108544    ----a-w-    c:\windows\system32\KOBDrvAPIIF.DLL
2013-08-21 04:07 . 2012-06-14 20:02    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 04:07 . 2012-06-14 20:02    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-09 15:05 . 2013-08-07 17:16    164880    ---ha-w-    c:\users\kgreen\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2013-08-09 04:07 . 2013-08-09 04:07    294248    ----a-w-    c:\windows\system32\drivers\VMM.sys
2013-08-05 21:14 . 2012-06-14 16:30    78161360    ----a-w-    c:\windows\system32\MRT.exe
2013-07-16 17:20 . 2009-10-01 19:08    15360    ----a-w-    c:\windows\system32\KOAZCA_L.DLL
2013-07-16 17:19 . 2009-10-01 19:08    15360    ----a-w-    c:\windows\system32\KOAZCJ_L.DLL
2013-07-09 04:45 . 2013-08-14 15:21    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-03 16:01 . 2011-04-06 16:28    7168    ----a-w-    c:\windows\system32\MTAG320J.DLL
2013-07-03 16:01 . 2010-12-07 22:27    186296    ----a-w-    c:\windows\system32\MUINST0J.EXE
2013-07-03 16:01 . 2011-04-06 16:28    298496    ----a-w-    c:\windows\system32\MSMCML0J.DLL
2013-07-03 16:01 . 2011-04-06 16:28    73728    ----a-w-    c:\windows\system32\MSPOOL0J.DLL
2013-07-03 16:01 . 2011-04-06 16:28    61440    ----a-w-    c:\windows\system32\MLMON_0J.DLL
2013-07-03 16:01 . 2011-04-06 16:28    13312    ----a-w-    c:\windows\system32\MICM__0J.DLL
2013-07-03 16:01 . 2011-04-06 16:28    17408    ----a-w-    c:\windows\system32\MIMF320J.DLL
2013-07-03 16:01 . 2011-04-06 16:28    21504    ----a-w-    c:\windows\system32\MCMM__0J.DLL
2013-07-03 16:01 . 2011-04-06 16:28    34816    ----a-w-    c:\windows\system32\MGDI320J.DLL
2012-11-21 10:00 . 2012-11-21 10:00    4096000    ----a-w-    c:\program files (x86)\GUTC9E.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2012-11-14 03:31    194456    ----a-w-    c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2012-11-14 03:34    194456    ----a-w-    c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-03-15 5935680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-15 215656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2011-10-13 2068856]
"PDF8 Registry Controller"="c:\program files (x86)\Nuance\eCopy PDF Pro Office 6\RegistryController.exe" [2012-11-19 179600]
"PDFProHook"="c:\program files (x86)\Nuance\eCopy PDF Pro Office 6\pdfpro8hook.exe" [2012-11-19 2013072]
"InboxMonitor"="c:\program files (x86)\Nuance\eCopy PDF Pro Office 6\InboxMonitor.exe" [2012-11-19 151552]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2012-11-27 333416]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FTP Utility.lnk - c:\program files (x86)\KONICA MINOLTA\FTP Utility\KMFtp.exe [2004-10-27 102400]
Nuance Cloud Connector.lnk - c:\program files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe [2012-11-13 87960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"LocalAccountTokenFilterPolicy"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
"DisableLockWorkStation"= 1 (0x1)
"NoLogoff"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkStation"= 1 (0x1)
"HideFastUserSwitching"= 1 (0x1)
"NoLogoff"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 ofaApp;ofaApp;c:\program files (x86)\EFI\OFASQ\ofaApp.exe;c:\program files (x86)\EFI\OFASQ\ofaApp.exe [x]
R2 ProcTrigger;LANDesk® Process Trigger Service;c:\program files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe;c:\program files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe [x]
R2 tracksvc;LANDesk® Power Management Track Service;c:\program files (x86)\LANDesk\LDClient\tracksvc.exe;c:\program files (x86)\LANDesk\LDClient\tracksvc.exe [x]
R3 ASMPB;AutoStore Status Monitor Port Broker;c:\program files (x86)\NSI\AutoStore\ASMPB.exe;c:\program files (x86)\NSI\AutoStore\ASMPB.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\DRIVERS\ldblank.sys;c:\windows\SYSNATIVE\DRIVERS\ldblank.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 lenovo-oldbFilter;lenovo-oldbFilter;c:\windows\system32\DRIVERS\lenovo-oldb.sys;c:\windows\SYSNATIVE\DRIVERS\lenovo-oldb.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 ASGSB;AutoStore General Services Broker;c:\program files (x86)\NSi\AutoStore Workflow 6\ASGSB.exe;c:\program files (x86)\NSi\AutoStore Workflow 6\ASGSB.exe [x]
S2 CBA8;LANDesk® Management Agent;c:\program files (x86)\LANDesk\Shared Files\residentagent.exe;c:\program files (x86)\LANDesk\Shared Files\residentagent.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DocRecord_AutomationSvc;DocRecord Automation Server;c:\program files (x86)\Prism Software\DocRecord\Automation\DocRecord_AutomationSvc.exe;c:\program files (x86)\Prism Software\DocRecord\Automation\DocRecord_AutomationSvc.exe [x]
S2 DocRecord_DocumentSvc;DocRecord Document Server;c:\program files (x86)\Prism Software\DocRecord\Server\DocRecord_DocumentSvc.exe;c:\program files (x86)\Prism Software\DocRecord\Server\DocRecord_DocumentSvc.exe [x]
S2 EFI ES1000;EFI ES1000;c:\program files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe;c:\program files (x86)\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [x]
S2 EFI License Manager;EFI License Manager;c:\program files (x86)\EFI\OFASQ\lmgrd.exe;c:\program files (x86)\EFI\OFASQ\lmgrd.exe [x]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files (x86)\LANDesk\LDClient\policy.client.invoker.exe;c:\program files (x86)\LANDesk\LDClient\policy.client.invoker.exe [x]
S2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;c:\program files (x86)\LANDesk\LDClient\tmcsvc.exe;c:\program files (x86)\LANDesk\LDClient\tmcsvc.exe [x]
S2 LANDesk® Out-of-Band Monitor Service;LANDesk® Out-of-Band Monitor Service;c:\program files (x86)\LANDesk\LDClient\amtmon.exe;c:\program files (x86)\LANDesk\LDClient\amtmon.exe [x]
S2 lenovo-oldbbackup;Lenovo Online Backup Service;c:\program files\Lenovo Online Backup\lenovo-oldbbackup.exe;c:\program files\Lenovo Online Backup\lenovo-oldbbackup.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\eCopy PDF Pro Office 6\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\eCopy PDF Pro Office 6\PDFProFiltSrv.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 ScanPathKmbsSvc;ScanPath KMBS Service;c:\program files (x86)\Prism Software\ScanPath\ScanPath KMBS\ScanPathKmbsSvc.exe;c:\program files (x86)\Prism Software\ScanPath\ScanPath KMBS\ScanPathKmbsSvc.exe [x]
S2 ScanPathSvc;ScanPathSvc;c:\program files (x86)\Prism Software\ScanPath\Server\ScanPath Server Service.exe;c:\program files (x86)\Prism Software\ScanPath\Server\ScanPath Server Service.exe [x]
S2 Softmon;LANDesk® Software Monitoring Service;c:\program files (x86)\LANDesk\LDClient\softmon.exe;c:\program files (x86)\LANDesk\LDClient\softmon.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 ldmirror;ldmirror;c:\windows\system32\DRIVERS\ldmirror.sys;c:\windows\SYSNATIVE\DRIVERS\ldmirror.sys [x]
S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\DRIVERS\mirrorflt.sys;c:\windows\SYSNATIVE\DRIVERS\mirrorflt.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 02:45    1177552    ----a-w-    c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 04:07]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 11:37]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-25 11:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2012-11-14 03:32    207768    ----a-w-    c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2012-11-14 03:35    195480    ----a-w-    c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\lenovo-oldb]
@="{081eafa1-458c-b470-4851-762f2697d851}"
[HKEY_CLASSES_ROOT\CLSID\{081eafa1-458c-b470-4851-762f2697d851}]
2011-11-30 17:46    5527952    ----a-w-    c:\program files\Lenovo Online Backup\lenovo-oldbshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\lenovo-oldb2]
@="{5ad9376f-d1c7-f065-5cb1-1695292951a3}"
[HKEY_CLASSES_ROOT\CLSID\{5ad9376f-d1c7-f065-5cb1-1695292951a3}]
2011-11-30 17:46    5527952    ----a-w-    c:\program files\Lenovo Online Backup\lenovo-oldbshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\lenovo-oldb3]
@="{43a77610-44a7-dc64-16a5-af65f7dced42}"
[HKEY_CLASSES_ROOT\CLSID\{43a77610-44a7-dc64-16a5-af65f7dced42}]
2011-11-30 17:46    5527952    ----a-w-    c:\program files\Lenovo Online Backup\lenovo-oldbshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-15 316032]
"TpShocks"="TpShocks.exe" [2012-02-25 382528]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-06-11 167744]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-06-11 392512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-06-11 417088]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 8 - c:\program files (x86)\Nuance\eCopy PDF Pro Office 6\cnvres_eng.dll /100
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: mykonicaminolta.com\pwreset
Trusted Zone: pwreset
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\kgreen\AppData\Roaming\Mozilla\Firefox\Profiles\6xj314mz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mykonicaminolta.com/wps/portal/mkm/hidden/login/!ut/p/b1/04_SjzQ1NDIwMTC1MNSP0I_KSyzLTE8syczPS8wB8aPM4j1cAgwsnQwdDfwNXS0NPM3DvA3cjT2NDAINgAoikRUYeLgbGHh6eAU5GQX4GVuYmhGn3wAHcDQgpD9cPwpVCRYXgBXgscLPIz83VT83KsfN0lPXEQBb47M1/dl4/d5/L2dBISEvZ0FBIS9nQSEh/|https://mail.google.com/mail/u/0/?shva=1#inbox|http://fyi.toshiba.com/|http://sertech.us/|https://eetime31.adp.com/jp5e/logon/logonWFC.html
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-08  17:13:30
ComboFix-quarantined-files.txt  2013-09-08 22:13
.
Pre-Run: 81,640,148,992 bytes free
Post-Run: 81,986,269,184 bytes free
.
- - End Of File - - 28B069361792C801345F566233CAE1FA
 

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

OK, I attemped to run the Eset Online Scanner. This process is lengthy, given the amount of data on my laptop. The first time I ran the scanner, I had to do so while driving back from one city to another. My laptop battery died before I could get home and Windows went into suspend mode. The scanner picked up where it left off but was running super slow. It had already been 8 hrs of scanning and was 93% done. I was afraid that when Windows suspended, it caused the scanning program to stop operating properly, so.... I restarted the scan before I went to bed. This morning, after 7 hours of scanning, the program was only 50% finished and there was no HDD activity. Very frustrating. I will have to try the scan possibly this weekend when I have that kind of time to devote. Thank you for helping me and I will post the log as soon as I can get it to finish. BTW, on both partial scans, Eset found one threat. It was bundled with Nero Burning ROM v6 app that I haven't used in a long time.

Link to post
Share on other sites

Hi, here is an update to my problem:

 

I booted up my laptop yesterday and Windows informed me that my antivirus was disabled and needed to be started maually. I attempted to start it and was told that I did not have the correct password or authority to start it. Apparently the Trojan has taken over control. No more fooling around. I wiped my HDD clean and reloaded an image I created when I first got the laptop. Everything is back to normal and all virus scans come back clean now. I appreciate your time and effort. I wanted to save myself the hours of rebuilding the OS, but I felt it was in my best interest to start fresh. Thanks. Malwarebytes is my preferred choice.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.