Google redirect Virus

MrPokemon · Dec 26, 2012

like the title says i'm having a bit of a problem with Google redirecting me to other random pages and not the one im suppose to go to, haven't tested with other search engines but i'm guessing they're infected somehow, and Little more info,when i start up Google chrome,Malwarebytes anti-Malware notifies me with this [ (2012/12/25 22:42:13 -0800 CHRIS-LAPTOP Chris IP-BLOCK 93.170.104.62 (Type: outgoing, Port: 58781, Process: chrome.exe) ]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:55:08 AM, on 12/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files\lenovo\lenovo solution center\lsc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Chris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121014233553.dll
O2 - BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O3 - Toolbar: TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
O4 - HKLM\..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - AuthenTec, Inc - C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Small Business Advantage - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17742 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Chris at 1:56:08 on 2012-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5738.3880 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\lenovo\lenovo solution center\lsc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\HitmanPro\hmpsched.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121014233553.dll
BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: TrueSuite Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [AdobeBridge] <no file>
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{BBF75B1F-4EB1-4251-A3B7-2F7E17017AF1} : DHCPNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{BBF75B1F-4EB1-4251-A3B7-2F7E17017AF1}\035324430383836363737373 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{BBF75B1F-4EB1-4251-A3B7-2F7E17017AF1}\45753475966496 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{BBF75B1F-4EB1-4251-A3B7-2F7E17017AF1}\E4544574541425 : DHCPNameServer = 10.0.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121014233553.dll
x64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: TrueSuite Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-6-27 70416]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-27 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771096]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 339776]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-28 25416]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-1-30 33344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-6-27 198784]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-9 8447848]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-6-27 169776]
R2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-22 313672]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-12-26 108904]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-6-27 128280]
R2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-6-27 49376]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-27 163608]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-6-27 58192]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-3-26 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-6-27 61264]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-6-27 175440]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-3-26 133992]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-25 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-25 676936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-7 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-7 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-7 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-7 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-10-14 241016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-10-14 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-10-14 177680]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-10-10 1021888]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-3-26 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-3-26 144960]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-27 363800]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-10 84080]
R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-6-27 216064]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-6-27 163368]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-6-27 594472]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-27 39976]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-10-14 69672]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-27 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-27 355096]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-27 786200]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-25 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-10-14 309400]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-10-14 515528]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-27 259688]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-27 565352]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-6 40248]
R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-6-27 27432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-2-2 145472]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2012-12-25 22704]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-12-8 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-10-14 106112]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-6-27 1662528]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-6-27 1665088]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-16 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-12-26 08:53:04 -------- d-----w- C:\Program Files\HitmanPro
2012-12-26 08:52:51 -------- d-----w- C:\ProgramData\HitmanPro
2012-12-26 05:39:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2012-12-26 05:39:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-26 05:39:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-26 05:39:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-26 04:37:15 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2012-12-26 04:37:13 110080 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
2012-12-26 04:37:13 110080 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
2012-12-26 04:37:13 110080 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
2012-12-26 04:37:13 -------- d-----w- C:\sh4ldr
2012-12-26 04:37:13 -------- d-----w- C:\Program Files\Enigma Software Group
2012-12-26 04:36:45 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-24 11:53:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-21 19:22:18 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 19:22:18 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 19:22:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 19:22:17 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-20 08:30:33 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2012-12-20 08:24:12 -------- d-----w- C:\Nexon
2012-12-15 10:46:49 -------- d-sh--w- C:\found.001
2012-12-14 23:47:25 -------- d-----w- C:\Users\Chris\AppData\Local\Chromium
2012-12-14 20:01:17 -------- d-----w- C:\Users\Chris\AppData\Local\{4D0A8C3A-1875-4382-8CD2-25E12EBF0C58}
2012-12-14 11:21:41 -------- d-----w- C:\Users\Chris\AppData\Local\PMB Files
2012-12-14 11:21:40 -------- d-----w- C:\ProgramData\PMB Files
2012-12-14 11:21:36 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-12-14 11:21:30 -------- d-----w- C:\Users\Chris\AppData\Local\Pando_Temp
2012-12-14 11:20:15 -------- d-----w- C:\Users\Chris\AppData\Local\assembly
2012-12-14 11:20:00 -------- d-----w- C:\Program Files (x86)\NCSoft
2012-12-13 06:04:55 -------- d-----w- C:\Users\Chris\AppData\Local\{4CD06E22-08C7-4057-A978-AE79EABC8092}
2012-12-13 05:26:34 -------- d-----w- C:\Program Files (x86)\Aimersoft
2012-12-13 05:22:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\PDAppFlex
2012-12-12 08:25:04 -------- d-----w- C:\Users\Chris\AppData\Local\4A Games
2012-12-12 08:18:06 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-12-12 08:05:25 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-12-12 06:13:58 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 06:13:58 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-11 23:03:59 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2012-12-09 21:12:24 -------- d-sh--w- C:\found.000
2012-12-09 03:14:07 -------- d-----w- C:\Program Files (x86)\Password Recovery Tools 2012 Trial
2012-12-08 18:27:08 -------- d-----w- C:\ProgramData\Nexon
2012-12-08 18:13:36 -------- d-----w- C:\ProgramData\NexonUS
2012-12-08 08:54:31 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2012-12-07 19:29:43 -------- d-----w- C:\Users\Chris\AppData\Local\Facebook
2012-12-06 19:22:59 5081608 ----a-w- C:\Windows\System32\d3dx9_36.dll
2012-12-06 19:15:40 -------- d-----w- C:\Users\Chris\AppData\Local\Activision
2012-12-06 19:05:37 -------- d-----w- C:\Program Files (x86)\Modern
2012-12-05 21:51:08 -------- d-----w- C:\Games
2012-12-05 21:50:02 -------- d-----w- C:\Users\Chris\AppData\Local\Black_Tree_Gaming
2012-12-05 21:49:49 -------- d-----w- C:\Program Files\Nexus Mod Manager
2012-12-01 03:35:57 -------- d-----r- C:\Program Files (x86)\Skype
.
==================== Find3M ====================
.
2012-12-13 06:41:54 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 14:40:24 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-11-09 14:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-11-09 14:37:30 177680 ----a-w- C:\Windows\System32\mfevtps.exe
2012-11-09 14:36:40 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-11-09 14:36:30 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-11-09 14:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-11-09 14:34:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-11-09 14:34:18 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-11-09 14:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-03 22:25:26 431104 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-11-03 22:25:26 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-11-03 22:25:26 136192 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-11-03 22:25:26 114688 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 08:18:18 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-15 08:18:14 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-10-15 08:18:14 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
.
============= FINISH: 1:56:46.25 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2012 9:09:11 PM
System Uptime: 12/26/2012 12:45:52 AM (1 hours ago)
.
Motherboard: LENOVO | | 3259AC5
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 286.685 GiB free.
D: is CDROM ()
Q: is FIXED (NTFS) - 18 GiB total, 4.515 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP41: 12/25/2012 8:36:50 PM - Installed SpyHunter
.
==== Installed Programs ======================
.
µTorrent
Absolute Reminder
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS6
Adobe Reader X MUI
Aimersoft DVD Creator(Build 2.6.5)
Aion
Anime Studio Pro 9.1
Anime Studio Pro 9.1 (x86)
Asteroids
AuthenTec TrueSuite
Bandisoft MPEG-1 Decoder
Broadcom 802.11 Network Adapter
Burn.Now 4.5
Call of Duty - World at War
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
Create Recovery Media
D3DX10
Direct DiscRecorder
DisplayLink Core Software
DVD-Cloner V9.70 Build 1116
Evernote v. 4.2.3
Facebook Video Calling 1.2.0.287
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HitmanPro 3.7
ImgBurn
Integrated Camera Driver Installer Package Ver.1.2.1.16
Intel(R) Control Center
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) OpenCL CPU Runtime
Intel(R) Processor Graphics
Intel(R) Update Manager
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 7 (64-bit)
Junk Mail filter update
Lenovo Auto Scroll Utility
Lenovo Graphics Software
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo Registration
Lenovo SimpleTap
Lenovo Solution Center
Lenovo Solutions for Small Business
Lenovo Solutions for Small Business Customizations
Lenovo User Guide
Lenovo Warranty Information
Lenovo Welcome
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee AntiVirus Plus
Mesh Runtime
Message Center Plus
Metro 2033
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCsoft Launcher
Nexon Game Manager
Nexus Mod Manager
NVIDIA PhysX
On Screen Display
OpenAL
Pando Media Booster
Password Recovery Tools 2012 Trial
PCSX2 - Playstation 2 Emulator
PDF Settings CS6
Plants vs. Zombies
Power Manager
RapidBoot
RapidBoot HDD Accelerator
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Shared C Run-time for x64
Skype 6.0
SpyHunter
Steam
SugarSync Manager
System Update
Team Fortress 2
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkVantage Active Protection System
ThinkVantage Communications Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Vindictus
VIP Access
WIDCOMM Bluetooth Software
Windows Driver Package - Intel (iaStor) hdc (11/29/2011 11.0.0.1032)
Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
Windows Driver Package - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/25/2012 7:08:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.CAMMUTE service.
12/25/2012 11:45:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
12/25/2012 11:44:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:44:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
12/25/2012 11:07:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
12/25/2012 11:04:58 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:03:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/25/2012 11:03:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/25/2012 11:03:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/25/2012 11:03:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/25/2012 11:03:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/25/2012 11:03:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/25/2012 11:02:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vwififlt Wanarpv6 WfpLwf
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
12/25/2012 10:24:06 AM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).
12/25/2012 10:23:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Intel(R) Small Business Advantage service.
12/24/2012 5:19:27 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/24/2012 5:19:27 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
12/24/2012 5:19:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/24/2012 4:33:02 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.66 with the system having network hardware address 00-26-BB-94-E0-AD. Network operations on this system may be disrupted as a result.
12/23/2012 9:30:29 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
12/22/2012 12:39:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
12/22/2012 12:39:42 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/21/2012 7:49:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TPHKSVC service.
12/21/2012 11:43:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
12/21/2012 11:43:52 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

MrPokemon · Dec 28, 2012

MrPokemon · Dec 31, 2012

MrPokemon · Jan 3, 2013

CatByte · Jan 5, 2013

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button.
FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
now press the search button
when the search is complete, search.txt will also be written to your USB
type exit and reboot the computer normally
please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrPokemon · Jan 6, 2013

it didn't allow me to run either one.
i have a 64-bit laptop ant it kept telling me that it wasn't supported and when i tried the 32-bit it just said something about the sub-image missing

CatByte · Jan 6, 2013

ok we'll try a different tool

Please run the following

Refer to the ComboFix User's Guide

Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

MrPokemon · Jan 7, 2013

HERE YOU GO

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5738.3614 [GMT -8:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Local\assembly\tmp
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-07 02:19 . 2013-01-07 02:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-06 08:21 . 2013-01-06 08:21 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
2013-01-01 22:31 . 2013-01-01 22:31 -------- d-----w- c:\users\Chris\AppData\Local\Daring_Development_Inc
2013-01-01 22:30 . 2013-01-01 22:30 -------- d-----w- c:\program files (x86)\Daring Development
2013-01-01 21:14 . 2013-01-01 21:14 -------- d-----w- c:\users\Chris\AppData\Local\Programs
2012-12-28 19:31 . 2012-12-28 19:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-28 19:31 . 2012-12-28 19:31 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-28 19:30 . 2012-12-28 19:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-28 19:30 . 2012-12-28 19:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-26 08:53 . 2012-12-26 08:53 -------- d-----w- c:\program files\HitmanPro
2012-12-26 08:52 . 2012-12-26 09:22 -------- d-----w- c:\programdata\HitmanPro
2012-12-26 05:39 . 2012-12-26 05:39 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2012-12-26 05:39 . 2012-12-26 05:39 -------- d-----w- c:\programdata\Malwarebytes
2012-12-26 05:39 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-26 05:39 . 2013-01-01 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-26 04:37 . 2012-12-26 04:37 -------- d-----w- c:\program files\Enigma Software Group
2012-12-26 04:36 . 2012-12-26 10:29 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-24 11:53 . 2012-12-24 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-21 19:22 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 19:22 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 19:22 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 19:22 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 08:30 . 2012-12-20 08:30 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-12-20 08:24 . 2012-12-20 08:24 -------- d-----w- C:\Nexon
2012-12-15 10:46 . 2012-12-15 10:46 -------- d-----w- C:\found.001
2012-12-14 23:47 . 2012-12-14 23:47 -------- d-----w- c:\users\Chris\AppData\Local\Chromium
2012-12-14 11:21 . 2013-01-06 09:17 -------- d-----w- c:\users\Chris\AppData\Local\PMB Files
2012-12-14 11:21 . 2012-12-14 23:22 -------- d-----w- c:\programdata\PMB Files
2012-12-14 11:21 . 2012-12-14 11:21 -------- d-----w- c:\program files (x86)\Pando Networks
2012-12-14 11:21 . 2012-12-14 11:21 -------- d-----w- c:\users\Chris\AppData\Local\Pando_Temp
2012-12-14 11:20 . 2013-01-07 02:08 -------- d-----w- c:\users\Chris\AppData\Local\assembly
2012-12-14 11:20 . 2012-12-14 11:22 -------- d-----w- c:\program files (x86)\NCSoft
2012-12-14 11:19 . 2012-12-14 11:19 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield
2012-12-13 05:26 . 2012-12-13 05:26 -------- d-----w- c:\program files (x86)\Aimersoft
2012-12-13 05:22 . 2012-12-13 05:22 -------- d-----w- c:\users\Chris\AppData\Roaming\PDAppFlex
2012-12-12 08:25 . 2012-12-12 08:25 -------- d-----w- c:\users\Chris\AppData\Local\4A Games
2012-12-12 08:18 . 2012-12-12 08:18 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-12-12 08:05 . 2012-12-26 04:36 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-12 06:13 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 06:13 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-11 23:03 . 2009-09-05 01:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-12-09 21:12 . 2012-12-09 21:12 -------- d-----w- C:\found.000
2012-12-09 05:20 . 2012-12-09 05:28 -------- d-----w- c:\users\Chris\AppData\Roaming\ImgBurn
2012-12-09 05:15 . 2012-12-09 05:15 -------- d-----w- c:\program files (x86)\ImgBurn
2012-12-09 03:14 . 2012-12-09 03:14 -------- d-----w- c:\program files (x86)\Password Recovery Tools 2012 Trial
2012-12-08 18:27 . 2012-12-08 18:27 -------- d-----w- c:\programdata\Nexon
2012-12-08 08:54 . 2012-04-21 00:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 06:41 . 2012-11-04 20:33 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-11-09 14:40 . 2012-10-15 06:35 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 14:37 . 2012-07-17 21:52 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 14:37 . 2012-10-15 05:57 177680 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 14:36 . 2012-10-15 06:35 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 14:36 . 2012-10-15 06:35 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 14:35 . 2012-07-17 21:50 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 14:34 . 2012-10-15 06:35 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 14:34 . 2012-10-15 06:35 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 14:33 . 2012-07-17 21:48 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-03 22:25 . 2012-11-02 11:39 431104 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-03 22:25 . 2012-11-02 11:39 409600 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-11-03 22:25 . 2012-11-02 11:39 136192 ----a-w- c:\windows\system32\OpenAL32.dll
2012-11-03 22:25 . 2012-11-02 11:39 114688 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-16 08:38 . 2012-11-27 23:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 08:18 . 2012-10-15 08:18 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-15 08:18 . 2012-10-15 08:18 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-15 08:18 . 2012-10-15 08:18 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-15 08:18 . 2012-10-15 08:18 188904 ----a-w- c:\windows\system32\java.exe
2012-10-15 08:18 . 2012-10-15 08:18 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-15 08:18 . 2012-10-15 08:18 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-15 04:10 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-09 18:17 . 2012-11-25 03:06 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-25 03:06 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-25 03:06 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-25 03:06 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-27 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Facebook Update"="c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-07 138096]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-12-14 38744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 145472]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-21 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-11 1665088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys [2012-01-17 70416]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-29 25416]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-31 33344]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-23 313672]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 128280]
S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 49376]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-11 58192]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-11 61264]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-11 175440]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-02-16 216064]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-04-01 163368]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-04-01 594472]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-11 1662528]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys [2011-12-08 27432]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001Core.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 19:29]
.
2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001UA.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 19:29]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 10:41]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 10:41]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 04:15]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 04:15]
.
2013-01-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-01-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
"TpShocks"="TpShocks.exe" [2012-02-25 382528]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-11 283984]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SafeBoot-61302845.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DVD-Cloner 9_is1 - c:\users\Chris\Desktop\Test\DVD-Cloner\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.

CatByte · Jan 7, 2013

was that all there was to the log as it appears to have been cut off?

The log should be located at C:\ComboFix.txt

Please run the following:

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
- If Malicious objects are found then ensure Cure is selected
- If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

MrPokemon · Jan 7, 2013

i guess it was cut off because when the program finished scanning the log file it popped up and showed me the log file so i pasted it thinking it was complete.Sorry about that,let me post it again

ComboFix 13-01-06.01 - Chris 01/06/2013 17:59:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5738.3614 [GMT -8:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Local\assembly\tmp
Q:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-07 02:19 . 2013-01-07 02:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-06 08:21 . 2013-01-06 08:21 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
2013-01-01 22:31 . 2013-01-01 22:31 -------- d-----w- c:\users\Chris\AppData\Local\Daring_Development_Inc
2013-01-01 22:30 . 2013-01-01 22:30 -------- d-----w- c:\program files (x86)\Daring Development
2013-01-01 21:14 . 2013-01-01 21:14 -------- d-----w- c:\users\Chris\AppData\Local\Programs
2012-12-28 19:31 . 2012-12-28 19:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-12-28 19:31 . 2012-12-28 19:31 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-28 19:30 . 2012-12-28 19:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-28 19:30 . 2012-12-28 19:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-26 08:53 . 2012-12-26 08:53 -------- d-----w- c:\program files\HitmanPro
2012-12-26 08:52 . 2012-12-26 09:22 -------- d-----w- c:\programdata\HitmanPro
2012-12-26 05:39 . 2012-12-26 05:39 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2012-12-26 05:39 . 2012-12-26 05:39 -------- d-----w- c:\programdata\Malwarebytes
2012-12-26 05:39 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-26 05:39 . 2013-01-01 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-26 04:37 . 2012-12-26 04:37 -------- d-----w- c:\program files\Enigma Software Group
2012-12-26 04:36 . 2012-12-26 10:29 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-24 11:53 . 2012-12-24 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-21 19:22 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 19:22 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 19:22 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 19:22 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 08:30 . 2012-12-20 08:30 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-12-20 08:24 . 2012-12-20 08:24 -------- d-----w- C:\Nexon
2012-12-15 10:46 . 2012-12-15 10:46 -------- d-----w- C:\found.001
2012-12-14 23:47 . 2012-12-14 23:47 -------- d-----w- c:\users\Chris\AppData\Local\Chromium
2012-12-14 11:21 . 2013-01-06 09:17 -------- d-----w- c:\users\Chris\AppData\Local\PMB Files
2012-12-14 11:21 . 2012-12-14 23:22 -------- d-----w- c:\programdata\PMB Files
2012-12-14 11:21 . 2012-12-14 11:21 -------- d-----w- c:\program files (x86)\Pando Networks
2012-12-14 11:21 . 2012-12-14 11:21 -------- d-----w- c:\users\Chris\AppData\Local\Pando_Temp
2012-12-14 11:20 . 2013-01-07 02:08 -------- d-----w- c:\users\Chris\AppData\Local\assembly
2012-12-14 11:20 . 2012-12-14 11:22 -------- d-----w- c:\program files (x86)\NCSoft
2012-12-14 11:19 . 2012-12-14 11:19 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield
2012-12-13 05:26 . 2012-12-13 05:26 -------- d-----w- c:\program files (x86)\Aimersoft
2012-12-13 05:22 . 2012-12-13 05:22 -------- d-----w- c:\users\Chris\AppData\Roaming\PDAppFlex
2012-12-12 08:25 . 2012-12-12 08:25 -------- d-----w- c:\users\Chris\AppData\Local\4A Games
2012-12-12 08:18 . 2012-12-12 08:18 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-12-12 08:05 . 2012-12-26 04:36 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-12 06:13 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 06:13 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-11 23:03 . 2009-09-05 01:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-12-09 21:12 . 2012-12-09 21:12 -------- d-----w- C:\found.000
2012-12-09 05:20 . 2012-12-09 05:28 -------- d-----w- c:\users\Chris\AppData\Roaming\ImgBurn
2012-12-09 05:15 . 2012-12-09 05:15 -------- d-----w- c:\program files (x86)\ImgBurn
2012-12-09 03:14 . 2012-12-09 03:14 -------- d-----w- c:\program files (x86)\Password Recovery Tools 2012 Trial
2012-12-08 18:27 . 2012-12-08 18:27 -------- d-----w- c:\programdata\Nexon
2012-12-08 08:54 . 2012-04-21 00:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 06:41 . 2012-11-04 20:33 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-11-09 14:40 . 2012-10-15 06:35 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 14:37 . 2012-07-17 21:52 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 14:37 . 2012-10-15 05:57 177680 ----a-w- c:\windows\system32\mfevtps.exe
2012-11-09 14:36 . 2012-10-15 06:35 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 14:36 . 2012-10-15 06:35 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 14:35 . 2012-07-17 21:50 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 14:34 . 2012-10-15 06:35 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 14:34 . 2012-10-15 06:35 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 14:33 . 2012-07-17 21:48 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-11-03 22:25 . 2012-11-02 11:39 431104 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-03 22:25 . 2012-11-02 11:39 409600 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-11-03 22:25 . 2012-11-02 11:39 136192 ----a-w- c:\windows\system32\OpenAL32.dll
2012-11-03 22:25 . 2012-11-02 11:39 114688 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-16 08:38 . 2012-11-27 23:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 08:18 . 2012-10-15 08:18 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-15 08:18 . 2012-10-15 08:18 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-15 08:18 . 2012-10-15 08:18 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-15 08:18 . 2012-10-15 08:18 188904 ----a-w- c:\windows\system32\java.exe
2012-10-15 08:18 . 2012-10-15 08:18 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-15 08:18 . 2012-10-15 08:18 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-15 04:10 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-09 18:17 . 2012-11-25 03:06 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-25 03:06 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-25 03:06 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-25 03:06 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-27 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Facebook Update"="c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-07 138096]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-12-14 38744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 145472]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-21 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-11 1665088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys [2012-01-17 70416]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-29 25416]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-31 33344]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776]
S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-23 313672]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 128280]
S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 49376]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-11 58192]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-11 61264]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-11 175440]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080]
S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-02-16 216064]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-04-01 163368]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-04-01 594472]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-11 1662528]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys [2011-12-08 27432]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001Core.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 19:29]
.
2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001UA.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 19:29]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 10:41]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 10:41]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 04:15]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 04:15]
.
2013-01-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-01-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
"TpShocks"="TpShocks.exe" [2012-02-25 382528]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-11 283984]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SafeBoot-61302845.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DVD-Cloner 9_is1 - c:\users\Chris\Desktop\Test\DVD-Cloner\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-06 19:26:49
ComboFix-quarantined-files.txt 2013-01-07 03:26
.
Pre-Run: 303,323,533,312 bytes free
Post-Run: 304,729,780,224 bytes free
.
- - End Of File - - 32ED65EF8FEDC8EEE85937D36EBD1378

CatByte · Jan 7, 2013

thank-you for the log

please continue with the TDSSKiller instructions

MrPokemon · Jan 7, 2013

Here you go

17:33:40.0799 9092 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:33:41.0545 9092 ============================================================
17:33:41.0545 9092 Current date / time: 2013/01/07 17:33:41.0545
17:33:41.0545 9092 SystemInfo:
17:33:41.0545 9092
17:33:41.0545 9092 OS Version: 6.1.7601 ServicePack: 1.0
17:33:41.0545 9092 Product type: Workstation
17:33:41.0545 9092 ComputerName: CHRIS-LAPTOP
17:33:41.0545 9092 UserName: Chris
17:33:41.0545 9092 Windows directory: C:\Windows
17:33:41.0545 9092 System windows directory: C:\Windows
17:33:41.0545 9092 Running under WOW64
17:33:41.0545 9092 Processor architecture: Intel x64
17:33:41.0545 9092 Number of processors: 4
17:33:41.0545 9092 Page size: 0x1000
17:33:41.0545 9092 Boot type: Normal boot
17:33:41.0545 9092 ============================================================
17:33:42.0039 9092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:33:42.0043 9092 ============================================================
17:33:42.0043 9092 \Device\Harddisk0\DR0:
17:33:42.0044 9092 MBR partitions:
17:33:42.0044 9092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
17:33:42.0044 9092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x37D6F000
17:33:42.0044 9092 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3805D800, BlocksNum 0x2328000
17:33:42.0044 9092 ============================================================
17:33:42.0070 9092 C: <-> \Device\Harddisk0\DR0\Partition2
17:33:42.0122 9092 Q: <-> \Device\Harddisk0\DR0\Partition3
17:33:42.0122 9092 ============================================================
17:33:42.0123 9092 Initialize success
17:33:42.0123 9092 ============================================================
17:33:43.0703 9724 ============================================================
17:33:43.0703 9724 Scan started
17:33:43.0703 9724 Mode: Manual;
17:33:43.0703 9724 ============================================================
17:33:44.0425 9724 ================ Scan system memory ========================
17:33:44.0425 9724 System memory - ok
17:33:44.0426 9724 ================ Scan services =============================
17:33:44.0665 9724 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:33:44.0702 9724 1394ohci - ok
17:33:44.0744 9724 [ 1F305C858E7B5E537C9B783D46243A7A ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
17:33:44.0778 9724 5U877 - ok
17:33:44.0828 9724 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:33:44.0830 9724 ACPI - ok
17:33:44.0851 9724 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:33:44.0884 9724 AcpiPmi - ok
17:33:44.0929 9724 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:33:44.0940 9724 adp94xx - ok
17:33:44.0995 9724 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:33:45.0004 9724 adpahci - ok
17:33:45.0059 9724 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:33:45.0065 9724 adpu320 - ok
17:33:45.0090 9724 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:33:45.0092 9724 AeLookupSvc - ok
17:33:45.0139 9724 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:33:45.0142 9724 AFD - ok
17:33:45.0175 9724 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:33:45.0179 9724 agp440 - ok
17:33:45.0214 9724 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:33:45.0219 9724 ALG - ok
17:33:45.0260 9724 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:33:45.0263 9724 aliide - ok
17:33:45.0280 9724 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:33:45.0282 9724 amdide - ok
17:33:45.0319 9724 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:33:45.0323 9724 AmdK8 - ok
17:33:45.0331 9724 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
17:33:45.0335 9724 AmdPPM - ok
17:33:45.0356 9724 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:33:45.0394 9724 amdsata - ok
17:33:45.0419 9724 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
17:33:45.0426 9724 amdsbs - ok
17:33:45.0443 9724 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:33:45.0479 9724 amdxata - ok
17:33:45.0523 9724 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:33:45.0558 9724 AppID - ok
17:33:45.0588 9724 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:33:45.0591 9724 AppIDSvc - ok
17:33:45.0602 9724 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:33:45.0603 9724 Appinfo - ok
17:33:45.0665 9724 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
17:33:45.0669 9724 arc - ok
17:33:45.0672 9724 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:33:45.0678 9724 arcsas - ok
17:33:45.0778 9724 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:33:45.0814 9724 aspnet_state - ok
17:33:45.0868 9724 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:33:45.0872 9724 AsyncMac - ok
17:33:45.0901 9724 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:33:45.0906 9724 atapi - ok
17:33:45.0943 9724 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:33:45.0991 9724 AudioEndpointBuilder - ok
17:33:46.0001 9724 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:33:46.0005 9724 AudioSrv - ok
17:33:46.0042 9724 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:33:46.0069 9724 AxInstSV - ok
17:33:46.0121 9724 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
17:33:46.0130 9724 b06bdrv - ok
17:33:46.0222 9724 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:33:46.0230 9724 b57nd60a - ok
17:33:46.0278 9724 [ F01759FA97126CC69DFA85CEDA0717A1 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
17:33:46.0314 9724 bcbtums - ok
17:33:46.0424 9724 [ D41E6CCB9752F551049D2E0C437DD03D ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:33:46.0445 9724 BCM43XX - ok
17:33:46.0488 9724 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:33:46.0492 9724 BDESVC - ok
17:33:46.0499 9724 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:33:46.0502 9724 Beep - ok
17:33:46.0540 9724 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:33:46.0574 9724 BFE - ok
17:33:46.0650 9724 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:33:46.0655 9724 BITS - ok
17:33:46.0687 9724 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:33:46.0690 9724 blbdrive - ok
17:33:46.0721 9724 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:33:46.0755 9724 bowser - ok
17:33:46.0780 9724 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
17:33:46.0785 9724 BrFiltLo - ok
17:33:46.0789 9724 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
17:33:46.0792 9724 BrFiltUp - ok
17:33:46.0821 9724 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:33:46.0825 9724 BridgeMP - ok
17:33:46.0852 9724 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:33:46.0879 9724 Browser - ok
17:33:46.0885 9724 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:33:46.0894 9724 Brserid - ok
17:33:46.0897 9724 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:33:46.0901 9724 BrSerWdm - ok
17:33:46.0904 9724 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:33:46.0907 9724 BrUsbMdm - ok
17:33:46.0910 9724 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:33:46.0912 9724 BrUsbSer - ok
17:33:46.0945 9724 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:33:46.0948 9724 BthEnum - ok
17:33:46.0960 9724 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:33:46.0963 9724 BTHMODEM - ok
17:33:46.0984 9724 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:33:46.0985 9724 BthPan - ok
17:33:47.0008 9724 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:33:47.0036 9724 BTHPORT - ok
17:33:47.0065 9724 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:33:47.0068 9724 bthserv - ok
17:33:47.0086 9724 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:33:47.0119 9724 BTHUSB - ok
17:33:47.0175 9724 [ 3AFF6DC496B8A8D12C867E3FC7C86FAC ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
17:33:47.0214 9724 btwampfl - ok
17:33:47.0265 9724 [ 336BBA0909B3636AB7D06A71D7B1C0DC ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:33:47.0300 9724 btwaudio - ok
17:33:47.0326 9724 [ 9FF58F76024D25784755B01F926B00BE ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
17:33:47.0362 9724 btwavdt - ok
17:33:47.0448 9724 [ 26A80D7ACA49E03A403806418B5FED46 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:33:47.0491 9724 btwdins - ok
17:33:47.0507 9724 [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:33:47.0542 9724 btwl2cap - ok
17:33:47.0550 9724 [ EDD953D635F3AA89EF902E3F82D60D22 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:33:47.0585 9724 btwrchid - ok
17:33:47.0621 9724 catchme - ok
17:33:47.0646 9724 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:33:47.0650 9724 cdfs - ok
17:33:47.0683 9724 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:33:47.0717 9724 cdrom - ok
17:33:47.0750 9724 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:33:47.0776 9724 CertPropSvc - ok
17:33:47.0808 9724 [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids C:\Windows\system32\drivers\cfwids.sys
17:33:47.0843 9724 cfwids - ok
17:33:47.0869 9724 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
17:33:47.0872 9724 circlass - ok
17:33:47.0907 9724 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:33:47.0909 9724 CLFS - ok
17:33:47.0966 9724 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:33:47.0970 9724 clr_optimization_v2.0.50727_32 - ok
17:33:48.0007 9724 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:33:48.0012 9724 clr_optimization_v2.0.50727_64 - ok
17:33:48.0088 9724 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:48.0127 9724 clr_optimization_v4.0.30319_32 - ok
17:33:48.0166 9724 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:33:48.0206 9724 clr_optimization_v4.0.30319_64 - ok
17:33:48.0244 9724 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:33:48.0247 9724 CmBatt - ok
17:33:48.0273 9724 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:33:48.0276 9724 cmdide - ok
17:33:48.0321 9724 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:33:48.0350 9724 CNG - ok
17:33:48.0412 9724 [ 9F6DE1995A188615CEEE908E750A34ED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
17:33:48.0445 9724 CnxtHdAudService - ok
17:33:48.0490 9724 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:33:48.0493 9724 Compbatt - ok
17:33:48.0522 9724 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:33:48.0560 9724 CompositeBus - ok
17:33:48.0567 9724 COMSysApp - ok
17:33:48.0668 9724 [ E1C17DC650A7FA69DE63C4D4A8E888EA ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
17:33:48.0714 9724 cphs - ok
17:33:48.0731 9724 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:33:48.0733 9724 crcdisk - ok
17:33:48.0764 9724 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:33:48.0800 9724 CryptSvc - ok
17:33:48.0935 9724 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:33:48.0939 9724 cvhsvc - ok
17:33:48.0983 9724 [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
17:33:49.0018 9724 CxAudMsg - ok
17:33:49.0084 9724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:33:49.0087 9724 DcomLaunch - ok
17:33:49.0112 9724 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:33:49.0121 9724 defragsvc - ok
17:33:49.0150 9724 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:33:49.0183 9724 DfsC - ok
17:33:49.0226 9724 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:33:49.0255 9724 Dhcp - ok
17:33:49.0265 9724 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:33:49.0266 9724 discache - ok
17:33:49.0295 9724 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
17:33:49.0299 9724 Disk - ok
17:33:49.0467 9724 [ 4453DA8650DA827BC33B8D41A8F97894 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
17:33:49.0634 9724 DisplayLinkService - ok
17:33:49.0683 9724 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:33:49.0710 9724 Dnscache - ok
17:33:49.0718 9724 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:33:49.0747 9724 dot3svc - ok
17:33:49.0753 9724 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:33:49.0754 9724 DPS - ok
17:33:49.0815 9724 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:33:49.0819 9724 drmkaud - ok
17:33:49.0843 9724 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:33:49.0886 9724 DXGKrnl - ok
17:33:49.0929 9724 EagleX64 - ok
17:33:49.0946 9724 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:33:49.0951 9724 EapHost - ok
17:33:50.0015 9724 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
17:33:50.0084 9724 ebdrv - ok
17:33:50.0111 9724 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:33:50.0147 9724 EFS - ok
17:33:50.0214 9724 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:33:50.0255 9724 ehRecvr - ok
17:33:50.0278 9724 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:33:50.0282 9724 ehSched - ok
17:33:50.0324 9724 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:33:50.0334 9724 elxstor - ok
17:33:50.0336 9724 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:33:50.0339 9724 ErrDev - ok
17:33:50.0396 9724 esgiguard - ok
17:33:50.0441 9724 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:33:50.0443 9724 EventSystem - ok
17:33:50.0473 9724 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:33:50.0479 9724 exfat - ok
17:33:50.0512 9724 [ EB3A7D5663ACAC417DF986D4AEE12170 ] Fastboot C:\Windows\system32\DRIVERS\Fastboot.sys
17:33:50.0548 9724 Fastboot - ok
17:33:50.0613 9724 [ 63511240AF70D10343A4AE05F8E2CA12 ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
17:33:50.0614 9724 FastbootService - ok
17:33:50.0632 9724 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:33:50.0638 9724 fastfat - ok
17:33:50.0681 9724 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:33:50.0684 9724 Fax - ok
17:33:50.0721 9724 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
17:33:50.0724 9724 fdc - ok
17:33:50.0756 9724 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:33:50.0772 9724 fdPHost - ok
17:33:50.0785 9724 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:33:50.0787 9724 FDResPub - ok
17:33:50.0823 9724 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:33:50.0825 9724 FileInfo - ok
17:33:50.0843 9724 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:33:50.0846 9724 Filetrace - ok
17:33:50.0849 9724 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
17:33:50.0852 9724 flpydisk - ok
17:33:50.0864 9724 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:33:50.0892 9724 FltMgr - ok
17:33:50.0938 9724 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:33:50.0968 9724 FontCache - ok
17:33:51.0057 9724 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:33:51.0096 9724 FontCache3.0.0.0 - ok
17:33:51.0173 9724 [ 87100772372E769A5F15032027344F9D ] FPLService C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
17:33:51.0210 9724 FPLService - ok
17:33:51.0242 9724 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:33:51.0246 9724 FsDepends - ok
17:33:51.0272 9724 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:33:51.0307 9724 Fs_Rec - ok
17:33:51.0347 9724 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:33:51.0349 9724 fvevol - ok
17:33:51.0376 9724 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:33:51.0380 9724 gagp30kx - ok
17:33:51.0411 9724 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:33:51.0419 9724 gpsvc - ok
17:33:51.0464 9724 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:33:51.0465 9724 gupdate - ok
17:33:51.0468 9724 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:33:51.0469 9724 gupdatem - ok
17:33:51.0510 9724 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:33:51.0513 9724 gusvc - ok
17:33:51.0556 9724 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:33:51.0594 9724 hamachi - ok
17:33:51.0616 9724 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:33:51.0619 9724 hcw85cir - ok
17:33:51.0639 9724 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:33:51.0683 9724 HdAudAddService - ok
17:33:51.0704 9724 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:33:51.0706 9724 HDAudBus - ok
17:33:51.0709 9724 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
17:33:51.0712 9724 HidBatt - ok
17:33:51.0717 9724 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:33:51.0721 9724 HidBth - ok
17:33:51.0754 9724 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
17:33:51.0758 9724 HidIr - ok
17:33:51.0785 9724 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:33:51.0788 9724 hidserv - ok
17:33:51.0808 9724 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:33:51.0842 9724 HidUsb - ok
17:33:51.0902 9724 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
17:33:51.0939 9724 HipShieldK - ok
17:33:51.0968 9724 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:33:51.0994 9724 hkmsvc - ok
17:33:52.0007 9724 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:33:52.0009 9724 HomeGroupListener - ok
17:33:52.0038 9724 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:33:52.0040 9724 HomeGroupProvider - ok
17:33:52.0079 9724 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:33:52.0115 9724 HpSAMD - ok
17:33:52.0142 9724 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:33:52.0146 9724 HTTP - ok
17:33:52.0162 9724 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:33:52.0163 9724 hwpolicy - ok
17:33:52.0227 9724 [ 46FD38CBD57D2EC86C42DCCE05C82F67 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
17:33:52.0268 9724 HyperW7Svc - ok
17:33:52.0291 9724 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:33:52.0295 9724 i8042prt - ok
17:33:52.0342 9724 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:33:52.0344 9724 iaStor - ok
17:33:52.0378 9724 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:33:52.0420 9724 iaStorV - ok
17:33:52.0442 9724 [ 72B253CDBCAA10E88AAD0BA39CC83BCD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
17:33:52.0476 9724 IBMPMDRV - ok
17:33:52.0486 9724 [ 4925FFB084C9AD02E8EEF01FB18BF5AC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
17:33:52.0522 9724 IBMPMSVC - ok
17:33:52.0566 9724 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:33:52.0613 9724 idsvc - ok
17:33:52.0958 9724 [ E910E770A54E55973FFBE663C3254000 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:33:53.0036 9724 igfx - ok
17:33:53.0067 9724 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:33:53.0071 9724 iirsp - ok
17:33:53.0110 9724 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:33:53.0146 9724 IKEEXT - ok
17:33:53.0195 9724 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:33:53.0229 9724 IntcDAud - ok
17:33:53.0321 9724 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:33:53.0359 9724 Intel(R) Capability Licensing Service Interface - ok
17:33:53.0410 9724 [ FB166D86AFCBD9A9BFD342DC2564F5DF ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
17:33:53.0451 9724 Intel(R) ME Service - ok
17:33:53.0513 9724 [ 16DF912A1C88B7AE46E907661F31AA77 ] Intel(R) Small Business Advantage C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
17:33:53.0552 9724 Intel(R) Small Business Advantage - ok
17:33:53.0580 9724 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:33:53.0583 9724 intelide - ok
17:33:53.0614 9724 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:33:53.0615 9724 intelppm - ok
17:33:53.0666 9724 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:33:53.0671 9724 IPBusEnum - ok
17:33:53.0703 9724 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:33:53.0738 9724 IpFilterDriver - ok
17:33:53.0780 9724 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:33:53.0787 9724 iphlpsvc - ok
17:33:53.0798 9724 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:33:53.0833 9724 IPMIDRV - ok
17:33:53.0843 9724 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:33:53.0848 9724 IPNAT - ok
17:33:53.0874 9724 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:33:53.0877 9724 IRENUM - ok
17:33:53.0887 9724 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:33:53.0890 9724 isapnp - ok
17:33:53.0905 9724 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:33:53.0945 9724 iScsiPrt - ok
17:33:53.0982 9724 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
17:33:54.0016 9724 iusb3hcs - ok
17:33:54.0030 9724 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
17:33:54.0067 9724 iusb3hub - ok
17:33:54.0087 9724 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
17:33:54.0128 9724 iusb3xhc - ok
17:33:54.0167 9724 [ B443D3D1B6F21C2B424E49491B65C488 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
17:33:54.0207 9724 jhi_service - ok
17:33:54.0267 9724 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:33:54.0271 9724 kbdclass - ok
17:33:54.0288 9724 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:33:54.0324 9724 kbdhid - ok
17:33:54.0355 9724 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:33:54.0356 9724 KeyIso - ok
17:33:54.0384 9724 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:33:54.0411 9724 KSecDD - ok
17:33:54.0445 9724 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:33:54.0481 9724 KSecPkg - ok
17:33:54.0508 9724 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:33:54.0510 9724 ksthunk - ok
17:33:54.0536 9724 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:33:54.0546 9724 KtmRm - ok
17:33:54.0593 9724 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:33:54.0620 9724 LanmanServer - ok
17:33:54.0693 9724 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:33:54.0720 9724 LanmanWorkstation - ok
17:33:54.0759 9724 [ D157679261C0F6739784166CB984A933 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
17:33:54.0760 9724 LENOVO.CAMMUTE - ok
17:33:54.0822 9724 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
17:33:54.0869 9724 LENOVO.MICMUTE - ok
17:33:54.0925 9724 [ 9D37F8F00324E9C6C7C5369E50D92EB6 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
17:33:54.0966 9724 LENOVO.TPKNRSVC - ok
17:33:54.0993 9724 [ 3038396D26AE40D7C2E7E775870EB458 ] LENOVO.TVTVCAM C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
17:33:55.0044 9724 LENOVO.TVTVCAM - ok
17:33:55.0059 9724 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
17:33:55.0100 9724 Lenovo.VIRTSCRLSVC - ok
17:33:55.0127 9724 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:33:55.0130 9724 lltdio - ok
17:33:55.0153 9724 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:33:55.0164 9724 lltdsvc - ok
17:33:55.0222 9724 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:33:55.0227 9724 lmhosts - ok
17:33:55.0270 9724 [ 9BE23DF9B1FC56F58DD0F28CC187E713 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:33:55.0272 9724 LMS - ok
17:33:55.0311 9724 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:33:55.0315 9724 LSI_FC - ok
17:33:55.0328 9724 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:33:55.0332 9724 LSI_SAS - ok
17:33:55.0340 9724 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
17:33:55.0343 9724 LSI_SAS2 - ok
17:33:55.0363 9724 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:33:55.0368 9724 LSI_SCSI - ok
17:33:55.0379 9724 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:33:55.0381 9724 luafv - ok
17:33:55.0457 9724 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:33:55.0492 9724 MBAMProtector - ok
17:33:55.0538 9724 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:33:55.0581 9724 MBAMScheduler - ok
17:33:55.0610 9724 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:33:55.0657 9724 MBAMService - ok
17:33:55.0752 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:55.0754 9724 McAfee SiteAdvisor Service - ok
17:33:55.0763 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:55.0765 9724 McMPFSvc - ok
17:33:55.0770 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:55.0771 9724 mcmscsvc - ok
17:33:55.0775 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:55.0776 9724 McNaiAnn - ok
17:33:55.0799 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:55.0801 9724 McNASvc - ok
17:33:55.0839 9724 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
17:33:55.0841 9724 McODS - ok
17:33:55.0868 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:33:55.0869 9724 McProxy - ok
17:33:55.0899 9724 [ 9BBCECBE3FE5AF5958A770DC512D0473 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:33:55.0901 9724 McShield - ok
17:33:55.0932 9724 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:33:55.0960 9724 Mcx2Svc - ok
17:33:55.0995 9724 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
17:33:56.0000 9724 megasas - ok
17:33:56.0040 9724 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
17:33:56.0048 9724 MegaSR - ok
17:33:56.0086 9724 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:33:56.0121 9724 MEIx64 - ok
17:33:56.0161 9724 [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
17:33:56.0197 9724 mfeapfk - ok
17:33:56.0262 9724 [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
17:33:56.0301 9724 mfeavfk - ok
17:33:56.0354 9724 mfeavfk01 - ok
17:33:56.0384 9724 [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:33:56.0421 9724 mfefire - ok
17:33:56.0474 9724 [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
17:33:56.0513 9724 mfefirek - ok
17:33:56.0544 9724 [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
17:33:56.0589 9724 mfehidk - ok
17:33:56.0622 9724 [ B5B96149BE124092F577DE54EC7D4D65 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
17:33:56.0658 9724 mferkdet - ok
17:33:56.0689 9724 [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp C:\Windows\system32\mfevtps.exe
17:33:56.0726 9724 mfevtp - ok
17:33:56.0759 9724 [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
17:33:56.0799 9724 mfewfpk - ok
17:33:56.0840 9724 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:33:56.0841 9724 MMCSS - ok
17:33:56.0862 9724 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:33:56.0866 9724 Modem - ok
17:33:56.0896 9724 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:33:56.0896 9724 monitor - ok
17:33:56.0916 9724 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:33:56.0919 9724 mouclass - ok
17:33:56.0922 9724 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
17:33:56.0926 9724 mouhid - ok
17:33:56.0958 9724 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:33:56.0959 9724 mountmgr - ok
17:33:56.0971 9724 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:33:57.0009 9724 mpio - ok
17:33:57.0025 9724 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:33:57.0029 9724 mpsdrv - ok
17:33:57.0053 9724 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:33:57.0088 9724 MpsSvc - ok
17:33:57.0101 9724 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:33:57.0141 9724 MRxDAV - ok
17:33:57.0168 9724 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:33:57.0202 9724 mrxsmb - ok
17:33:57.0227 9724 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:33:57.0261 9724 mrxsmb10 - ok
17:33:57.0279 9724 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:33:57.0313 9724 mrxsmb20 - ok
17:33:57.0319 9724 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:33:57.0357 9724 msahci - ok
17:33:57.0375 9724 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:33:57.0417 9724 msdsm - ok
17:33:57.0432 9724 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:33:57.0438 9724 MSDTC - ok
17:33:57.0463 9724 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:33:57.0466 9724 Msfs - ok
17:33:57.0478 9724 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:33:57.0483 9724 mshidkmdf - ok
17:33:57.0501 9724 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:33:57.0503 9724 msisadrv - ok
17:33:57.0524 9724 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:33:57.0530 9724 MSiSCSI - ok
17:33:57.0532 9724 msiserver - ok
17:33:57.0545 9724 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:33:57.0549 9724 MSKSSRV - ok
17:33:57.0570 9724 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:33:57.0573 9724 MSPCLOCK - ok
17:33:57.0576 9724 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:33:57.0578 9724 MSPQM - ok
17:33:57.0591 9724 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:33:57.0619 9724 MsRPC - ok
17:33:57.0638 9724 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:33:57.0639 9724 mssmbios - ok
17:33:57.0656 9724 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:33:57.0660 9724 MSTEE - ok
17:33:57.0662 9724 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
17:33:57.0665 9724 MTConfig - ok
17:33:57.0679 9724 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:33:57.0683 9724 Mup - ok
17:33:57.0718 9724 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:33:57.0722 9724 napagent - ok
17:33:57.0761 9724 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:33:57.0767 9724 NativeWifiP - ok
17:33:57.0810 9724 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:33:57.0823 9724 NDIS - ok
17:33:57.0835 9724 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:33:57.0839 9724 NdisCap - ok
17:33:57.0864 9724 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:33:57.0867 9724 NdisTapi - ok
17:33:57.0892 9724 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:33:57.0925 9724 Ndisuio - ok
17:33:57.0936 9724 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:33:57.0971 9724 NdisWan - ok
17:33:57.0999 9724 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:33:58.0033 9724 NDProxy - ok
17:33:58.0040 9724 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:33:58.0043 9724 NetBIOS - ok
17:33:58.0057 9724 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:33:58.0058 9724 NetBT - ok
17:33:58.0077 9724 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:33:58.0078 9724 Netlogon - ok
17:33:58.0103 9724 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:33:58.0111 9724 Netman - ok
17:33:58.0195 9724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:33:58.0235 9724 NetMsmqActivator - ok
17:33:58.0238 9724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:33:58.0239 9724 NetPipeActivator - ok
17:33:58.0247 9724 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:33:58.0250 9724 netprofm - ok
17:33:58.0254 9724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:33:58.0255 9724 NetTcpActivator - ok
17:33:58.0258 9724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:33:58.0259 9724 NetTcpPortSharing - ok
17:33:58.0324 9724 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:33:58.0327 9724 nfrd960 - ok
17:33:58.0356 9724 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:33:58.0385 9724 NlaSvc - ok
17:33:58.0393 9724 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:33:58.0395 9724 Npfs - ok
17:33:58.0408 9724 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:33:58.0412 9724 nsi - ok
17:33:58.0424 9724 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:33:58.0425 9724 nsiproxy - ok
17:33:58.0472 9724 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:33:58.0527 9724 Ntfs - ok
17:33:58.0535 9724 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:33:58.0538 9724 Null - ok
17:33:58.0577 9724 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:33:58.0615 9724 nvraid - ok
17:33:58.0634 9724 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:33:58.0672 9724 nvstor - ok
17:33:58.0692 9724 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:33:58.0697 9724 nv_agp - ok
17:33:58.0702 9724 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:33:58.0706 9724 ohci1394 - ok
17:33:58.0736 9724 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:33:58.0781 9724 ose - ok
17:33:58.0905 9724 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:33:59.0161 9724 osppsvc - ok
17:33:59.0227 9724 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:33:59.0229 9724 p2pimsvc - ok
17:33:59.0261 9724 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:33:59.0264 9724 p2psvc - ok
17:33:59.0291 9724 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
17:33:59.0295 9724 Parport - ok
17:33:59.0324 9724 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:33:59.0360 9724 partmgr - ok
17:33:59.0401 9724 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:33:59.0407 9724 PcaSvc - ok
17:33:59.0424 9724 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:33:59.0425 9724 pci - ok
17:33:59.0435 9724 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:33:59.0438 9724 pciide - ok
17:33:59.0458 9724 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:33:59.0464 9724 pcmcia - ok
17:33:59.0475 9724 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:33:59.0478 9724 pcw - ok
17:33:59.0505 9724 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:33:59.0513 9724 PEAUTH - ok
17:33:59.0645 9724 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:33:59.0648 9724 PerfHost - ok
17:33:59.0693 9724 [ 2CECB15AC87B7869A40305221FD28F82 ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
17:33:59.0735 9724 PHCORE - ok
17:33:59.0779 9724 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:33:59.0829 9724 pla - ok
17:33:59.0894 9724 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:33:59.0925 9724 PlugPlay - ok
17:33:59.0935 9724 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:33:59.0940 9724 PNRPAutoReg - ok
17:33:59.0971 9724 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:33:59.0973 9724 PNRPsvc - ok
17:34:00.0005 9724 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:34:00.0037 9724 PolicyAgent - ok
17:34:00.0060 9724 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
17:34:00.0062 9724 Power - ok
17:34:00.0131 9724 [ E833FC54B622311D1CB5247AA1245904 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
17:34:00.0138 9724 Power Manager DBC Service - ok
17:34:00.0181 9724 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:34:00.0214 9724 PptpMiniport - ok
17:34:00.0240 9724 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
17:34:00.0243 9724 Processor - ok
17:34:00.0275 9724 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:34:00.0278 9724 ProfSvc - ok
17:34:00.0288 9724 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:34:00.0290 9724 ProtectedStorage - ok
17:34:00.0302 9724 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
17:34:00.0337 9724 psadd - ok
17:34:00.0348 9724 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:34:00.0349 9724 Psched - ok
17:34:00.0374 9724 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:34:00.0417 9724 PSI_SVC_2 - ok
17:34:00.0454 9724 [ 63144B678D71977F5B27E9BC38FB3EA0 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
17:34:00.0525 9724 PwmEWSvc - ok
17:34:00.0566 9724 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:34:00.0600 9724 ql2300 - ok
17:34:00.0611 9724 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:34:00.0615 9724 ql40xx - ok
17:34:00.0641 9724 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:34:00.0648 9724 QWAVE - ok
17:34:00.0663 9724 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:34:00.0667 9724 QWAVEdrv - ok
17:34:00.0670 9724 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:34:00.0673 9724 RasAcd - ok
17:34:00.0708 9724 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:34:00.0710 9724 RasAgileVpn - ok
17:34:00.0724 9724 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:34:00.0730 9724 RasAuto - ok
17:34:00.0741 9724 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:00.0742 9724 Rasl2tp - ok
17:34:00.0783 9724 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:34:00.0816 9724 RasMan - ok
17:34:00.0854 9724 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:00.0858 9724 RasPppoe - ok
17:34:00.0871 9724 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:34:00.0873 9724 RasSstp - ok
17:34:00.0903 9724 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:34:00.0938 9724 rdbss - ok
17:34:00.0969 9724 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
17:34:00.0973 9724 rdpbus - ok
17:34:00.0997 9724 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:00.0998 9724 RDPCDD - ok
17:34:01.0003 9724 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:34:01.0004 9724 RDPENCDD - ok
17:34:01.0016 9724 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:34:01.0017 9724 RDPREFMP - ok
17:34:01.0039 9724 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:34:01.0075 9724 RDPWD - ok
17:34:01.0135 9724 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:34:01.0173 9724 rdyboost - ok
17:34:01.0210 9724 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:34:01.0215 9724 RemoteAccess - ok
17:34:01.0234 9724 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:34:01.0240 9724 RemoteRegistry - ok
17:34:01.0269 9724 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:34:01.0273 9724 RFCOMM - ok
17:34:01.0285 9724 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:34:01.0290 9724 RpcEptMapper - ok
17:34:01.0321 9724 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:34:01.0325 9724 RpcLocator - ok
17:34:01.0350 9724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:34:01.0353 9724 RpcSs - ok
17:34:01.0399 9724 [ 7F324DFFCA5318EEF040DBE351D038D8 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
17:34:01.0400 9724 RSP2STOR - ok
17:34:01.0437 9724 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:34:01.0439 9724 rspndr - ok
17:34:01.0477 9724 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:34:01.0517 9724 RTL8167 - ok
17:34:01.0554 9724 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:34:01.0556 9724 SamSs - ok
17:34:01.0558 9724 SAService - ok
17:34:01.0570 9724 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:34:01.0607 9724 sbp2port - ok
17:34:01.0648 9724 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:34:01.0654 9724 SCardSvr - ok
17:34:01.0665 9724 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:34:01.0702 9724 scfilter - ok
17:34:01.0727 9724 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:34:01.0771 9724 Schedule - ok
17:34:01.0794 9724 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:34:01.0795 9724 SCPolicySvc - ok
17:34:01.0806 9724 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:34:01.0834 9724 SDRSVC - ok
17:34:01.0867 9724 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:34:01.0869 9724 secdrv - ok
17:34:01.0881 9724 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:34:01.0908 9724 seclogon - ok
17:34:01.0922 9724 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:34:01.0923 9724 SENS - ok
17:34:01.0947 9724 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:34:01.0950 9724 SensrSvc - ok
17:34:01.0974 9724 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
17:34:01.0977 9724 Serenum - ok
17:34:01.0991 9724 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
17:34:01.0994 9724 Serial - ok
17:34:02.0010 9724 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:34:02.0013 9724 sermouse - ok
17:34:02.0031 9724 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:34:02.0058 9724 SessionEnv - ok
17:34:02.0066 9724 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:34:02.0071 9724 sffdisk - ok
17:34:02.0085 9724 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:34:02.0088 9724 sffp_mmc - ok
17:34:02.0105 9724 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:34:02.0139 9724 sffp_sd - ok
17:34:02.0149 9724 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:34:02.0152 9724 sfloppy - ok
17:34:02.0198 9724 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:34:02.0239 9724 Sftfs - ok
17:34:02.0332 9724 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:34:02.0378 9724 sftlist - ok
17:34:02.0403 9724 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:34:02.0440 9724 Sftplay - ok
17:34:02.0475 9724 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:34:02.0511 9724 Sftredir - ok
17:34:02.0543 9724 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:34:02.0578 9724 Sftvol - ok
17:34:02.0608 9724 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:34:02.0649 9724 sftvsa - ok
17:34:02.0699 9724 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:34:02.0708 9724 SharedAccess - ok
17:34:02.0743 9724 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:34:02.0774 9724 ShellHWDetection - ok
17:34:02.0802 9724 [ 7AC6FBFC13ABA3F15B05986412D10E10 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
17:34:02.0838 9724 Shockprf - ok
17:34:02.0874 9724 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
17:34:02.0878 9724 SiSRaid2 - ok
17:34:02.0890 9724 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:34:02.0894 9724 SiSRaid4 - ok
17:34:02.0961 9724 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:34:07.0499 9724 SkypeUpdate - ok
17:34:07.0538 9724 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:34:07.0543 9724 Smb - ok
17:34:07.0581 9724 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:34:07.0586 9724 SNMPTRAP - ok
17:34:07.0598 9724 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:34:07.0601 9724 spldr - ok
17:34:07.0653 9724 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:34:07.0691 9724 Spooler - ok
17:34:07.0780 9724 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:34:07.0795 9724 sppsvc - ok
17:34:07.0813 9724 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:34:07.0817 9724 sppuinotify - ok
17:34:07.0835 9724 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:34:07.0870 9724 srv - ok
17:34:07.0885 9724 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:34:07.0930 9724 srv2 - ok
17:34:07.0957 9724 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:34:07.0991 9724 srvnet - ok
17:34:08.0017 9724 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:34:08.0019 9724 SSDPSRV - ok
17:34:08.0037 9724 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:34:08.0042 9724 SstpSvc - ok
17:34:08.0079 9724 Steam Client Service - ok
17:34:08.0091 9724 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
17:34:08.0094 9724 stexstor - ok
17:34:08.0135 9724 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:34:08.0168 9724 stisvc - ok
17:34:08.0276 9724 [ 787D181332401B04DA4EDC422193C47B ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
17:34:08.0314 9724 SUService - ok
17:34:08.0332 9724 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:34:08.0335 9724 swenum - ok
17:34:08.0365 9724 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:34:08.0376 9724 swprv - ok
17:34:08.0424 9724 [ 2765A6B5DFF317D15C2E03E5C25122ED ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:34:08.0461 9724 SynTP - ok
17:34:08.0504 9724 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:34:08.0561 9724 SysMain - ok
17:34:08.0577 9724 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:34:08.0603 9724 TabletInputService - ok
17:34:08.0609 9724 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:34:08.0638 9724 TapiSrv - ok
17:34:08.0654 9724 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:34:08.0656 9724 TBS - ok
17:34:08.0732 9724 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:34:08.0883 9724 Tcpip - ok
17:34:08.0934 9724 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:34:08.0942 9724 TCPIP6 - ok
17:34:09.0005 9724 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:34:09.0039 9724 tcpipreg - ok
17:34:09.0098 9724 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:34:09.0102 9724 TDPIPE - ok
17:34:09.0121 9724 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:34:09.0156 9724 TDTCP - ok
17:34:09.0192 9724 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:34:09.0226 9724 tdx - ok
17:34:09.0252 9724 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:34:09.0278 9724 TermDD - ok
17:34:09.0315 9724 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:34:09.0349 9724 TermService - ok
17:34:09.0394 9724 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:34:09.0399 9724 Themes - ok
17:34:09.0428 9724 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:34:09.0430 9724 THREADORDER - ok
17:34:09.0437 9724 [ BC148E3415BF8A9DE83364966F75044F ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
17:34:09.0472 9724 TPDIGIMN - ok
17:34:09.0510 9724 [ BBD91008BEC4A2BA5D383BC9A15D6F9E ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
17:34:09.0546 9724 TPHDEXLGSVC - ok
17:34:09.0592 9724 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
17:34:09.0628 9724 TPHKLOAD - ok
17:34:09.0644 9724 [ 046A7B412E4E6C4A7B426441E143F0F2 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
17:34:09.0697 9724 TPHKSVC - ok
17:34:09.0718 9724 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
17:34:09.0722 9724 TPM - ok
17:34:09.0742 9724 [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
17:34:09.0786 9724 TPPWRIF - ok
17:34:09.0827 9724 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:34:09.0832 9724 TrkWks - ok
17:34:09.0891 9724 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:34:09.0925 9724 TrustedInstaller - ok
17:34:09.0938 9724 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:09.0973 9724 tssecsrv - ok
17:34:10.0006 9724 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:34:10.0041 9724 TsUsbFlt - ok
17:34:10.0061 9724 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
17:34:10.0096 9724 TsUsbGD - ok
17:34:10.0118 9724 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:34:10.0152 9724 tunnel - ok
17:34:10.0176 9724 [ D4915DB03B19F9FD50EC084CC0ED15FC ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
17:34:10.0212 9724 TVTI2C - ok
17:34:10.0260 9724 [ 760B34088C2AD8D634CC3784EF3A2CA2 ] tvtvcamd C:\Windows\system32\DRIVERS\tvtvcamd.sys
17:34:10.0295 9724 tvtvcamd - ok
17:34:10.0312 9724 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:34:10.0317 9724 uagp35 - ok
17:34:10.0340 9724 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:34:10.0378 9724 udfs - ok
17:34:10.0402 9724 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:34:10.0407 9724 UI0Detect - ok
17:34:10.0434 9724 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:34:10.0438 9724 uliagpkx - ok
17:34:10.0467 9724 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:34:10.0501 9724 umbus - ok
17:34:10.0509 9724 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
17:34:10.0512 9724 UmPass - ok
17:34:10.0586 9724 [ 30FF46EABCA1BB18E4F357492A8F7FC9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:34:10.0588 9724 UNS - ok
17:34:10.0608 9724 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:34:10.0617 9724 upnphost - ok
17:34:10.0641 9724 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:10.0674 9724 usbccgp - ok
17:34:10.0696 9724 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:34:10.0700 9724 usbcir - ok
17:34:10.0720 9724 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:34:10.0755 9724 usbehci - ok
17:34:10.0821 9724 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:34:10.0823 9724 usbhub - ok
17:34:10.0838 9724 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:34:10.0873 9724 usbohci - ok
17:34:10.0890 9724 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
17:34:10.0893 9724 usbprint - ok
17:34:10.0897 9724 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:10.0932 9724 USBSTOR - ok
17:34:10.0935 9724 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:34:10.0970 9724 usbuhci - ok
17:34:10.0975 9724 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:34:11.0011 9724 usbvideo - ok
17:34:11.0047 9724 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:34:11.0051 9724 UxSms - ok
17:34:11.0077 9724 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:34:11.0078 9724 VaultSvc - ok
17:34:11.0097 9724 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:34:11.0101 9724 vdrvroot - ok
17:34:11.0125 9724 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:34:11.0165 9724 vds - ok
17:34:11.0169 9724 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:11.0171 9724 vga - ok
17:34:11.0215 9724 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:34:11.0218 9724 VgaSave - ok
17:34:11.0224 9724 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:34:11.0262 9724 vhdmp - ok
17:34:11.0266 9724 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:34:11.0269 9724 viaide - ok
17:34:11.0328 9724 [ A9BDE7317E68D497DEFAD1C84FBCFD24 ] VIPAppService C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
17:34:11.0368 9724 VIPAppService - ok
17:34:11.0385 9724 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:34:11.0421 9724 volmgr - ok
17:34:11.0438 9724 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:34:11.0440 9724 volmgrx - ok
17:34:11.0458 9724 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:34:11.0498 9724 volsnap - ok
17:34:11.0516 9724 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:34:11.0522 9724 vsmraid - ok
17:34:11.0567 9724 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:34:11.0624 9724 VSS - ok
17:34:11.0638 9724 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:34:11.0640 9724 vwifibus - ok
17:34:11.0669 9724 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:34:11.0673 9724 vwififlt - ok
17:34:11.0709 9724 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:34:11.0719 9724 W32Time - ok
17:34:11.0724 9724 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:34:11.0728 9724 WacomPen - ok
17:34:11.0782 9724 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:34:11.0815 9724 WANARP - ok
17:34:11.0818 9724 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:34:11.0819 9724 Wanarpv6 - ok
17:34:11.0911 9724 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:34:11.0974 9724 WatAdminSvc - ok
17:34:12.0018 9724 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:34:12.0062 9724 wbengine - ok
17:34:12.0073 9724 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:34:12.0075 9724 WbioSrvc - ok
17:34:12.0089 9724 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:34:12.0120 9724 wcncsvc - ok
17:34:12.0138 9724 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:34:12.0141 9724 WcsPlugInService - ok
17:34:12.0164 9724 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
17:34:12.0168 9724 Wd - ok
17:34:12.0202 9724 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:34:12.0247 9724 Wdf01000 - ok
17:34:12.0265 9724 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:34:12.0271 9724 WdiServiceHost - ok
17:34:12.0274 9724 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:34:12.0276 9724 WdiSystemHost - ok
17:34:12.0296 9724 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:34:12.0324 9724 WebClient - ok
17:34:12.0342 9724 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:34:12.0351 9724 Wecsvc - ok
17:34:12.0363 9724 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:34:12.0365 9724 wercplsupport - ok
17:34:12.0387 9724 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:34:12.0392 9724 WerSvc - ok
17:34:12.0427 9724 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:34:12.0429 9724 WfpLwf - ok
17:34:12.0438 9724 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:34:12.0441 9724 WIMMount - ok
17:34:12.0453 9724 WinDefend - ok
17:34:12.0459 9724 WinHttpAutoProxySvc - ok
17:34:12.0515 9724 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:34:12.0521 9724 Winmgmt - ok
17:34:12.0572 9724 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:34:12.0691 9724 WinRM - ok
17:34:12.0746 9724 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
17:34:12.0780 9724 WinUsb - ok
17:34:12.0874 9724 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:34:12.0894 9724 Wlansvc - ok
17:34:12.0948 9724 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:34:12.0983 9724 wlcrasvc - ok
17:34:13.0083 9724 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:34:13.0118 9724 wlidsvc - ok
17:34:13.0156 9724 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:34:13.0157 9724 WmiAcpi - ok
17:34:13.0178 9724 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:34:13.0182 9724 wmiApSrv - ok
17:34:13.0185 9724 WMPNetworkSvc - ok
17:34:13.0218 9724 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:34:13.0222 9724 WPCSvc - ok
17:34:13.0239 9724 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:34:13.0265 9724 WPDBusEnum - ok
17:34:13.0304 9724 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:34:13.0305 9724 ws2ifsl - ok
17:34:13.0320 9724 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:34:13.0323 9724 wscsvc - ok
17:34:13.0327 9724 WSearch - ok
17:34:13.0395 9724 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:34:13.0405 9724 wuauserv - ok
17:34:13.0456 9724 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:34:13.0489 9724 WudfPf - ok
17:34:13.0537 9724 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:13.0570 9724 WUDFRd - ok
17:34:13.0619 9724 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:34:13.0646 9724 wudfsvc - ok
17:34:13.0715 9724 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:34:13.0744 9724 WwanSvc - ok
17:34:13.0801 9724 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
17:34:13.0813 9724 xnacc - ok
17:34:13.0828 9724 ================ Scan global ===============================
17:34:13.0850 9724 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:34:13.0879 9724 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
17:34:13.0888 9724 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
17:34:13.0914 9724 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:34:13.0943 9724 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:34:13.0946 9724 [Global] - ok
17:34:13.0946 9724 ================ Scan MBR ==================================
17:34:13.0961 9724 [ 4C396012F2DC6B0EB4CDBB3B6CBAEF68 ] \Device\Harddisk0\DR0
17:34:14.0257 9724 \Device\Harddisk0\DR0 - ok
17:34:14.0258 9724 ================ Scan VBR ==================================
17:34:14.0259 9724 [ EBE7A5924DE688C92DCE4954DA56FFD4 ] \Device\Harddisk0\DR0\Partition1
17:34:14.0261 9724 \Device\Harddisk0\DR0\Partition1 - ok
17:34:14.0282 9724 [ AC76DF478598C1463A5C44A25BECA22F ] \Device\Harddisk0\DR0\Partition2
17:34:14.0285 9724 \Device\Harddisk0\DR0\Partition2 - ok
17:34:14.0318 9724 [ CF8350247705A402E8BAC621748B15A6 ] \Device\Harddisk0\DR0\Partition3
17:34:14.0320 9724 \Device\Harddisk0\DR0\Partition3 - ok
17:34:14.0321 9724 ============================================================
17:34:14.0321 9724 Scan finished
17:34:14.0321 9724 ============================================================
17:34:14.0327 9868 Detected object count: 0
17:34:14.0327 9868 Actual detected object count: 0
17:34:58.0954 8288 Deinitialize success

CatByte · Jan 8, 2013

Please run the following:

Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right-mouse click JRT.exe and select Run as administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

Run AdwCleaner and select Delete
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

Please open your MalwareBytes AntiMalware Program
Click the Update Tab and search for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

MrPokemon · Jan 8, 2013

a question,if you can please answer it that would be great.can a virus just disappear?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.1 (01.06.2013:2)
OS: Windows 7 Home Premium x64
Ran by Chris on Tue 01/08/2013 at 17:19:56.93
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3910317161-2487669532-2512826936-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/08/2013 at 17:26:37.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v2.105 - Logfile created 01/08/2013 at 17:28:39
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Chris - CHRIS-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Chris\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [660 octets] - [08/01/2013 17:28:39]

########## EOF - C:\AdwCleaner[S1].txt - [719 octets] ##########

---------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-LAPTOP [administrator]

Protection: Disabled

1/8/2013 5:38:28 PM
mbam-log-2013-01-08 (17-38-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210967
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

C:\Users\Chris\Downloads\DVDC.rar a variant of Win32/HackTool.Patcher.AD application

CatByte · Jan 8, 2013

can a virus just disappear

symptoms can disappear, but unless an anti virus or other tool causes the removal of the infection, then I'm not aware that any infection can just "disappear"

how is the computer running now, are there any outstanding issues?

NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version XI)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
Scroll down to where it says Java SE 7u10
Click the Download button under JRE to the right.
Read the License Agreement then select Accept License Agreement
Click on the link to download Windows x86 Offline and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are three options in the window to clear the cache - Leave these two Checked
  - Trace and Log Files
    Cached Applications and Applets
  - Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  - Click OK to leave the Temporary Files Window
  - Click OK to leave the Java Control Panel.

Google redirect Virus

MrPokemon

MrPokemon

MrPokemon

MrPokemon

CatByte

MrPokemon

CatByte

MrPokemon

CatByte

MrPokemon

CatByte

MrPokemon

CatByte

MrPokemon

CatByte

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Welcome to Tech Support Guy!

Latest posts

Staff online

Members online