51 replies to this topic

[jgowell21]

I noticed a few days ago that, all of a sudden, even though I could connect to the Internet/other websites, whenever I tried to search through Google I would get a 404 error saying I could not connect to Google's site. I ran Malwarebytes and it found some kind of Rootkit trojan, then after I removed it and restarted, Google search worked; I thought the problem went away but when I tried Google search a few hours later, I got the same "cannot connect" error message.

I ran my AV software, ESET NOD32, which did not detect anything at first, and then I ran TDSSKiller, which caught the fact I was infected with the Olmarik.tdl4 trojan at which point my AV software now "caught" and alerted that Olmarik.tdl4 was detected in my system and quarantined it.

I am experiencing the Google search issues again so I came in here asking for help. I have attached my DDS and Attach files. I would appreciate any help in getting this trojan (and others, if any are lurking in my system) completely removed and making my computer malware free. Thanks for your help.



Note: I previously ran Rogue Killer to try and see if that would detect anything. Any time I ran it, when I clicked Scan, it would start and then all of a sudden my computer would BSOD. I restarted, ran it again, and then it BSOD'd again. After this second failure, I decided not to try it again anymore. However, when I restarted my computer after the second time, although my desktop would load, the taskbar would not (it would either not appear, or if it did appear, it would not respond and I couldn't click anything on it). Another issue I found was that I could not click any of my desktop icons and my Start menu was unaccessible. Even when I pressed the "Windows" key on my keyboard, the Start menu would not appear. Even trying to bring up the Task Manager through "Ctrl-Alt-Del" did not do anything. Basically, my computer was frozen/unusable.

Luckily I was able to restart, boot into safe mode, restore my computer to an earlier point before I ran Rogue Killer, and this seemed to solve the issue. Just wanted to point this out in case the first recommendation was to try to run RK.

Attached Files

•  dds.txt   15.01K   11 downloads
•  attach.txt   16.75K   11 downloads

[Maniac]

Hello jgowell21 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please manually delete your TDSSKiller copy and then download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply



In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log
  
• aswMBR log
  
• a new fresh DDS log file

[jgowell21]

Hi Maniac, thanks for your reply and support. Although I understand this computer may never be safe because of the Backdoor, I would like to try to fix it for now.

Here is the information you requested:

1) TDSSKiller log

10:03:14.0234 6068 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
10:03:14.0671 6068 ============================================================
10:03:14.0671 6068 Current date / time: 2012/07/23 10:03:14.0671
10:03:14.0671 6068 SystemInfo:
10:03:14.0671 6068
10:03:14.0671 6068 OS Version: 5.1.2600 ServicePack: 3.0
10:03:14.0671 6068 Product type: Workstation
10:03:14.0671 6068 ComputerName: BCS-FF2C23D2798
10:03:14.0671 6068 UserName: d
10:03:14.0671 6068 Windows directory: C:\WINDOWS
10:03:14.0671 6068 System windows directory: C:\WINDOWS
10:03:14.0671 6068 Processor architecture: Intel x86
10:03:14.0671 6068 Number of processors: 2
10:03:14.0671 6068 Page size: 0x1000
10:03:14.0671 6068 Boot type: Normal boot
10:03:14.0671 6068 ============================================================
10:03:15.0625 6068 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
10:03:15.0625 6068 ============================================================
10:03:15.0625 6068 \Device\Harddisk0\DR0:
10:03:15.0625 6068 MBR partitions:
10:03:15.0625 6068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE4D0800
10:03:15.0625 6068 ============================================================
10:03:15.0625 6068 C: <-> \Device\Harddisk0\DR0\Partition0
10:03:15.0625 6068 ============================================================
10:03:15.0625 6068 Initialize success
10:03:15.0625 6068 ============================================================
10:03:22.0781 5036 ============================================================
10:03:22.0781 5036 Scan started
10:03:22.0781 5036 Mode: Manual; SigCheck; TDLFS;
10:03:22.0781 5036 ============================================================
10:03:22.0890 5036 5U875UVC (42b72495b6d3390ec54850d8036a7d7c) C:\WINDOWS\system32\DRIVERS\RCUVCMNP.sys
10:03:23.0625 5036 5U875UVC - ok
10:03:23.0640 5036 Abiosdsk - ok
10:03:23.0640 5036 abp480n5 - ok
10:03:23.0656 5036 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:03:23.0968 5036 ACPI - ok
10:03:23.0968 5036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:03:24.0109 5036 ACPIEC - ok
10:03:24.0125 5036 ADMonitor (a71390ee50feff7f799f3cb0c4a98533) C:\WINDOWS\system32\ADMonitor.exe
10:03:24.0125 5036 ADMonitor ( UnsignedFile.Multi.Generic ) - warning
10:03:24.0125 5036 ADMonitor - detected UnsignedFile.Multi.Generic (1)
10:03:24.0140 5036 adpu160m - ok
10:03:24.0156 5036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:03:24.0296 5036 aec - ok
10:03:24.0296 5036 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:03:24.0328 5036 AFD - ok
10:03:24.0328 5036 Aha154x - ok
10:03:24.0343 5036 aic78u2 - ok
10:03:24.0343 5036 aic78xx - ok
10:03:24.0359 5036 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
10:03:24.0468 5036 Alerter - ok
10:03:24.0468 5036 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
10:03:24.0531 5036 ALG - ok
10:03:24.0531 5036 AliIde - ok
10:03:24.0531 5036 ALvldr (ae68476b848da5ae8329bd47daec1b29) C:\WINDOWS\system32\DRIVERS\ALvldr.sys
10:03:24.0578 5036 ALvldr ( UnsignedFile.Multi.Generic ) - warning
10:03:24.0578 5036 ALvldr - detected UnsignedFile.Multi.Generic (1)
10:03:24.0578 5036 amsint - ok
10:03:24.0593 5036 ApfiltrService (baaa6516aec2622b8fba6165ff5d68c2) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
10:03:24.0625 5036 ApfiltrService - ok
10:03:24.0640 5036 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:03:24.0656 5036 Apple Mobile Device - ok
10:03:24.0671 5036 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
10:03:24.0718 5036 AppMgmt - ok
10:03:24.0734 5036 asc - ok
10:03:24.0734 5036 asc3350p - ok
10:03:24.0734 5036 asc3550 - ok
10:03:24.0765 5036 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:03:24.0781 5036 aspnet_state - ok
10:03:24.0796 5036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:03:24.0921 5036 AsyncMac - ok
10:03:24.0937 5036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:03:25.0046 5036 atapi - ok
10:03:25.0046 5036 Atdisk - ok
10:03:25.0062 5036 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:03:25.0203 5036 Atmarpc - ok
10:03:25.0312 5036 ATService (9c4df8d13e5ea12a747bad0773d47b01) C:\WINDOWS\system32\AtService.exe
10:03:25.0671 5036 ATService - ok
10:03:25.0734 5036 ATSwpWDF (2540b733f644b200dba9aa64d870de8d) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
10:03:26.0015 5036 ATSwpWDF - ok
10:03:26.0015 5036 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
10:03:26.0140 5036 AudioSrv - ok
10:03:26.0140 5036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:03:26.0281 5036 audstub - ok
10:03:26.0281 5036 AX88772 - ok
10:03:26.0296 5036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:03:26.0421 5036 Beep - ok
10:03:26.0453 5036 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
10:03:26.0593 5036 BITS - ok
10:03:26.0609 5036 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
10:03:26.0734 5036 Browser - ok
10:03:26.0734 5036 catchme - ok
10:03:26.0750 5036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:03:26.0875 5036 cbidf2k - ok
10:03:26.0890 5036 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:03:27.0015 5036 CCDECODE - ok
10:03:27.0031 5036 cd20xrnt - ok
10:03:27.0031 5036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:03:27.0171 5036 Cdaudio - ok
10:03:27.0187 5036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:03:27.0296 5036 Cdfs - ok
10:03:27.0312 5036 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:03:27.0453 5036 Cdrom - ok
10:03:27.0453 5036 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
10:03:27.0484 5036 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
10:03:27.0484 5036 cercsr6 - detected UnsignedFile.Multi.Generic (1)
10:03:27.0484 5036 Changer - ok
10:03:27.0500 5036 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
10:03:27.0609 5036 CiSvc - ok
10:03:27.0609 5036 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
10:03:27.0734 5036 ClipSrv - ok
10:03:27.0750 5036 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:03:27.0765 5036 clr_optimization_v2.0.50727_32 - ok
10:03:27.0781 5036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:03:27.0796 5036 clr_optimization_v4.0.30319_32 - ok
10:03:27.0812 5036 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:03:27.0937 5036 CmBatt - ok
10:03:27.0937 5036 CmdIde - ok
10:03:28.0000 5036 CnxtHdAudService (8e00f3c5697f967e3529309657e462cb) C:\WINDOWS\system32\drivers\CHDAU32.sys
10:03:28.0296 5036 CnxtHdAudService - ok
10:03:28.0296 5036 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:03:28.0437 5036 Compbatt - ok
10:03:28.0437 5036 COMSysApp - ok
10:03:28.0453 5036 Cpqarray - ok
10:03:28.0468 5036 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
10:03:28.0484 5036 cpudrv - ok
10:03:28.0484 5036 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
10:03:28.0609 5036 CryptSvc - ok
10:03:28.0609 5036 dac2w2k - ok
10:03:28.0609 5036 dac960nt - ok
10:03:28.0640 5036 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
10:03:28.0921 5036 DcomLaunch - ok
10:03:28.0937 5036 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
10:03:29.0078 5036 Dhcp - ok
10:03:29.0093 5036 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:03:29.0234 5036 Disk - ok
10:03:29.0234 5036 DisplayLinkFilter (b9945d61ecc0afa6e0e13a7c120ad4cd) C:\WINDOWS\system32\DRIVERS\DisplayLinkFilter.sys
10:03:29.0265 5036 DisplayLinkFilter - ok
10:03:29.0265 5036 DisplayLinkmirror (b27a1c70013724709b2e712a747b5c78) C:\WINDOWS\system32\DRIVERS\DisplayLinkmirrorport.sys
10:03:29.0281 5036 DisplayLinkmirror - ok
10:03:29.0562 5036 DisplayLinkService (3404bb885d265549c2fcc7cb24b4828d) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
10:03:30.0078 5036 DisplayLinkService - ok
10:03:30.0109 5036 dmadmin - ok
10:03:30.0140 5036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:03:30.0562 5036 dmboot - ok
10:03:30.0578 5036 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
10:03:30.0703 5036 dmio - ok
10:03:30.0718 5036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:03:30.0828 5036 dmload - ok
10:03:30.0843 5036 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
10:03:30.0953 5036 dmserver - ok
10:03:30.0953 5036 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:03:31.0078 5036 DMusic - ok
10:03:31.0078 5036 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
10:03:31.0109 5036 Dnscache - ok
10:03:31.0125 5036 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
10:03:31.0234 5036 Dot3svc - ok
10:03:31.0234 5036 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
10:03:31.0281 5036 DozeHDD - ok
10:03:31.0296 5036 DozeSvc (003acee8650bfd49e4121289bbf59480) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
10:03:31.0312 5036 DozeSvc - ok
10:03:31.0312 5036 dpti2o - ok
10:03:31.0328 5036 dqbridge (caace74359c1845c0703df131fdd5676) C:\WINDOWS\system32\DRIVERS\dqbridge.sys
10:03:31.0343 5036 dqbridge ( UnsignedFile.Multi.Generic ) - warning
10:03:31.0343 5036 dqbridge - detected UnsignedFile.Multi.Generic (1)
10:03:31.0343 5036 dqusb (22c1879ea61b615c21369d5f0835c979) C:\WINDOWS\system32\DRIVERS\dqusb.sys
10:03:31.0375 5036 dqusb - ok
10:03:31.0375 5036 dqVDDrv (5d115c71939c06aeb5468115f307460a) C:\WINDOWS\system32\DRIVERS\dqVDDrvK.sys
10:03:31.0406 5036 dqVDDrv ( UnsignedFile.Multi.Generic ) - warning
10:03:31.0406 5036 dqVDDrv - detected UnsignedFile.Multi.Generic (1)
10:03:31.0406 5036 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:03:31.0546 5036 drmkaud - ok
10:03:31.0562 5036 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
10:03:31.0609 5036 dtsoftbus01 - ok
10:03:31.0609 5036 dtsvc (f74f18dff9fb2797c3df33c75962ee2e) C:\WINDOWS\system32\DTS.exe
10:03:31.0625 5036 dtsvc ( UnsignedFile.Multi.Generic ) - warning
10:03:31.0625 5036 dtsvc - detected UnsignedFile.Multi.Generic (1)
10:03:31.0640 5036 e1yexpress (25c954c8e80eeca41dfc03946ef3fbf4) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
10:03:31.0687 5036 e1yexpress - ok
10:03:31.0703 5036 eamon (55e754e04c09daf19fc0054e72713d80) C:\WINDOWS\system32\DRIVERS\eamon.sys
10:03:31.0718 5036 eamon - ok
10:03:31.0734 5036 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
10:03:31.0843 5036 EapHost - ok
10:03:31.0859 5036 ehdrv (6f2441c26d74bde88c25e240a2720eeb) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
10:03:31.0890 5036 ehdrv - ok
10:03:31.0906 5036 EhttpSrv (ee0f138e023787de4d3f1c86a6907cc4) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
10:03:31.0921 5036 EhttpSrv - ok
10:03:31.0968 5036 ekrn (cd76857c30bb34d5d9e02a7c9de5fb9e) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
10:03:32.0281 5036 ekrn - ok
10:03:32.0296 5036 epfwtdir (a8317313533e02d573e9da4962ce1bad) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
10:03:32.0343 5036 epfwtdir - ok
10:03:32.0359 5036 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
10:03:32.0468 5036 ERSvc - ok
10:03:32.0484 5036 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:03:32.0500 5036 Eventlog - ok
10:03:32.0515 5036 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
10:03:32.0546 5036 EventSystem - ok
10:03:32.0593 5036 EvtEng (8597822f0e0eaa61a9ffd18778828792) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:03:32.0687 5036 EvtEng - ok
10:03:32.0703 5036 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:03:32.0812 5036 Fastfat - ok
10:03:32.0812 5036 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:03:32.0843 5036 FastUserSwitchingCompatibility - ok
10:03:32.0843 5036 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:03:32.0984 5036 Fdc - ok
10:03:33.0000 5036 FingerprintServer (f0213914c54cb202efd69968357e6386) C:\WINDOWS\system32\FpLogonServ.exe
10:03:33.0000 5036 FingerprintServer ( UnsignedFile.Multi.Generic ) - warning
10:03:33.0000 5036 FingerprintServer - detected UnsignedFile.Multi.Generic (1)
10:03:33.0000 5036 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:03:33.0140 5036 Fips - ok
10:03:33.0140 5036 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:03:33.0281 5036 Flpydisk - ok
10:03:33.0296 5036 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:03:33.0421 5036 FltMgr - ok
10:03:33.0437 5036 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:03:33.0453 5036 FontCache3.0.0.0 - ok
10:03:33.0453 5036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:03:33.0593 5036 Fs_Rec - ok
10:03:33.0609 5036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:03:33.0734 5036 Ftdisk - ok
10:03:33.0734 5036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:03:33.0750 5036 GEARAspiWDM - ok
10:03:33.0765 5036 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:03:33.0890 5036 Gpc - ok
10:03:33.0906 5036 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:03:34.0046 5036 HDAudBus - ok
10:03:34.0062 5036 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:03:34.0171 5036 helpsvc - ok
10:03:34.0187 5036 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
10:03:34.0296 5036 HidServ - ok
10:03:34.0312 5036 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:03:34.0437 5036 HidUsb - ok
10:03:34.0453 5036 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
10:03:34.0593 5036 hkmsvc - ok
10:03:34.0593 5036 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys
10:03:34.0640 5036 HPFXBULK - ok
10:03:34.0640 5036 hpn - ok
10:03:34.0656 5036 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
10:03:34.0671 5036 HTCAND32 - ok
10:03:34.0687 5036 htcnprot (04e3b3554076b8192a668efe88a682a1) C:\WINDOWS\system32\DRIVERS\htcnprot.sys
10:03:34.0703 5036 htcnprot - ok
10:03:34.0718 5036 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:03:34.0796 5036 HTTP - ok
10:03:34.0796 5036 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
10:03:34.0906 5036 HTTPFilter - ok
10:03:34.0906 5036 i2omgmt - ok
10:03:34.0921 5036 i2omp - ok
10:03:34.0921 5036 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:03:35.0078 5036 i8042prt - ok
10:03:35.0203 5036 ialm (7df53bb1f78de5dca8ac842868d34b01) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:03:35.0546 5036 ialm - ok
10:03:35.0578 5036 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
10:03:35.0593 5036 IBMPMDRV - ok
10:03:35.0593 5036 IBMPMSVC (06af18300c5b511a3d85c3e0b7909c10) C:\WINDOWS\system32\ibmpmsvc.exe
10:03:35.0609 5036 IBMPMSVC - ok
10:03:35.0671 5036 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:03:35.0984 5036 idsvc - ok
10:03:36.0000 5036 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:03:36.0140 5036 Imapi - ok
10:03:36.0140 5036 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
10:03:36.0265 5036 ImapiService - ok
10:03:36.0265 5036 ini910u - ok
10:03:36.0281 5036 IntelIde - ok
10:03:36.0296 5036 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:03:36.0421 5036 intelppm - ok
10:03:36.0437 5036 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:03:36.0593 5036 Ip6Fw - ok
10:03:36.0593 5036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:03:36.0703 5036 IpFilterDriver - ok
10:03:36.0718 5036 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:03:36.0843 5036 IpInIp - ok
10:03:36.0859 5036 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:03:37.0000 5036 IpNat - ok
10:03:37.0046 5036 iPod Service (32cdedd15e2d1a557cd54552ae78ff86) C:\Program Files\iPod\bin\iPodService.exe
10:03:37.0343 5036 iPod Service - ok
10:03:37.0359 5036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:03:37.0468 5036 IPSec - ok
10:03:37.0468 5036 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:03:37.0515 5036 IRENUM - ok
10:03:37.0531 5036 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:03:37.0656 5036 isapnp - ok
10:03:37.0671 5036 JavaQuickStarterService (bc0feada7a5a69787c70b03ebc51b582) C:\Program Files\Java\jre7\bin\jqs.exe
10:03:37.0703 5036 JavaQuickStarterService - ok
10:03:37.0703 5036 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:03:37.0812 5036 Kbdclass - ok
10:03:37.0828 5036 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:03:37.0937 5036 kbdhid - ok
10:03:37.0953 5036 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:03:38.0062 5036 kmixer - ok
10:03:38.0062 5036 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:03:38.0109 5036 KSecDD - ok
10:03:38.0125 5036 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
10:03:38.0140 5036 lanmanserver - ok
10:03:38.0156 5036 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
10:03:38.0171 5036 lanmanworkstation - ok
10:03:38.0171 5036 lbrtfdc - ok
10:03:38.0187 5036 LENOVO.MICMUTE (c88eb33793420a79f601fb5e33e2edd9) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
10:03:38.0203 5036 LENOVO.MICMUTE - ok
10:03:38.0203 5036 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
10:03:38.0234 5036 lenovo.smi - ok
10:03:38.0250 5036 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
10:03:38.0359 5036 LmHosts - ok
10:03:38.0375 5036 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
10:03:38.0390 5036 MBAMProtector - ok
10:03:38.0437 5036 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:03:38.0718 5036 MBAMService - ok
10:03:38.0718 5036 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
10:03:38.0843 5036 Messenger - ok
10:03:38.0843 5036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:03:38.0968 5036 mnmdd - ok
10:03:38.0984 5036 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
10:03:39.0093 5036 mnmsrvc - ok
10:03:39.0093 5036 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:03:39.0203 5036 Modem - ok
10:03:39.0218 5036 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:03:39.0343 5036 Mouclass - ok
10:03:39.0359 5036 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:03:39.0484 5036 mouhid - ok
10:03:39.0484 5036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:03:39.0593 5036 MountMgr - ok
10:03:39.0609 5036 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:03:39.0656 5036 MozillaMaintenance - ok
10:03:39.0656 5036 mraid35x - ok
10:03:39.0671 5036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:03:39.0828 5036 MRxDAV - ok
10:03:39.0843 5036 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:03:39.0890 5036 MRxSmb - ok
10:03:39.0906 5036 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
10:03:40.0015 5036 MSDTC - ok
10:03:40.0031 5036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:03:40.0171 5036 Msfs - ok
10:03:40.0187 5036 MSIServer - ok
10:03:40.0187 5036 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:03:40.0312 5036 MSKSSRV - ok
10:03:40.0328 5036 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:03:40.0453 5036 MSPCLOCK - ok
10:03:40.0453 5036 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:03:40.0562 5036 MSPQM - ok
10:03:40.0578 5036 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:03:40.0703 5036 mssmbios - ok
10:03:40.0703 5036 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:03:40.0843 5036 MSTEE - ok
10:03:40.0843 5036 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:03:40.0890 5036 Mup - ok
10:03:40.0906 5036 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:03:41.0046 5036 NABTSFEC - ok
10:03:41.0062 5036 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
10:03:41.0171 5036 napagent - ok
10:03:41.0187 5036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:03:41.0312 5036 NDIS - ok
10:03:41.0312 5036 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:03:41.0421 5036 NdisIP - ok
10:03:41.0421 5036 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:03:41.0468 5036 NdisTapi - ok
10:03:41.0468 5036 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:03:41.0609 5036 Ndisuio - ok
10:03:41.0609 5036 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:03:41.0718 5036 NdisWan - ok
10:03:41.0718 5036 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:03:41.0750 5036 NDProxy - ok
10:03:41.0750 5036 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\WINDOWS\system32\HPZinw12.dll
10:03:41.0750 5036 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:03:41.0750 5036 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:03:41.0765 5036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:03:41.0906 5036 NetBIOS - ok
10:03:41.0906 5036 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:03:42.0015 5036 NetBT - ok
10:03:42.0031 5036 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:03:42.0140 5036 NetDDE - ok
10:03:42.0156 5036 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
10:03:42.0265 5036 NetDDEdsdm - ok
10:03:42.0265 5036 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:03:42.0375 5036 Netlogon - ok
10:03:42.0390 5036 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
10:03:42.0500 5036 Netman - ok
10:03:42.0515 5036 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:03:42.0546 5036 NetTcpPortSharing - ok
10:03:42.0906 5036 NETw5x32 (e0e8dfcd98bdbe8468f0202a64541222) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
10:03:43.0562 5036 NETw5x32 - ok
10:03:43.0593 5036 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
10:03:43.0625 5036 Nla - ok
10:03:43.0640 5036 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:03:43.0765 5036 Npfs - ok
10:03:43.0812 5036 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:03:43.0984 5036 Ntfs - ok
10:03:43.0984 5036 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:03:44.0093 5036 NtLmSsp - ok
10:03:44.0125 5036 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
10:03:44.0265 5036 NtmsSvc - ok
10:03:44.0281 5036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:03:44.0406 5036 Null - ok
10:03:44.0421 5036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:03:44.0562 5036 NwlnkFlt - ok
10:03:44.0562 5036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:03:44.0859 5036 NwlnkFwd - ok
10:03:44.0875 5036 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:03:44.0890 5036 ose - ok
10:03:44.0890 5036 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:03:45.0031 5036 Parport - ok
10:03:45.0031 5036 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:03:45.0171 5036 PartMgr - ok
10:03:45.0171 5036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:03:45.0296 5036 ParVdm - ok
10:03:45.0312 5036 PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
10:03:45.0312 5036 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
10:03:45.0312 5036 PassThru Service - detected UnsignedFile.Multi.Generic (1)
10:03:45.0328 5036 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:03:45.0437 5036 PCI - ok
10:03:45.0453 5036 PCIDump - ok
10:03:45.0453 5036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:03:45.0609 5036 PCIIde - ok
10:03:45.0625 5036 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:03:45.0734 5036 Pcmcia - ok
10:03:45.0734 5036 PDCOMP - ok
10:03:45.0750 5036 PDFRAME - ok
10:03:45.0750 5036 PDRELI - ok
10:03:45.0765 5036 PDRFRAME - ok
10:03:45.0765 5036 perc2 - ok
10:03:45.0765 5036 perc2hib - ok
10:03:45.0796 5036 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
10:03:45.0812 5036 PlugPlay - ok
10:03:45.0812 5036 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\WINDOWS\system32\HPZipm12.dll
10:03:45.0828 5036 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:03:45.0828 5036 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:03:45.0828 5036 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:03:45.0937 5036 PolicyAgent - ok
10:03:45.0953 5036 Power Manager DBC Service (03622184b29fe20a2f3071ec9c5560ca) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
10:03:45.0953 5036 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning
10:03:45.0953 5036 Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)
10:03:45.0953 5036 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:03:46.0093 5036 PptpMiniport - ok
10:03:46.0093 5036 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:03:46.0203 5036 ProtectedStorage - ok
10:03:46.0218 5036 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
10:03:46.0234 5036 psadd - ok
10:03:46.0250 5036 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:03:46.0390 5036 PSched - ok
10:03:46.0406 5036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:03:46.0500 5036 Ptilink - ok
10:03:46.0500 5036 ql1080 - ok
10:03:46.0515 5036 Ql10wnt - ok
10:03:46.0515 5036 ql12160 - ok
10:03:46.0531 5036 ql1240 - ok
10:03:46.0531 5036 ql1280 - ok
10:03:46.0531 5036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:03:46.0671 5036 RasAcd - ok
10:03:46.0671 5036 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
10:03:46.0796 5036 RasAuto - ok
10:03:46.0796 5036 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:03:46.0937 5036 Rasl2tp - ok
10:03:46.0953 5036 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
10:03:47.0062 5036 RasMan - ok
10:03:47.0078 5036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:03:47.0203 5036 RasPppoe - ok
10:03:47.0218 5036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:03:47.0343 5036 Raspti - ok
10:03:47.0359 5036 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:03:47.0546 5036 Rdbss - ok
10:03:47.0546 5036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:03:47.0671 5036 RDPCDD - ok
10:03:47.0703 5036 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:03:47.0812 5036 rdpdr - ok
10:03:47.0828 5036 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
10:03:47.0875 5036 RDPWD - ok
10:03:47.0875 5036 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
10:03:48.0000 5036 RDSessMgr - ok
10:03:48.0000 5036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:03:48.0109 5036 redbook - ok
10:03:48.0140 5036 RegSrvc (7afcbe32616e08d45e4eaadb0a1dd5cf) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:03:48.0187 5036 RegSrvc - ok
10:03:48.0203 5036 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
10:03:48.0312 5036 RemoteAccess - ok
10:03:48.0328 5036 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
10:03:48.0437 5036 RemoteRegistry - ok
10:03:48.0437 5036 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
10:03:48.0546 5036 RpcLocator - ok
10:03:48.0578 5036 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
10:03:48.0625 5036 RpcSs - ok
10:03:48.0640 5036 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
10:03:48.0750 5036 RSVP - ok
10:03:48.0812 5036 S24EventMonitor (17a717278a538543c93b64cf5cb3ff31) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
10:03:49.0109 5036 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
10:03:49.0109 5036 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
10:03:49.0109 5036 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:03:49.0125 5036 s24trans - ok
10:03:49.0140 5036 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
10:03:49.0234 5036 SamSs - ok
10:03:49.0250 5036 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
10:03:49.0359 5036 SCardSvr - ok
10:03:49.0375 5036 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
10:03:49.0484 5036 Schedule - ok
10:03:49.0500 5036 ScrProj (97ed6bd999e1eb6125488f9e730755c5) C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqscrproj.exe
10:03:49.0500 5036 ScrProj ( UnsignedFile.Multi.Generic ) - warning
10:03:49.0500 5036 ScrProj - detected UnsignedFile.Multi.Generic (1)
10:03:49.0515 5036 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:03:49.0593 5036 Secdrv - ok
10:03:49.0593 5036 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
10:03:49.0703 5036 seclogon - ok
10:03:49.0703 5036 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
10:03:49.0812 5036 SENS - ok
10:03:49.0828 5036 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
10:03:49.0984 5036 Serial - ok
10:03:50.0000 5036 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:03:50.0140 5036 Sfloppy - ok
10:03:50.0156 5036 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
10:03:50.0531 5036 SharedAccess - ok
10:03:50.0546 5036 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:03:50.0562 5036 ShellHWDetection - ok
10:03:50.0578 5036 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
10:03:50.0640 5036 Shockprf - ok
10:03:50.0640 5036 Simbad - ok
10:03:50.0656 5036 SlingAgentService (e15176399af40b56ac09a823708b85d7) C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
10:03:50.0671 5036 SlingAgentService - ok
10:03:50.0671 5036 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:03:50.0812 5036 SLIP - ok
10:03:50.0812 5036 Sparrow - ok
10:03:50.0828 5036 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:03:50.0921 5036 splitter - ok
10:03:50.0937 5036 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
10:03:50.0953 5036 Spooler - ok
10:03:50.0968 5036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:03:51.0062 5036 sr - ok
10:03:51.0078 5036 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
10:03:51.0140 5036 srservice - ok
10:03:51.0156 5036 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:03:51.0468 5036 Srv - ok
10:03:51.0484 5036 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
10:03:51.0546 5036 SSDPSRV - ok
10:03:51.0562 5036 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
10:03:51.0703 5036 stisvc - ok
10:03:51.0703 5036 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:03:51.0828 5036 streamip - ok
10:03:51.0843 5036 SUService (f1262146970c5b73159e3727acde8278) C:\Program Files\Lenovo\System Update\SUService.exe
10:03:51.0843 5036 SUService ( UnsignedFile.Multi.Generic ) - warning
10:03:51.0843 5036 SUService - detected UnsignedFile.Multi.Generic (1)
10:03:51.0859 5036 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:03:51.0984 5036 swenum - ok
10:03:51.0984 5036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:03:52.0156 5036 swmidi - ok
10:03:52.0156 5036 SwPrv - ok
10:03:52.0156 5036 symc810 - ok
10:03:52.0171 5036 symc8xx - ok
10:03:52.0171 5036 sym_hi - ok
10:03:52.0187 5036 sym_u3 - ok
10:03:52.0187 5036 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:03:52.0296 5036 sysaudio - ok
10:03:52.0312 5036 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
10:03:52.0421 5036 SysmonLog - ok
10:03:52.0437 5036 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
10:03:52.0562 5036 TapiSrv - ok
10:03:52.0578 5036 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:03:52.0890 5036 Tcpip - ok
10:03:52.0906 5036 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:03:53.0031 5036 TDPIPE - ok
10:03:53.0031 5036 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:03:53.0140 5036 TDTCP - ok
10:03:53.0156 5036 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:03:53.0265 5036 TermDD - ok
10:03:53.0281 5036 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
10:03:53.0390 5036 TermService - ok
10:03:53.0406 5036 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
10:03:53.0421 5036 Themes - ok
10:03:53.0453 5036 ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
10:03:53.0765 5036 ThinkVantage Registry Monitor Service - ok
10:03:53.0781 5036 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
10:03:53.0828 5036 TlntSvr - ok
10:03:53.0828 5036 TosIde - ok
10:03:53.0843 5036 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
10:03:53.0875 5036 TPDIGIMN - ok
10:03:53.0890 5036 TPHDEXLGSVC (3775e4aa5f72264dbab7a578dd913ecf) C:\WINDOWS\system32\TPHDEXLG.exe
10:03:53.0906 5036 TPHDEXLGSVC - ok
10:03:53.0906 5036 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
10:03:53.0937 5036 TPHKDRV - ok
10:03:53.0937 5036 TPHKSVC (2cf225e19490f499528b926263fe4554) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
10:03:53.0953 5036 TPHKSVC - ok
10:03:53.0953 5036 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
10:03:53.0968 5036 tpm ( UnsignedFile.Multi.Generic ) - warning
10:03:53.0968 5036 tpm - detected UnsignedFile.Multi.Generic (1)
10:03:53.0968 5036 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
10:03:54.0000 5036 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
10:03:54.0000 5036 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
10:03:54.0000 5036 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
10:03:54.0125 5036 TrkWks - ok
10:03:54.0187 5036 TVT Scheduler (e9ea448f1174be4052416b62263ea4ee) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
10:03:54.0718 5036 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
10:03:54.0718 5036 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
10:03:54.0718 5036 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:03:54.0859 5036 Udfs - ok
10:03:54.0859 5036 ultra - ok
10:03:54.0984 5036 UNS (69975db5aff9918a4138f3781e9ca009) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
10:03:55.0343 5036 UNS - ok
10:03:55.0406 5036 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:03:55.0578 5036 Update - ok
10:03:55.0593 5036 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
10:03:55.0640 5036 upnphost - ok
10:03:55.0656 5036 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
10:03:55.0765 5036 UPS - ok
10:03:55.0765 5036 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:03:55.0828 5036 USBAAPL - ok
10:03:55.0843 5036 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
10:03:56.0203 5036 usbaudio - ok
10:03:56.0218 5036 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:03:56.0343 5036 usbccgp - ok
10:03:56.0343 5036 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:03:56.0484 5036 usbehci - ok
10:03:56.0484 5036 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:03:56.0640 5036 usbhub - ok
10:03:56.0640 5036 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:03:56.0750 5036 usbprint - ok
10:03:56.0750 5036 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:03:56.0875 5036 usbscan - ok
10:03:56.0890 5036 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:03:56.0984 5036 USBSTOR - ok
10:03:57.0000 5036 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:03:57.0125 5036 usbuhci - ok
10:03:57.0140 5036 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:03:57.0250 5036 usbvideo - ok
10:03:57.0250 5036 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
10:03:57.0390 5036 usb_rndisx - ok
10:03:57.0390 5036 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:03:57.0515 5036 VgaSave - ok
10:03:57.0531 5036 ViaIde - ok
10:03:57.0531 5036 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:03:57.0656 5036 VolSnap - ok
10:03:57.0671 5036 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
10:03:57.0750 5036 VSS - ok
10:03:57.0750 5036 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
10:03:57.0875 5036 W32Time - ok
10:03:57.0875 5036 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:03:58.0015 5036 Wanarp - ok
10:03:58.0046 5036 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:03:58.0109 5036 Wdf01000 - ok
10:03:58.0109 5036 WDICA - ok
10:03:58.0125 5036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:03:58.0218 5036 wdmaud - ok
10:03:58.0234 5036 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
10:03:58.0343 5036 WebClient - ok
10:03:58.0359 5036 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
10:03:58.0468 5036 winmgmt - ok
10:03:58.0484 5036 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
10:03:58.0515 5036 WmdmPmSN - ok
10:03:58.0546 5036 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
10:03:58.0859 5036 Wmi - ok
10:03:58.0859 5036 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:03:58.0953 5036 WmiAcpi - ok
10:03:58.0984 5036 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:03:59.0093 5036 WmiApSrv - ok
10:03:59.0140 5036 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
10:03:59.0468 5036 WMPNetworkSvc - ok
10:03:59.0531 5036 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:03:59.0828 5036 WPFFontCache_v0400 - ok
10:03:59.0859 5036 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:03:59.0984 5036 WS2IFSL - ok
10:03:59.0984 5036 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
10:04:00.0109 5036 wscsvc - ok
10:04:00.0109 5036 WSearch - ok
10:04:00.0125 5036 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:04:00.0218 5036 WSTCODEC - ok
10:04:00.0234 5036 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
10:04:00.0343 5036 wuauserv - ok
10:04:00.0343 5036 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:04:00.0390 5036 WudfPf - ok
10:04:00.0406 5036 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:04:00.0421 5036 WudfRd - ok
10:04:00.0421 5036 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
10:04:00.0453 5036 WudfSvc - ok
10:04:00.0484 5036 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
10:04:01.0078 5036 WZCSVC - ok
10:04:01.0078 5036 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
10:04:01.0187 5036 xmlprov - ok
10:04:01.0218 5036 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:04:01.0562 5036 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:04:01.0562 5036 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:04:01.0562 5036 Boot (0x1200) (fd6acd789d9547e7119d34188676f8a2) \Device\Harddisk0\DR0\Partition0
10:04:01.0562 5036 \Device\Harddisk0\DR0\Partition0 - ok
10:04:01.0562 5036 ============================================================
10:04:01.0562 5036 Scan finished
10:04:01.0562 5036 ============================================================
10:04:01.0671 4532 Detected object count: 18
10:04:01.0671 4532 Actual detected object count: 18
10:04:38.0406 4532 ADMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0406 4532 ADMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0406 4532 ALvldr ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0406 4532 ALvldr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0406 4532 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0406 4532 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0406 4532 dqbridge ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0406 4532 dqbridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0406 4532 dqVDDrv ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0406 4532 dqVDDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0421 4532 dtsvc ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0421 4532 dtsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0421 4532 FingerprintServer ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0421 4532 FingerprintServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0421 4532 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0421 4532 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0421 4532 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0421 4532 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0421 4532 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0421 4532 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0421 4532 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0421 4532 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0421 4532 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0421 4532 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0437 4532 ScrProj ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0437 4532 ScrProj ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0437 4532 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0437 4532 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0437 4532 tpm ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0437 4532 tpm ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0437 4532 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0437 4532 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0437 4532 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:38.0437 4532 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:38.0437 4532 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:04:38.0437 4532 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:06:24.0218 5264 Deinitialize success

2) Malwarebytes Log

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
d :: BCS-FF2C23D2798 [administrator]

Protection: Enabled

7/23/2012 10:08:21 AM
mbam-log-2012-07-23 (10-08-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | PUP | PUM
Scan options disabled: Heuristics/Shuriken | P2P
Objects scanned: 187666
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

3) aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 10:13:03
-----------------------------
10:13:03.171 OS Version: Windows 5.1.2600 Service Pack 3
10:13:03.171 Number of processors: 2 586 0x1706
10:13:03.171 ComputerName: BCS-FF2C23D2798 UserName: d
10:13:03.703 Initialize success
10:14:34.687 AVAST engine defs: 12072301
10:14:40.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:14:40.375 Disk 0 Vendor: SAMSUNG_MMCQE28G8MUP-0VA VAM08L1Q Size: 122104MB BusType: 3
10:14:40.390 Disk 0 MBR read successfully
10:14:40.390 Disk 0 MBR scan
10:14:40.406 Disk 0 Windows XP default MBR code
10:14:40.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 117153 MB offset 2048
10:14:40.406 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4949 MB offset 239931392
10:14:40.421 Disk 0 scanning sectors +250066944
10:14:40.437 Disk 0 scanning C:\WINDOWS\system32\drivers
10:14:52.343 Service scanning
10:15:12.218 Modules scanning
10:15:14.890 Disk 0 trace - called modules:
10:15:14.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:15:14.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab94030]
10:15:14.921 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\00000079[0x8abbd260]
10:15:14.921 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac2ed98]
10:15:15.406 AVAST engine scan C:\WINDOWS
10:15:20.500 AVAST engine scan C:\WINDOWS\system32
10:18:08.890 AVAST engine scan C:\WINDOWS\system32\drivers
10:18:22.890 AVAST engine scan C:\Documents and Settings\d
10:21:14.078 AVAST engine scan C:\Documents and Settings\All Users
10:21:25.218 Scan finished successfully
10:21:37.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\d\Desktop\MBR.dat"
10:21:37.734 The log file has been saved successfully to "C:\Documents and Settings\d\Desktop\aswMBR.txt"

4) Fresh DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.5.0
Run by d at 10:22:11 on 2012-07-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2968.1688 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\RotateImage\RCIMGDIR.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dCute.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Apoint2K\Apntex.exe
svchost.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqscrproj.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqScrProxy.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\d\Desktop\aswMBR.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RotateImage] c:\program files\rotateimage\RCIMGDIR.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TpShocks] TpShocks.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Lenovo dCute] "c:\program files\lenovo\lenovo usb port replicator with digital video\dCute.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341536361125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{821D4603-DA1E-47B9-8BD9-E97EEBC1D518} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\d\application data\mozilla\firefox\profiles\i2udtmcg.default\
FF - plugin: c:\documents and settings\d\application data\mozilla\firefox\profiles\i2udtmcg.default\extensions\{9eb34849-81d3-4841-939d-666d522b889a}\plugins\npSlingPlayer.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 ALvldr;ALvldr;c:\windows\system32\drivers\ALvldr.sys [2011-5-16 29656]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-9-21 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 dqbridge;dqbridge;c:\windows\system32\drivers\dqbridge.sys [2011-5-16 55256]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-9 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-2-22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-2-22 95872]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-9-20 13480]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2010-2-5 1824064]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2011-4-10 5240168]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-9-21 132456]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-2-5 98304]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-2-22 810120]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2010-2-5 118784]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-5 655944]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-3-23 87040]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-9-21 53248]
R2 ScrProj;Lenovo USB Display Screen Projector;c:\program files\lenovo\lenovo usb port replicator with digital video\dqscrproj.exe [2011-5-16 85464]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2010-11-3 94024]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-9-27 63928]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-9-20 2058776]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\RCUVCMNP.sys [2010-9-20 187776]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-9-20 661448]
R3 DisplayLinkFilter;DisplayLinkFilter;c:\windows\system32\drivers\DisplayLinkFilter.sys [2011-4-10 7296]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2011-4-10 24448]
R3 dqVDDrv;dqVDDrv;c:\windows\system32\drivers\dqVDDrvK.sys [2010-7-14 19928]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-9-19 243856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-5 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-9-27 45496]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-2-5 106496]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 dqusb;Driver for Lenovo USB port rep;c:\windows\system32\drivers\dqusb.sys [2010-7-14 25560]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-5-28 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-23 04:46:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-23 04:46:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-23 01:33:08 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-23 01:22:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-23 01:22:09 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-23 00:38:32 -------- d-----w- c:\program files\Oracle
2012-07-23 00:38:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-22 22:12:18 -------- d-----w- c:\documents and settings\d\local settings\application data\ESET
2012-07-22 20:42:01 -------- d-----w- c:\program files\ESET
2012-07-22 19:57:19 98816 ----a-w- c:\windows\sed.exe
2012-07-22 19:57:19 518144 ----a-w- c:\windows\SWREG.exe
2012-07-22 19:57:19 256000 ----a-w- c:\windows\PEV.exe
2012-07-22 19:57:19 208896 ----a-w- c:\windows\MBR.exe
2012-07-20 23:30:11 -------- d-----w- c:\documents and settings\d\local settings\application data\CutePDF Writer
2012-07-20 23:29:44 -------- d-----w- c:\program files\GPLGS
2012-07-20 23:28:14 88656 ----a-w- c:\windows\system32\cpwmon2k.dll
2012-07-20 23:28:05 -------- d-----w- c:\program files\Acro Software
2012-07-17 22:44:15 -------- d-----w- c:\program files\SystemRequirementsLab
2012-07-17 22:22:51 -------- d-----w- c:\program files\Lenovo USB Port Replicator
2012-07-06 01:01:14 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-07-06 01:01:14 3072 ------w- c:\windows\system32\iacenc.dll
2012-07-06 00:59:41 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-05 23:29:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:17:45 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-03 13:17:45 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
==================== Find3M ====================
.
2012-07-23 00:37:00 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 10:22:30.90 ===============

[Maniac]

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

10:04:38.0437 4532 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:04:38.0437 4532 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[jgowell21]

1) Removed that entry as suggested. Let me know if you want to see the log.

2) Combofix log

ComboFix 12-07-21.01 - d 07/23/2012 11:26:04.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2968.1942 [GMT -4:00]
Running from: c:\documents and settings\d\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 04:46 . 2012-07-23 04:46 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-23 04:46 . 2012-07-23 04:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-23 01:33 . 2012-07-23 15:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-23 01:22 . 2012-07-23 01:22 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-23 00:39 . 2012-07-23 00:39 -------- d-----w- c:\program files\Common Files\Java
2012-07-23 00:38 . 2012-07-23 00:38 -------- d-----w- c:\program files\Oracle
2012-07-23 00:38 . 2012-07-23 00:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-23 00:36 . 2012-07-23 00:36 -------- d-----w- c:\program files\Java
2012-07-23 00:36 . 2012-07-23 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-07-22 22:12 . 2012-07-22 22:12 -------- d-----w- c:\documents and settings\d\Local Settings\Application Data\ESET
2012-07-22 20:42 . 2012-07-22 20:42 -------- d-----w- c:\program files\ESET
2012-07-22 20:42 . 2012-07-22 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-07-22 02:15 . 2012-07-22 02:15 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-07-20 23:30 . 2012-07-20 23:31 -------- d-----w- c:\documents and settings\d\Local Settings\Application Data\CutePDF Writer
2012-07-20 23:29 . 2012-07-20 23:29 -------- d-----w- c:\program files\GPLGS
2012-07-20 23:28 . 2012-03-11 18:55 88656 ----a-w- c:\windows\system32\cpwmon2k.dll
2012-07-20 23:28 . 2012-07-20 23:28 -------- d-----w- c:\program files\Acro Software
2012-07-17 22:44 . 2012-07-17 22:44 -------- d-----w- c:\program files\SystemRequirementsLab
2012-07-17 22:44 . 2012-07-17 22:44 -------- d-----w- c:\documents and settings\d\Application Data\SystemRequirementsLab
2012-07-17 22:22 . 2012-07-17 22:22 -------- d-----w- c:\program files\Lenovo USB Port Replicator
2012-07-15 08:13 . 2012-07-15 08:13 -------- d-s---w- c:\documents and settings\LocalService\UserData
2012-07-06 01:01 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-07-06 01:01 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-07-06 00:59 . 2012-06-02 19:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-05 23:29 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:17 . 2012-07-03 13:17 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-03 13:17 . 2012-07-03 13:17 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 00:37 . 2012-05-28 23:16 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-13 13:19 . 2008-04-14 06:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 10:42 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 10:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2010-09-20 16:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 04:32 . 2008-04-14 10:42 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 02:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-09-20 16:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-09-20 16:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-08-07 02:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2010-09-28 01:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2010-09-20 16:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2010-09-20 16:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2008-04-14 10:41 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 02:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-09-20 16:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-09-20 16:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2008-04-14 10:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-28 22:59 . 2012-05-28 22:59 1915071 ----a-w- C:\mini-adb_tbolt2.zip
2012-05-16 07:58 . 2008-04-14 10:42 667136 ----a-w- c:\windows\system32\wininet.dll
2012-05-04 13:16 . 2008-04-14 05:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-09-20 16:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-17 22:04 . 2011-12-28 06:56 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-22_20.06.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-23 07:24 . 2012-07-23 07:24 16384 c:\windows\Temp\Perflib_Perfdata_c50.dat
+ 2004-08-04 10:00 . 2012-07-23 01:10 90122 c:\windows\system32\perfc009.dat
+ 2010-02-22 20:51 . 2010-02-22 20:51 95872 c:\windows\system32\drivers\epfwtdir.sys
+ 2012-07-22 20:43 . 2012-07-22 20:43 10134 c:\windows\Installer\{87B8375F-AAC4-417D-BB00-2EE6FBF898E7}\callmsi.exe
+ 2012-07-05 16:56 . 2012-07-23 01:23 972968 c:\windows\system32\Restore\rstrlog.dat
+ 2004-08-04 10:00 . 2012-07-23 01:10 507488 c:\windows\system32\perfh009.dat
+ 2012-07-23 04:46 . 2012-07-23 04:46 686280 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe
- 2012-04-10 13:41 . 2012-07-04 00:13 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-10 13:41 . 2012-07-23 04:46 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-23 00:38 . 2012-07-23 00:37 227824 c:\windows\system32\javaws.exe
+ 2012-07-23 00:38 . 2012-07-23 00:37 174064 c:\windows\system32\javaw.exe
+ 2012-07-23 00:38 . 2012-07-23 00:37 174064 c:\windows\system32\java.exe
+ 2010-09-20 08:49 . 2012-07-23 07:24 204120 c:\windows\system32\FNTCACHE.DAT
- 2010-09-20 08:49 . 2012-07-06 02:44 204120 c:\windows\system32\FNTCACHE.DAT
+ 2010-02-22 20:50 . 2010-02-22 20:50 114984 c:\windows\system32\drivers\ehdrv.sys
+ 2010-02-22 20:47 . 2010-02-22 20:47 139192 c:\windows\system32\drivers\eamon.sys
+ 2008-04-14 10:42 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
+ 2010-09-20 16:01 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
- 2010-09-20 16:01 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2012-07-22 20:55 . 2012-07-22 20:55 500736 c:\windows\Installer\5aca2a.msi
+ 2012-07-22 20:43 . 2012-07-22 20:43 950272 c:\windows\Installer\5aca23.msi
+ 2012-07-23 00:38 . 2012-07-23 00:38 461312 c:\windows\Installer\503bbf.msi
+ 2012-07-23 00:36 . 2012-07-23 00:36 863744 c:\windows\Installer\503bbe.msi
+ 2012-07-22 20:43 . 2012-07-22 20:43 101480 c:\windows\Installer\{87B8375F-AAC4-417D-BB00-2EE6FBF898E7}\egui.exe
+ 2012-06-25 20:07 . 2012-06-25 20:07 1394248 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.30.2114.0_x-ww_ea694a9a\msxml4.dll
+ 2008-04-14 10:42 . 2012-06-08 14:26 8462848 c:\windows\system32\shell32.dll
+ 2012-07-23 04:46 . 2012-07-23 04:46 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
+ 2008-04-14 06:00 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2008-04-14 10:42 . 2012-06-08 14:26 8462848 c:\windows\system32\dllcache\shell32.dll
- 2008-04-14 10:42 . 2009-07-31 17:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-04-14 10:42 . 2012-06-05 15:50 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2008-04-14 10:42 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-04-14 10:42 . 2012-06-05 15:50 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2010-09-20 13:46 . 2012-07-03 07:13 57442464 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RotateImage"="c:\program files\RotateImage\RCIMGDIR.exe" [2008-10-30 31744]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-09 176128]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 357400]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2010-08-25 517480]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-17 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-17 170008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-17 145432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2009-10-06 30264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Lenovo dCute"="c:\program files\Lenovo\Lenovo USB Port Replicator with Digital Video\dCute.exe" [2011-05-16 676312]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-22 2140880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2010-02-05 10:44 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2/5/2010 6:39 AM 1824064]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [4/10/2011 4:06 PM 5240168]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [9/21/2010 2:22 AM 132456]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2/5/2010 6:43 AM 98304]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/22/2010 4:50 PM 810120]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2/5/2010 6:44 AM 118784]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/5/2012 7:30 PM 655944]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [3/23/2012 2:25 PM 87040]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [9/21/2010 2:22 AM 53248]
R2 ScrProj;Lenovo USB Display Screen Projector;c:\program files\Lenovo\Lenovo USB Port Replicator with Digital Video\dqscrproj.exe [5/16/2011 3:49 PM 85464]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [11/3/2010 7:19 PM 94024]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [9/27/2010 8:09 PM 63928]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [9/20/2010 2:58 PM 2058776]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [9/27/2010 8:09 PM 45496]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2/5/2010 6:43 AM 106496]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:13 AM 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 00615313
*NewlyCreated* - 10270388
*NewlyCreated* - ASWMBR
*Deregistered* - 00615313
*Deregistered* - 10270388
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-09-21 05:28]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\d\Application Data\Mozilla\Firefox\Profiles\i2udtmcg.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-23 11:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\04\01\1e\139\15?"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (Administrators)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
"LastWPAEventLogged"=hex:da,07,09,00,01,00,14,00,10,00,09,00,0b,00,5d,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(492)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-07-23 11:32:06
ComboFix-quarantined-files.txt 2012-07-23 15:32
.
Pre-Run: 1,041,076,224 bytes free
Post-Run: 1,583,157,248 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - D79B831513B055057E737492EB28D003

[Maniac]

Good!

Please update your NOD32 and perform a full system scan, then post the log file in your next reply.
http://kb.eset.com/e...d=1343058433839

[jgowell21]

Here is the Log from my ESET Scan (only 2 "new" items were found; the other 8 "cleaned" items were those previously reported by TDSSKiller as noted in my original post).

<?xml version="1.0" encoding="utf-8" ?>
- <ESET>
- <LOG>
- <RECORD>
<COLUMN NAME="Log">Scan Log</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">Version of virus signature database: 7322 (20120723)</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">Date: 7/23/2012 Time: 11:54:39 AM</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\hiberfil.sys - error opening [4]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\mini-adb_tbolt2.zip » ZIP » psneuter - Android/Exploit.Lotoor.AK trojan</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\pagefile.sys - error opening [4]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\Retail- Controls.engt » ZIP » -US02.1 Retail - Controls/14dfdcbd-481b-48e9-9ba4-195eada4a288/14dfdcbd-481b-48e9-9ba4-195eada4a288.BAK - error - unknown compression method</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\Retail- Controls.engt » ZIP » -US02.1 Retail - Controls/14dfdcbd-481b-48e9-9ba4-195eada4a288/BusinessUnit.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\Retail- Controls.engt » ZIP » -US02.1 Retail - Controls/14dfdcbd-481b-48e9-9ba4-195eada4a288/BusinessUnitQns.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\Retail- Controls.engt » ZIP » -US02.1 Retail - Controls/14dfdcbd-481b-48e9-9ba4-195eada4a288/EngagementProfile.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\Retail- Controls.engt » ZIP » -US02.1 Retail - Controls/14dfdcbd-481b-48e9-9ba4-195eada4a288/EngagementVersionInfo.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 1- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-17-35 PM.eng » ZIP » -Build 1- ICA Pretty Liquid 2011/de8fb99f-6773-4c0a-a970-761656975f51/BusinessUnit.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 1- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-17-35 PM.eng » ZIP » -Build 1- ICA Pretty Liquid 2011/de8fb99f-6773-4c0a-a970-761656975f51/BusinessUnitQns.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 1- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-17-35 PM.eng » ZIP » -Build 1- ICA Pretty Liquid 2011/de8fb99f-6773-4c0a-a970-761656975f51/EngagementProfile.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 1- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-17-35 PM.eng » ZIP » -Build 1- ICA Pretty Liquid 2011/de8fb99f-6773-4c0a-a970-761656975f51/EngagementVersionInfo.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 1- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-17-35 PM.eng » ZIP » -Build 1- ICA Pretty Liquid 2011/de8fb99f-6773-4c0a-a970-761656975f51/de8fb99f-6773-4c0a-a970-761656975f51.BAK - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 2- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-18-25 PM.eng » ZIP » -Build 2- ICA Pretty Liquid 2011/07bb12ea-ff2a-4f49-b93f-02c283bc3de0/07bb12ea-ff2a-4f49-b93f-02c283bc3de0.BAK - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 2- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-18-25 PM.eng » ZIP » -Build 2- ICA Pretty Liquid 2011/07bb12ea-ff2a-4f49-b93f-02c283bc3de0/BusinessUnit.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 2- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-18-25 PM.eng » ZIP » -Build 2- ICA Pretty Liquid 2011/07bb12ea-ff2a-4f49-b93f-02c283bc3de0/BusinessUnitQns.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 2- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-18-25 PM.eng » ZIP » -Build 2- ICA Pretty Liquid 2011/07bb12ea-ff2a-4f49-b93f-02c283bc3de0/EngagementProfile.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Build 2- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-18-25 PM.eng » ZIP » -Build 2- ICA Pretty Liquid 2011/07bb12ea-ff2a-4f49-b93f-02c283bc3de0/EngagementVersionInfo.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Final- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-19-20 PM.eng » ZIP » -Final- ICA Pretty Liquid 2011/8add8dd0-4911-4cef-84b0-f77083ea7a3d/8add8dd0-4911-4cef-84b0-f77083ea7a3d.BAK - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Final- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-19-20 PM.eng » ZIP » -Final- ICA Pretty Liquid 2011/8add8dd0-4911-4cef-84b0-f77083ea7a3d/BusinessUnit.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Final- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-19-20 PM.eng » ZIP » -Final- ICA Pretty Liquid 2011/8add8dd0-4911-4cef-84b0-f77083ea7a3d/BusinessUnitQns.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Final- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-19-20 PM.eng » ZIP » -Final- ICA Pretty Liquid 2011/8add8dd0-4911-4cef-84b0-f77083ea7a3d/EngagementProfile.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Desktop\dylan\Training 2011\Info. at training 2011\Pretty Liquid Builds\_Final- ICA Pretty Liquid 2011_Taylor Cook_4-7-2011 6-19-20 PM.eng » ZIP » -Final- ICA Pretty Liquid 2011/8add8dd0-4911-4cef-84b0-f77083ea7a3d/EngagementVersionInfo.xml - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Local Settings\Application Data\Identities\{F47FDC73-345A-491C-A75F-BF15193BA2A4}\Microsoft\Outlook Express\Inbox.dbx » DBX - is OK (internal scanning not performed)</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2\29636cc2-72519e87 » ZIP » vjlkintv - a variant of Win32/Kryptik.AIUD trojan</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\1BD6C0069E5D.rar.part » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\653D54609706.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\7BD1D041EC5E.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\7D07244EFAE1.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\84D44A2EBC58.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\9CF49EB6C419.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\A2A504162D6B.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\B6DCF57DD561.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\bitdefender-rescue-cd.iso » ISO » FILESYSTEM.SQUASHFS - archive damaged</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\com207.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\D6AAFB86FC4B.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\EF89851ECB03.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\F2B52FCC02AC.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\jxpiinstall.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\jxpiinstall.exe » CAB » task.xml - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\jxpiinstall.exe » CAB » task64.xml - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\spybotsd162.exe » INNO » {app}\Plugins\Fennel.dll - is OK</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\TC009.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\Downloads\tensah.rar » RAR - error - password-protected file</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\Documents and Settings\d\My Documents\My Pictures\Singapore video\Singapore video.part01.rar » RAR » Singapore video 001.avi - next archive volume not found</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\sdk\java-jre-6u24.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\sdk\java-jre-6u24.exe » CAB » task.xml - next archive volume not found</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023565.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023565.exe » CAB » task.xml - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023565.exe » CAB » task64.xml - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023566.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023566.exe » CAB » task.xml - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP181\A0023566.exe » CAB » task64.xml - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029438.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029438.exe » CAB » task.xml - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029438.exe » CAB » task64.xml - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029439.exe » CAB » jusched - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029439.exe » CAB » task.xml - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\System Volume Information\_restore{7C59ACA9-2685-42C0-AF46-B455290E6960}\RP183\A0029439.exe » CAB » task64.xml - archive damaged - the file could not be extracted.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0001.dta - Win32/Olmarik.AYI trojan - cleaned by deleting - quarantined [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0002.dta - Win64/Olmarik.AK trojan - cleaned by deleting - quarantined [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0003.dta - Win32/Olmarik.AYH trojan - cleaned by deleting - quarantined [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0004.dta - Win64/Olmarik.AL trojan - cleaned by deleting - quarantined [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0005.dta - Win32/Olmarik.AWO trojan - cleaned by deleting - quarantined [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0006.dta - Win64/Olmarik.AK trojan - cleaned by deleting - quarantined [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0010.dta - Win32/Olmarik.AFK trojan - cleaned by deleting - quarantined [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">C:\TDSSKiller_Quarantine\23.07.2012_11.21.43\tdlfs0000\tsk0011.dta - Win64/Olmarik.AK trojan - cleaned by deleting - quarantined [1]</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">Number of scanned objects: 166527</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">Number of threats found: 10</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">Number of cleaned objects: 8</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">Time of completion: 12:42:39 PM Total scanning time: 2880 sec (00:48:00)</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log" />
</RECORD>
- <RECORD>
<COLUMN NAME="Log">Notes:</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">[1] Object has been deleted as it only contained the virus body.</COLUMN>
</RECORD>
- <RECORD>
<COLUMN NAME="Log">[4] Object cannot be opened. It may be in use by another application or operating system.</COLUMN>
</RECORD>
</LOG>
</ESET>

[Maniac]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, then click Remove JRE.
  
• Run the built-in uninstallers for all copies of java listed
  
• Click the Next button
  
• Click the Next button again
  
• Click the Java Manual Download link
  
• A browser window will open with the Java download page
  
• Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your system's version)
  
• Run the installer
  
• Close JavaRa

[jgowell21]

I ran JavaRa and clicked on "Remove Older Versions." Once that was completed, where do you see the "Next" button and "Java Manual Download" link? I clicked on "Search for Updates -->Update Using SunJava website" but an IE window popped up with no link/webpage displayed

[Maniac]

Okay, open your browser at enter http://java.com/en/d...l.jsp?locale=en . Proceed further.

[jgowell21]

Clicked the provided link. After I downloaded the Windows version, when I double-clicked the .exe file to install, it told me "Another version of this product is already installed..." so I went to add/remove programs in my Control Panel, noticed the only Java item listed was "Java ™ 7 Update 5" but when I try to remove/uninstall it, it tells me "Fatal Error during Installation" (even though I am trying to Uninstall it).

Please advise.

[jgowell21]

One more thing I want to note is that I disabled my ESET NOD32 AV while trying to install/uninstall, and I had all browsers closed to it could not interfere with the process.

[Maniac]

Reboot and try again with JavaRa.

[jgowell21]

Would I use this option:

"Search for Updates -->Update Using SunJava website"?

[Maniac]

First try my suggestion, then you could try this.

[jgowell21]

Not quite sure what you mean by "try my suggestion." Wasn't your suggestion to use JavaRa to get rid of any previous versions and then to install a new one? The option I was asking about is in regards to JavaRa.

[Maniac]

I mean to remove Java with JavaRa after reboot. If there is no success, try to update it.

[jgowell21]

Tried again after reboot:

Used JavaRa and clicked on Remove Older Versions. Then went to Add/Remove Programs in CP and tried to Uninstall "Java 7 Update 5" but received the same "Fatal" error message. Tried to install via downloaded exe on Sun Java's website and received same error message that other versions were already installed.

Went back to JavaRa, clicked "search for updates --> Update using Sun Java website" and got the IE window with nothing displayed

[Maniac]

Check if you Java is running good.
http://java.com/en/d...etect=jre&try=1

Let me know.

[jgowell21]

Yes it says "You have the recommended Java installed (Version 7 Update 5)." However, should it concern me that I cannot seem to uninstall it as previously mentioned? Also, when I click on "start menu --> run" and type it "%appdata%" (without the quotes) I see folders for both Sun and Oracle; shouldn't there only be either Sun or Oracle and not both?