Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard Disk reposne slow down after a few days


  • This topic is locked This topic is locked
15 replies to this topic

#1 pzahra

pzahra

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 04 February 2014 - 12:11 AM

My computer seems to slow down after a few days of use,  I reboot it and things seem to clear up ,  Then it slows down again,  I can hear my disk drive trying to seeking and trying. Everything slows down,  opening my browser and connecting to a site liek yahoo, is very slow.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Paul at 21:03:45 on 2014-02-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3820.1754 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe
C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\node.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Symantec\VIP Access Client\GreenList.exe
C:\Program Files (x86)\Symantec\VIP Access Client\WhiteList.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} - hxxp://192.168.1.101/RSVideoOcx.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{30D99D1A-D25F-48B3-AD5F-DBA628D46655} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{30D99D1A-D25F-48B3-AD5F-DBA628D46655}\05650275966496 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30D99D1A-D25F-48B3-AD5F-DBA628D46655}\6416867656471626F657479647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30D99D1A-D25F-48B3-AD5F-DBA628D46655}\6616867656471626F657479647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{30D99D1A-D25F-48B3-AD5F-DBA628D46655}\762716E64602D6162796E61602160723 : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{30D99D1A-D25F-48B3-AD5F-DBA628D46655}\77962756C6563737 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{30D99D1A-D25F-48B3-AD5F-DBA628D46655}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B0A096BB-ECD6-4413-955E-B3B86B37B1A4} : DHCPNameServer = 0.0.0.0
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-8-20 29512]
R0 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-8-20 70416]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-8-20 19224]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-28 25416]
R1 MOBKFilter;MOBKFilter;C:\Windows\System32\drivers\MOBK.sys [2012-9-7 66040]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]
R2 ATT MAHostService;ATT MAHostService;C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [2013-7-3 321024]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-8-20 169776]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-14 328928]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-8-20 161560]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-8-20 58224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-8 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-8-20 61296]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-5-8 133992]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2013-3-23 201304]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-12-14 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-14 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-14 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-14 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-12-14 328928]
R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-11-4 311120]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-12-14 1025232]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-12-14 219272]
R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-9-24 782360]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-11-22 182752]
R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-11-4 343696]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-5-23 216072]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-8 70152]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-8-3 369152]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-8-20 101888]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-5-8 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-5-8 144960]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-20 363800]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-18 84080]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-3-26 555408]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-11-4 70112]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-8-20 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-8-20 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-8-20 789272]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-11-4 519576]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2013-11-26 411944]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-8-20 876136]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-6 40248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992]
S2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-8-3 460288]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-12-13 112080]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-8-20 320576]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-1-21 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-1-21 111616]
S3 LSCWinService;LSCWinService;C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2013-9-25 1674720]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2013-11-26 96112]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-8-20 1662560]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-8-20 1665120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-23 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-23 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-3 1255736]
.
=============== Created Last 30 ================
.
2014-01-21 20:20:09 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2014-01-21 05:10:23 -------- d-----w- C:\Users\Paul\AppData\Local\Deployment
2014-01-21 05:10:23 -------- d-----w- C:\Users\Paul\AppData\Local\Apps
2014-01-14 23:20:14 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-14 23:20:14 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-14 23:20:14 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-14 23:20:14 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-14 23:20:14 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-14 23:20:13 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-14 23:20:13 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-14 23:20:13 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-14 23:20:12 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-10 15:54:04 -------- d-----w- C:\Windows\Migration
2014-01-10 15:48:52 -------- d-----w- C:\Users\Paul\AppData\Local\Tvsukernel
.
==================== Find3M  ====================
.
2013-12-24 02:13:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-24 02:13:52 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-27 06:07:44 10856 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2013-11-27 06:07:22 96112 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2013-11-27 06:07:02 411944 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 11:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 21:04:57.70 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 PM

Posted 08 February 2014 - 10:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on your log. Lets continue.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 pzahra

pzahra
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 08 February 2014 - 02:13 PM

Hello Nasdaq,

 

Here are the adware and jrt logs.  I have tried running combofix fix twice ,  it seems to stall after completing stage 4,  its been sitting there for close to an hour now on this second try.  I will not quit the program until I hear back from you.  I have stopped real time scanning and firewall in Mcaffe Internet Security software that I use before starting combofix.

 

Thanks for your help with this.

Paul

.

 

# AdwCleaner v3.018 - Report created 08/02/2014 at 09:21:15
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Paul - PAUL-THINK
# Running from : C:\Users\Paul\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Partner
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\pzahra\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [887 octets] - [08/02/2014 09:19:47]
AdwCleaner[S0].txt - [813 octets] - [08/02/2014 09:21:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [872 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Professional x64
Ran by Paul on Sat 02/08/2014 at  9:30:10.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{1D3E70F1-2959-4C4F-96BC-0029B63534EA}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{21D48D4A-2EAD-4D7C-ACB6-D0ADDC55AB8F}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{2EB8908B-31AC-4BB2-B641-D5D98E042070}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{31C9AE23-2E14-4A65-A794-FA48D2505F07}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{5AB50FED-8E7F-4111-ADAB-FEC38E014EF2}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{68E8A8AE-3FFA-47E3-926B-E9A769A3C532}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{9716DA6A-DD3D-4E95-8988-0223015C0234}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{9DADA577-A584-4BB7-A39D-D2CCC166CC74}
Successfully deleted: [Empty Folder] C:\Users\Paul\appdata\local\{B88D49A7-70FE-4650-8614-C5FAB79B750F}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/08/2014 at  9:36:43.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 PM

Posted 08 February 2014 - 02:24 PM

The logs submitted are clean.

Close ComboFix using the Windows Tasks.

Restart the computer normally.

Download and run this tool.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#5 pzahra

pzahra
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 08 February 2014 - 03:02 PM

See first log,  its telling me the addition .txt fill is two big,  so I split it up and will need to attach it to multiple posts.

 

 

Attached File  Addition.txt   12.5KB   0 downloadsfarbar logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2014
Ran by Paul (administrator) on PAUL-THINK on 08-02-2014 11:37:14
Running from C:\Users\Paul\Desktop\test
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Joyent, Inc) C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\node.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-08] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382528 2012-02-24] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-18] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-16] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-1189826940-687842569-1934206052-1000\...\MountPoints2: {1666c438-eb20-11e1-a416-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1189826940-687842569-1934206052-1000\...\MountPoints2: {cec58008-625f-11e2-b672-0021ccc5fb4f} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1189826940-687842569-1934206052-1000\...\MountPoints2: {fd2386eb-fa35-11e1-add6-0021ccc5fb4f} - D:\LaunchU3.exe -a
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6EC661B3-F08B-4725-AF49-6C2C31B75DC9} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {357A8DEC-0CAC-4D8D-9869-C2C356B844F7} http://192.168.1.101/RSVideoOcx.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Motive Extension) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-01-20]
CHR Extension: (SiteAdvisor) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-01-20]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-08-03]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-02-07]
 
==================== Services (Whitelisted) =================
 
R2 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-07-03] (Alcatel-Lucent)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-16] (Lenovo)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-11] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-05-23] (Nitro PDF Software)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-18] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-16] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-08 11:37 - 2014-02-08 11:37 - 00000000 ____D () C:\FRST
2014-02-08 11:36 - 2014-02-08 11:37 - 00000000 ____D () C:\Users\Paul\Desktop\test
2014-02-08 11:02 - 2014-02-08 09:21 - 00000951 _____ () C:\Users\Public\AdwCleaner[S0].txt
2014-02-08 10:01 - 2014-02-08 11:30 - 00000000 ___SD () C:\ComboFix
2014-02-08 09:43 - 2014-02-08 09:43 - 00000000 ____D () C:\Qoobox
2014-02-08 09:43 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-08 09:43 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-08 09:43 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-08 09:43 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-08 09:43 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-08 09:43 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-08 09:43 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-08 09:43 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-08 09:42 - 2014-02-08 10:01 - 00000000 ___SD () C:\32788R22FWJFW
2014-02-08 09:42 - 2014-02-08 09:42 - 00000000 ____D () C:\Windows\erdnt
2014-02-08 09:38 - 2014-02-08 09:38 - 05180173 ____R (Swearware) C:\Users\Paul\Desktop\ComboFix.exe
2014-02-08 09:36 - 2014-02-08 09:36 - 00001579 _____ () C:\Users\Public\JRT.txt
2014-02-08 09:30 - 2014-02-08 09:30 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 09:25 - 2014-02-08 09:25 - 01037530 _____ (Thisisu) C:\Users\Paul\Downloads\JRT.exe
2014-02-08 09:19 - 2014-02-08 09:21 - 00000000 ____D () C:\AdwCleaner
2014-02-08 08:55 - 2014-02-08 08:55 - 01166132 _____ () C:\Users\Paul\Desktop\adwcleaner.exe
2014-02-03 21:02 - 2014-02-03 21:03 - 00688992 ____R (Swearware) C:\Users\Paul\Downloads\dds (1).com
2014-01-25 08:19 - 2014-01-25 08:19 - 00014122 ____H () C:\Users\Paul\Documents\~WRL0895.tmp
2014-01-24 21:56 - 2014-01-24 21:56 - 00681338 _____ () C:\Users\Paul\Downloads\7PCKRZPV2.wav
2014-01-21 12:20 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-01-21 03:00 - 2013-11-26 03:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-21 03:00 - 2013-11-26 02:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-21 03:00 - 2013-11-26 02:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-01-21 03:00 - 2013-11-26 02:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-21 03:00 - 2013-11-26 01:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-21 03:00 - 2013-11-26 01:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-01-21 03:00 - 2013-11-26 01:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-21 03:00 - 2013-11-26 01:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-21 03:00 - 2013-11-26 01:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-21 03:00 - 2013-11-26 01:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-21 03:00 - 2013-11-26 01:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-21 03:00 - 2013-11-26 01:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-01-21 03:00 - 2013-11-26 01:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-01-21 03:00 - 2013-11-26 01:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-01-21 03:00 - 2013-11-26 00:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-21 03:00 - 2013-11-26 00:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-21 03:00 - 2013-11-26 00:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-21 03:00 - 2013-11-26 00:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-21 03:00 - 2013-11-26 00:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-21 03:00 - 2013-11-26 00:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-01-21 03:00 - 2013-11-26 00:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-21 03:00 - 2013-11-26 00:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-01-21 03:00 - 2013-11-25 23:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-21 03:00 - 2013-11-25 23:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-01-21 03:00 - 2013-11-25 23:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-21 03:00 - 2013-11-25 23:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-21 03:00 - 2013-11-25 22:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-21 03:00 - 2013-11-25 22:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-21 03:00 - 2013-11-25 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-21 03:00 - 2013-11-25 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-21 03:00 - 2013-11-25 22:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-20 21:16 - 2014-01-20 21:20 - 55915216 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-01-20 21:13 - 2014-02-03 21:24 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-20 21:11 - 2014-02-08 11:21 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-20 21:11 - 2014-02-08 09:22 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-20 21:11 - 2014-01-20 21:16 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-20 21:11 - 2014-01-20 21:16 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Paul\AppData\Local\Deployment
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Paul\AppData\Local\Apps\2.0
2014-01-20 20:55 - 2014-01-20 20:55 - 00000000 _____ () C:\Users\Paul\Downloads\IE11-Windows6_1-x64-en-us_exe.4gk701i.partial
2014-01-14 15:20 - 2013-11-26 17:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 15:20 - 2013-11-26 17:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 15:20 - 2013-11-26 17:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 15:20 - 2013-11-26 17:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 15:20 - 2013-11-26 17:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 15:20 - 2013-11-26 17:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 15:20 - 2013-11-26 17:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 15:20 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 15:20 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 07:56 - 2014-01-10 07:56 - 00771580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-10 07:48 - 2014-01-10 07:48 - 00000000 ____D () C:\Users\Paul\AppData\Local\Tvsukernel
 
==================== One Month Modified Files and Folders =======
 
2014-02-08 11:37 - 2014-02-08 11:37 - 00000000 ____D () C:\FRST
2014-02-08 11:37 - 2014-02-08 11:36 - 00000000 ____D () C:\Users\Paul\Desktop\test
2014-02-08 11:30 - 2014-02-08 10:01 - 00000000 ___SD () C:\ComboFix
2014-02-08 11:21 - 2014-01-20 21:11 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-08 10:01 - 2014-02-08 09:42 - 00000000 ___SD () C:\32788R22FWJFW
2014-02-08 09:43 - 2014-02-08 09:43 - 00000000 ____D () C:\Qoobox
2014-02-08 09:42 - 2014-02-08 09:42 - 00000000 ____D () C:\Windows\erdnt
2014-02-08 09:38 - 2014-02-08 09:38 - 05180173 ____R (Swearware) C:\Users\Paul\Desktop\ComboFix.exe
2014-02-08 09:36 - 2014-02-08 09:36 - 00001579 _____ () C:\Users\Public\JRT.txt
2014-02-08 09:30 - 2014-02-08 09:30 - 00000000 ____D () C:\Windows\ERUNT
2014-02-08 09:29 - 2009-07-13 20:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 09:29 - 2009-07-13 20:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 09:26 - 2013-12-14 13:45 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-02-08 09:26 - 2012-08-20 15:42 - 01684936 _____ () C:\Windows\WindowsUpdate.log
2014-02-08 09:25 - 2014-02-08 09:25 - 01037530 _____ (Thisisu) C:\Users\Paul\Downloads\JRT.exe
2014-02-08 09:25 - 2012-08-30 05:19 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Nitro PDF
2014-02-08 09:22 - 2014-01-20 21:11 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-08 09:22 - 2013-08-03 10:00 - 00000000 ____D () C:\Program Files (x86)\ATT
2014-02-08 09:22 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-08 09:22 - 2009-07-13 20:51 - 00070670 _____ () C:\Windows\setupact.log
2014-02-08 09:21 - 2014-02-08 11:02 - 00000951 _____ () C:\Users\Public\AdwCleaner[S0].txt
2014-02-08 09:21 - 2014-02-08 09:19 - 00000000 ____D () C:\AdwCleaner
2014-02-08 09:14 - 2013-07-10 18:56 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-02-08 09:14 - 2010-11-20 19:47 - 00974698 _____ () C:\Windows\PFRO.log
2014-02-08 09:06 - 2012-08-20 15:56 - 629675008 ___SH () C:\Windows\lenovo_fastboot.img
2014-02-08 08:55 - 2014-02-08 08:55 - 01166132 _____ () C:\Users\Paul\Desktop\adwcleaner.exe
2014-02-04 02:02 - 2012-09-07 17:32 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-02-03 21:24 - 2014-01-20 21:13 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 21:05 - 2013-12-14 17:59 - 00023365 _____ () C:\Users\Paul\Desktop\dds.txt
2014-02-03 21:05 - 2013-12-14 17:59 - 00012706 _____ () C:\Users\Paul\Desktop\attach.txt
2014-02-03 21:03 - 2014-02-03 21:02 - 00688992 ____R (Swearware) C:\Users\Paul\Downloads\dds (1).com
2014-02-02 18:31 - 2012-09-01 21:48 - 00029696 _____ () C:\Users\Paul\Desktop\Mystuff.xls
2014-01-29 18:29 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-01-25 08:19 - 2014-01-25 08:19 - 00014122 ____H () C:\Users\Paul\Documents\~WRL0895.tmp
2014-01-24 21:56 - 2014-01-24 21:56 - 00681338 _____ () C:\Users\Paul\Downloads\7PCKRZPV2.wav
2014-01-20 22:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-01-20 21:45 - 2013-11-15 08:15 - 00017151 _____ () C:\Windows\IE11_main.log
2014-01-20 21:45 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-01-20 21:20 - 2014-01-20 21:16 - 55915216 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-01-20 21:16 - 2014-01-20 21:11 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-20 21:16 - 2014-01-20 21:11 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-20 21:13 - 2012-08-30 05:15 - 00000000 ____D () C:\Users\Paul\AppData\Local\Google
2014-01-20 21:13 - 2012-08-20 15:58 - 00000000 ____D () C:\Program Files (x86)\Google
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Paul\AppData\Local\Deployment
2014-01-20 21:10 - 2014-01-20 21:10 - 00000000 ____D () C:\Users\Paul\AppData\Local\Apps\2.0
2014-01-20 20:55 - 2014-01-20 20:55 - 00000000 _____ () C:\Users\Paul\Downloads\IE11-Windows6_1-x64-en-us_exe.4gk701i.partial
2014-01-19 17:50 - 2012-09-07 17:40 - 00000000 ____D () C:\Users\Paul\Documents\Receipts
2014-01-15 03:20 - 2009-07-13 20:45 - 00378928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 03:02 - 2013-07-12 06:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 03:00 - 2012-08-31 19:48 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-10 07:56 - 2014-01-10 07:56 - 00771580 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-01-10 07:56 - 2009-07-13 21:13 - 00796552 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-10 07:48 - 2014-01-10 07:48 - 00000000 ____D () C:\Users\Paul\AppData\Local\Tvsukernel
2014-01-10 07:39 - 2012-08-20 15:22 - 00000000 ____D () C:\ProgramData\Lenovo
2014-01-10 07:38 - 2012-08-20 16:07 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-01-10 07:38 - 2012-08-20 15:45 - 00000000 ____D () C:\Program Files (x86)\Lenovo
 
Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\Paul\AppData\Local\Temp\Quarantine.exe
C:\Users\Paul\AppData\Local\Temp\SHSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 00:35
 
==================== End Of Log ============================


#6 pzahra

pzahra
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 08 February 2014 - 03:26 PM

I cannot seem to attached the separate sections of addition so I'm pasting them in ,  hope that is ok

 

 
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0BBBBA86-DDAA-4AD0-BC6E-76AED14708C7} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {0C3BD4F3-0236-4D6E-8B93-B381A94FC10D} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-09-17] ()
Task: {3D44B1F0-8C6C-484C-87D8-D2F69AB2E4E6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {3D75CEF7-A374-45FD-96BC-EEE5605C8B95} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {4E1C0448-3149-456E-9DB6-082724256DA0} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {4E2E24FC-CE9E-4344-890A-6D7710F1A8F7} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {5E966D0F-8EE1-43E3-BD65-5C09EEB3914C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {6743F06E-DBF2-4B86-9981-EB4423A81990} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {9087DB1B-055C-409D-BD78-4D4205829CD3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-20] (Google Inc.)
Task: {C90C412F-399A-493A-9D54-727A16D00FF4} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {C94CBDAD-448E-4664-9900-28EB0870D3DC} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {F48340D5-8345-4D83-B69D-AEB0F5F4F6FF} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Paul-THINK.Paul => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-20 15:46 - 2012-03-18 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-20 15:49 - 2012-05-15 13:32 - 00093696 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-03-26 07:44 - 2013-03-26 07:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-08-20 15:56 - 2012-01-16 22:29 - 00030512 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2013-03-06 17:26 - 2013-03-06 17:26 - 00241152 _____ () C:\Program Files (x86)\ATT\8.3.1.7\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-03-06 17:26 - 2013-03-06 17:26 - 00264704 _____ () C:\Program Files (x86)\ATT\8.3.1.7\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-03-06 17:26 - 2013-03-06 17:26 - 00233984 _____ () C:\Program Files (x86)\ATT\8.3.1.7\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2012-07-12 15:37 - 2012-07-12 15:37 - 01380864 _____ () C:\Program Files (x86)\ATT\8.3.1.7\ma\node_modules\libxmljs\build\Release\libxmljs.node
2012-06-26 12:40 - 2012-06-26 12:40 - 00068096 _____ () C:\Program Files (x86)\ATT\8.3.1.7\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2012-08-20 15:59 - 2012-07-12 04:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-08-20 15:59 - 2012-07-12 04:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2012-10-01 17:27 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2012-08-20 15:44 - 2012-02-20 19:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Paul\Desktop\5132.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Desktop\5132.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Paul\Desktop\7030.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Desktop\7030.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Paul\Desktop\Antoinette_2013.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Desktop\Antoinette_2013.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Paul\Desktop\Antoinette_2013_2.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Desktop\Antoinette_2013_2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Paul\Desktop\ICS Request.tiff:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Desktop\ICS Request.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Paul\Desktop\TEST.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Desktop\TEST.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Paul\Desktop\TEST.tiff:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Desktop\TEST.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Paul\Desktop\Washington Hosp 8_5.bmp:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Paul\Desktop\Washington Hosp 8_5.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® 82579LM Gigabit Network Connection
Description: Intel® 82579LM Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/08/2014 11:37:01 AM) (Source: ESENT) (User: )
Description: taskhost (3912) WebCacheLocal: Database recovery/restore failed with unexpected error -1104.
 
Error: (02/08/2014 11:37:01 AM) (Source: ESENT) (User: )
Description: taskhost (3912) WebCacheLocal: Database recovery/restore failed with unexpected error -1104.
 
Error: (02/08/2014 11:34:15 AM) (Source: ESENT) (User: )
Description: taskhost (3912) WebCacheLocal: Database recovery/restore failed with unexpected error -1104.
 
Error: (02/08/2014 11:34:14 AM) (Source: ESENT) (User: )
Description: taskhost (3912) WebCacheLocal: Database recovery/restore failed with unexpected error -1104.
 
Error: (02/08/2014 11:34:10 AM) (Source: ESENT) (User: )
Description: taskhost (3912) WebCacheLocal: Database recovery/restore failed with unexpected error -1104.
 
Error: (02/08/2014 11:31:07 AM) (Source: Application Hang) (User: )
Description: The program CF20554.3XE version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f488
 
Start Time: 01cf24f7d27db4ef
 
Termination Time: 0
 
Application Path: C:\ComboFix\CF20554.3XE
 
Report Id:
 
Error: (02/08/2014 09:41:55 AM) (Source: ESENT) (User: )
Description: taskhost (3912) WebCacheLocal: Database recovery/restore failed with unexpected error -1104.
 
Error: (02/08/2014 09:41:55 AM) (Source: ESENT) (User: )
Description: taskhost (3912) WebCacheLocal: Database recovery/restore failed with unexpected error -1104.
 
Error: (02/08/2014 09:41:24 AM) (Source: ESENT) (User: )
Description: taskhost (3912) WebCacheLocal: Database recovery/restore failed with unexpected error -1104.
 
 
System errors:
=============
Error: (02/08/2014 10:12:13 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (02/08/2014 11:37:01 AM) (Source: ESENT)(User: )
Description: taskhost3912WebCacheLocal: -1104
 
Error: (02/08/2014 11:37:01 AM) (Source: ESENT)(User: )
Description: taskhost3912WebCacheLocal: -1104
 
Error: (02/08/2014 11:34:15 AM) (Source: ESENT)(User: )
Description: taskhost3912WebCacheLocal: -1104
 
Error: (02/08/2014 11:34:14 AM) (Source: ESENT)(User: )
Description: taskhost3912WebCacheLocal: -1104
 
Error: (02/08/2014 11:34:10 AM) (Source: ESENT)(User: )
Description: taskhost3912WebCacheLocal: -1104
 
Error: (02/08/2014 11:31:07 AM) (Source: Application Hang)(User: )
Description: CF20554.3XE6.1.7601.17514f48801cf24f7d27db4ef0C:\ComboFix\CF20554.3XE
 
Error: (02/08/2014 09:41:55 AM) (Source: ESENT)(User: )
Description: taskhost3912WebCacheLocal: -1104
 
Error: (02/08/2014 09:41:55 AM) (Source: ESENT)(User: )
Description: taskhost3912WebCacheLocal: -1104
 
Error: (02/08/2014 09:41:24 AM) (Source: ESENT)(User: )
Description: taskhost3912WebCacheLocal: -1104
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-08 20:59:17.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-07 18:25:08.334
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-07 18:25:06.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-02 18:07:24.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-02 18:07:24.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-06-02 18:07:24.947
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-10 19:05:52.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-29 15:14:56.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-08 07:31:27.655
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-08 07:31:27.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 56%
Total physical RAM: 3819.96 MB
Available physical RAM: 1670.18 MB
Total Pagefile: 7638.1 MB
Available Pagefile: 5024.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:282.95 GB) (Free:230.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT32
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:3.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 64A43236)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 123 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=123 MB) - (Type=0B)
 
==================== End Of Log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 PM

Posted 09 February 2014 - 09:06 AM

A few problems have been identified in you log.
This is one of them.

Name: McAfee Inc. mfeapfk
Description: McAfee Inc. mfeapfk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfeapfk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


I suggest you remove the program using McAfee's removal tool.

You will find it here.
http://mcafee-removal-tool.com/

Restart the computer and reinstall the program.

Let me know if the problem persists.

#8 pzahra

pzahra
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 09 February 2014 - 05:57 PM

Hello Nasdaq,

 

I did what outlined above uninstalled and then re-installed Mcafee software.  Are you saying that this issue with Mcafee was the problem causing my system slow response time?

 

 

Paul



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 PM

Posted 10 February 2014 - 09:12 AM

Did that solved the problem?

#10 pzahra

pzahra
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 10 February 2014 - 11:05 AM

Hello nasdaq,

 

I will not know if the problem has been solved for a few days as it takes that long for the change in response time to show up. Is there anything else I should check?

 

Paul



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 PM

Posted 10 February 2014 - 02:19 PM

Not at the moment. Will wait.

#12 pzahra

pzahra
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 13 February 2014 - 10:09 AM

Hello Nasdaq,

 

The slow response showed up again this morning system was slow t come back from sleep mode and then when trying to start my WEB browser it took forever. Disk drive seemed slow to respond,  Once the WEB browser was up internet response does not seem that bad.  



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 PM

Posted 13 February 2014 - 02:13 PM


Download the McAfee's removal tool and run it.
http://mcafee-removal-tool.com/

Restart the computer normally.

Install the Microsoft Security Essentials. - It's free.
http://windows.microsoft.com/en-CA/windows/security-essentials-download

How is the computer's performance now?

#14 pzahra

pzahra
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 17 February 2014 - 11:08 AM

Well I did what you  mentioned,  So far 2 days an no slow down in performance. I will know in a couple of more days if this fixed it.

 

Paul



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:19 PM

Posted 23 February 2014 - 10:22 AM



If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
Ignore if ComboFix was not used.
===


Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Having an effective antivirus is a must for everyone.
In addition to many excellent commercial products there are plenty of good free antivirus programs available. I can recommend:

If you are satisfied with your current protection programs you can ignore the instructions on Antivirus or Firewall listed below.In addition to an antivirus I recommend using a firewall. A software firewall is a software program that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. I can recommend one of the following free products:Please note: Many installer offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Malwarebytes Anti-Malware (MBAM)
The free version of MBAM can be used to scan the system for traces of malware. Scanning your system regularly will make it harder for malware to reside on your system.
A tutorial on using MBAM can be found here.
Please Note: Only the paid for version has real time capabilities.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please keep your programs up to date. This applies to Java, Adobe Flashplayer, Adobe Reader and your Internet Browsers in particular. Vulnerabilities in these programs are often exploited in order to install malware on your PC. Visiting a prepared web page suffices to infect your system.

In general Firefox, Opera and Google Chrome are considered to be more secure than Internet Explorer. In addition there are many useful add-ons that can protect you from possible risks:
  • WOT will warn you when you try to visit sites with poor reputation. The reputation is based on user ratings and is usually very accurate.
  • Script Blocker can help blocking many attempts to infect your system via malicious websites by only allowing scripts at sites you trust.
  • NoScript is a popular Firefox addon,
  • ScriptNo a popular Google Chrome addon.
For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users