Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FLAME?


  • This topic is locked This topic is locked
19 replies to this topic

#1 bwrighttwo

bwrighttwo

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 21 June 2012 - 01:05 AM

I have been trying to figure this out for several months now. I know you guys are sick of me but I have been through numerous clean reinstalls with reformat and it keeps coming back. I sometimes feel as if no one believes what I describe could possibly happen. Maybe you can get some info from my previous posts although incomplete due to pc's getting so bad i could not comunicate any longer. "Flame" has all of the symtoms I have so lets see what happens. Thanks for patients with me.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Home at 1:53:36 on 2012-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7665.6201 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{08CB359B-EC6A-461A-BFE9-DEC78A102CB2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{29AD5D2F-70A9-4176-B675-81D510DA7811} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{29AD5D2F-70A9-4176-B675-81D510DA7811}\65562796A7F6E602D494649443531303C4022493732402355636572756 : DhcpNameServer = 192.168.1.1
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe [2012-6-19 374112]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [2012-6-19 451936]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
R3 netr28ux;Belkin Wireless Adapter Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-21 05:41:20 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E0964FEA-2F2C-4DA7-A3DE-63359DD90A11}\offreg.dll
2012-06-21 01:00:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-21 01:00:25 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-06-21 00:48:21 -------- d--h--w- C:\Windows\AxInstSV
2012-06-20 00:26:28 -------- d-----w- C:\ProgramData\Sophos
2012-06-19 23:48:17 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-19 23:48:17 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-19 23:48:17 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-19 23:48:15 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-19 23:48:14 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-19 23:48:05 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-19 23:48:05 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-19 23:48:04 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-19 23:28:07 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E0964FEA-2F2C-4DA7-A3DE-63359DD90A11}\mpengine.dll
2012-06-19 23:22:18 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll
2012-06-19 23:22:17 1631808 ----a-w- C:\Windows\System32\drivers\netr28ux.sys
2012-06-19 23:22:17 -------- d-----w- C:\ProgramData\Belkin Driver
2012-06-19 23:21:58 -------- d-----w- C:\Windows\System32\RaLanguages
2012-06-19 23:21:57 792416 ----a-w- C:\Windows\SysWow64\DiagFunc.dll
2012-06-19 23:21:57 792416 ----a-w- C:\Windows\System32\DiagFunc.dll
2012-06-19 23:21:57 2399584 ----a-w- C:\Windows\System32\RaCertMgr.dll
2012-06-19 23:21:57 1607008 ----a-w- C:\Windows\SysWow64\RaCertMgr.dll
2012-06-19 23:21:57 128864 ----a-w- C:\Windows\SysWow64\RAEXTUI.dll
2012-06-19 23:21:57 128864 ----a-w- C:\Windows\System32\RAEXTUI.dll
2012-06-19 23:21:57 1112928 ----a-w- C:\Windows\SysWow64\RAIHV.dll
2012-06-19 23:21:57 1112928 ----a-w- C:\Windows\System32\RAIHV.dll
2012-06-19 22:58:22 -------- d-----w- C:\ProgramData\F-Secure uninstallationtool
2012-06-09 01:34:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-09 01:33:53 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-09 01:33:40 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-09 01:33:40 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-07 01:01:48 -------- d-----w- C:\Users\Home\AppData\Local\Adobe
2012-06-07 00:43:40 -------- d-----w- C:\Users\Home\AppData\Local\ElevatedDiagnostics
2012-06-02 00:02:14 -------- d-----w- C:\Users\Home\AppData\Roaming\Malwarebytes
2012-06-02 00:02:07 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-02 00:02:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 23:10:35 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-15 23:10:31 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-13 17:58:46 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-13 17:58:46 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-12 02:11:57 0 ----a-w- C:\Windows\ativpsrm.bin
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 1:54:16.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 21 June 2012 - 01:26 AM

I can't get gmer to work like the screenshots you have on instructions. I will post what I did get.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-21 02:25:52
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service system32\drivers\1394ohci.sys (1394 OpenHCI Driver/Microsoft Corporation) [MANUAL] 1394ohci
Service system32\drivers\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service system32\drivers\acpipmi.sys (ACPI Power Metering Driver/Microsoft Corporation) [MANUAL] AcpiPmi
Service system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [MANUAL] adp94xx
Service system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [MANUAL] adpahci
Service system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.) [MANUAL] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AeLookupSvc
Service system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440
Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [MANUAL] aliide
Service C:\Windows\system32\atiesrxx.exe (AMD External Events Service Module/AMD) [AUTO] AMD External Events Utility
Service system32\DRIVERS\amdhub30.sys (AMD USB 3.0 Hub Driver/Advanced Micro Devices, INC.) [MANUAL] amdhub30
Service system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [MANUAL] amdide
Service system32\drivers\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8
Service system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.) [MANUAL] amdkmdag
Service system32\DRIVERS\atikmpag.sys (AMD multi-vendor Miniport Driver/Advanced Micro Devices, Inc.) [MANUAL] amdkmdap
Service system32\DRIVERS\amdppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdPPM
Service system32\drivers\amdsata.sys (AHCI 1.2 Device Driver/Advanced Micro Devices) [MANUAL] amdsata
Service system32\drivers\amdsbs.sys (AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform/AMD Technologies Inc.) [MANUAL] amdsbs
Service system32\drivers\amdxata.sys (Storage Filter Driver/Advanced Micro Devices) [BOOT] amdxata
Service system32\DRIVERS\amdxhc.sys (AMD USB 3.0 Host Controller Driver/Advanced Micro Devices, INC.) [MANUAL] amdxhc
Service system32\drivers\appid.sys (AppID Driver/Microsoft Corporation) [MANUAL] AppID
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AppIDSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
Service system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [MANUAL] arc
Service system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [MANUAL] arcsas
Service system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
Service Atierecord
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Anti-Virus/Kaspersky Lab ZAO) [AUTO] AVP
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] AxInstSV
Service system32\drivers\bxvbda.sys (Broadcom NetXtreme II GigE VBD/Broadcom Corporation) [MANUAL] b06bdrv
Service system32\DRIVERS\b57nd60a.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver./Broadcom Corporation) [MANUAL] b57nd60a
Service (Battery Class Driver/Microsoft Corporation) BattC
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] BDESVC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] BITS
Service system32\DRIVERS\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [SYSTEM] blbdrive
Service system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service system32\drivers\BrFiltLo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service system32\drivers\BrFiltUp.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Browser
Service System32\Drivers\Brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [MANUAL] Brserid
Service System32\Drivers\BrSerWdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm
Service System32\Drivers\BrUsbMdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm
Service System32\Drivers\BrUsbSer.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM
Service BTHPORT
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] bthserv
Service system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
Service system32\drivers\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass
Service System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_64
Service system32\drivers\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
Service system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [MANUAL] cmdide
Service System32\Drivers\cng.sys (Kernel Cryptography, Next Generation/Microsoft Corporation) [BOOT] CNG
Service system32\drivers\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [MANUAL] Compbatt
Service system32\DRIVERS\CompositeBus.sys (Multi-Transport Composite Bus Enumerator/Microsoft Corporation) [MANUAL] CompositeBus
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [DISABLED] crcdisk
Service crypt32
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] defragsvc
Service System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp
Service System32\drivers\discache.sys (System Indexer/Cache Driver/Microsoft Corporation) [SYSTEM] discache
Service system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS
Service system32\drivers\drmkaud.sys (Microsoft Trusted Audio Drivers/Microsoft Corporation) [MANUAL] drmkaud
Service System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost
Service system32\drivers\evbda.sys (Broadcom NetXtreme II 10 GigE VBD/Broadcom Corporation) [MANUAL] ebdrv
Service C:\Windows\System32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] EFS
Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr
Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched
Service system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [MANUAL] elxstor
Service system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev
Service ESENT
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] eventlog
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem
Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
Service C:\Windows\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [MANUAL] Fax
Service system32\drivers\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] FDResPub
Service system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
Service system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
Service system32\drivers\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk
Service system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FontCache
Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service System32\drivers\FsDepends.sys (File System Dependency Manager Mini Filter Driver/Microsoft Corporation) [MANUAL] FsDepends
Service (File System Recognizer Driver/Microsoft Corporation) [BOOT] Fs_Rec
Service System32\DRIVERS\fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) [BOOT] fvevol
Service system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc
Service system32\drivers\hcw85cir.sys (Hauppauge WinTV 885 Consumer IR Driver for eHome/Hauppauge Computer Works, Inc.) [MANUAL] hcw85cir
Service system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService
Service system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
Service system32\drivers\HidBatt.sys (Hid Battery Driver/Microsoft Corporation) [MANUAL] HidBatt
Service system32\drivers\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [MANUAL] HidBth
Service system32\drivers\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hidserv
Service system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] HomeGroupListener
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] HomeGroupProvider
Service system32\drivers\HpSAMD.sys (Smart Array SAS/SATA Controller Media Driver/Hewlett-Packard Company) [MANUAL] HpSAMD
Service system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service System32\drivers\hwpolicy.sys (Hardware Policy Driver/Microsoft Corporation) [BOOT] hwpolicy
Service system32\drivers\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [MANUAL] i8042prt
Service system32\drivers\iaStorV.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [MANUAL] iaStorV
Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [MANUAL] iirsp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT
Service inetaccs
Service system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [MANUAL] intelide
Service system32\drivers\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum
Service system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc
Service system32\drivers\IPMIDrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [MANUAL] IPMIDRV
Service System32\drivers\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
Service system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [MANUAL] isapnp
Service system32\drivers\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
Service system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [MANUAL] kbdclass
Service system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [MANUAL] kbdhid
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
Service system32\DRIVERS\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) [BOOT] KL1
Service system32\DRIVERS\kl2.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO) [SYSTEM] kl2
Service system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_AMD64]/Kaspersky Lab) [SYSTEM] KLIF
Service system32\DRIVERS\klim6.sys (Kaspersky Lab Intermediate Network Driver/Kaspersky Lab ZAO) [SYSTEM] KLIM6
Service system32\DRIVERS\klmouflt.sys (KLMOUFLT Mouse Device Filter [fre_wlh_AMD64]/Kaspersky Lab) [MANUAL] klmouflt
Service System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service System32\Drivers\ksecpkg.sys (Kernel Security Support Provider Interface Packages/Microsoft Corporation) [BOOT] KSecPkg
Service system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation) [MANUAL] ksthunk
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] KtmRm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation
Service ldap
Service system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts
Service Lsa
Service system32\drivers\lsi_fc.sys (LSI Fusion-MPT FC Driver (StorPort)/LSI Corporation) [MANUAL] LSI_FC
Service system32\drivers\lsi_sas.sys (LSI Fusion-MPT SAS Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS
Service system32\drivers\lsi_sas2.sys (LSI SAS Gen2 Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SAS2
Service system32\drivers\lsi_scsi.sys (LSI Fusion-MPT SCSI Driver (StorPort)/LSI Corporation) [MANUAL] LSI_SCSI
Service system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc
Service system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64/LSI Corporation) [MANUAL] megasas
Service system32\drivers\MegaSR.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [MANUAL] MegaSR
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
Service system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [MANUAL] mouclass
Service system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] mountmgr
Service system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [MANUAL] mpio
Service System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
Service system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [BOOT] msahci
Service system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [MANUAL] msdsm
Service C:\Windows\System32\msdtc.exe (Microsoft Distributed Transaction Coordinator Service/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service System32\drivers\mshidkmdf.sys (Pass-through HID to KMDF Filter Driver/Microsoft Corporation) [MANUAL] mshidkmdf
Service system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI
Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver
Service system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
Service MSSCNTRS
Service system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [SYSTEM] mssmbios
Service system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
Service system32\drivers\MTConfig.sys (Microsoft Multi-Touch HID Driver/Microsoft Corporation) [MANUAL] MTConfig
Service System32\Drivers\mup.sys (Multiple UNC Provider Driver/Microsoft Corporation) [BOOT] Mup
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent
Service system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP
Service system32\drivers\ndis.sys (NDIS 6.20 driver/Microsoft Corporation) [BOOT] NDIS
Service system32\DRIVERS\ndiscap.sys (NDIS Packet Capture Filter Driver/Microsoft Corporation) [MANUAL] NdisCap
Service system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio
Service system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] netprofm
Service system32\DRIVERS\netr28ux.sys (Ralink 802.11n Wireless Adapter Driver/Ralink Technology Corp.) [MANUAL] netr28ux
Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [MANUAL] nfrd960
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi
Service system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy
Service NTDS
Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service system32\drivers\nvraid.sys (NVIDIA® nForce™ RAID Driver/NVIDIA Corporation) [MANUAL] nvraid
Service system32\drivers\nvstor.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) [MANUAL] nvstor
Service system32\drivers\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp
Service system32\drivers\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc
Service system32\drivers\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc
Service system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] pci
Service system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [MANUAL] pciide
Service system32\drivers\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [MANUAL] pcmcia
Service System32\drivers\pcw.sys (Performance Counters for Windows Driver/Microsoft Corporation) [BOOT] pcw
Service system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
Service PerfDisk
Service C:\Windows\SysWow64\perfhost.exe (x86 Performance Counter Host/Microsoft Corporation) [MANUAL] PerfHost
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PolicyAgent
Service PortProxy
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Power
Service system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service system32\drivers\processr.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] Processor
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage
Service system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [SYSTEM] Psched
Service system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [MANUAL] ql2300
Service system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [MANUAL] ql40xx
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE
Service system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv
Service C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe (RalinkRegistryWriter/Ralink Technology, Corp.) [AUTO] RalinkRegistryWriter
Service C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe (RalinkRegistryWriter/Ralink Technology, Corp.) [AUTO] RalinkRegistryWriter64
Service System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [MANUAL] RasAcd
Service system32\DRIVERS\AgileVpn.sys (RAS Agile Vpn Miniport Call Manager/Microsoft Corporation) [MANUAL] RasAgileVpn
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto
Service system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan
Service system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp
Service system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] rdbss
Service system32\drivers\rdpbus.sys (Microsoft RDP Bus Device driver/Microsoft Corporation) [MANUAL] rdpbus
Service System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service system32\drivers\rdpencdd.sys (RDP Encoder Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service RDPNP
Service system32\drivers\rdprefmp.sys (RDP Reflector Driver Miniport/Microsoft Corporation) [SYSTEM] RDPREFMP
Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD
Service System32\drivers\rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) [BOOT] rdyboost
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcEptMapper
Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs
Service system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service system32\DRIVERS\Rt64win7.sys (Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver /Realtek ) [MANUAL] RTL8167
Service system32\DRIVERS\RTL8192su.sys (Realtek RTL8192S USB NDIS Driver/Realtek Semiconductor Corporation ) [MANUAL] RTL8192su
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
Service system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [MANUAL] sbp2port
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr
Service System32\DRIVERS\scfilter.sys (Microsoft Smart Card Reader Filter Driver/Microsoft Corporation) [MANUAL] scfilter
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc
Service system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] seclogon
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SensrSvc
Service system32\drivers\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
Service system32\drivers\serial.sys (Serial Device Driver/Microsoft Corporation) [MANUAL] Serial
Service system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [MANUAL] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv
Service system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk
Service system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
Service system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service system32\drivers\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] sfloppy
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] SharedAccess
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service system32\drivers\SiSRaid2.sys (SiS RAID Stor Miniport Driver/Silicon Integrated Systems Corp.) [MANUAL] SiSRaid2
Service system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [MANUAL] SiSRaid4
Service system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [MANUAL] Smb
Service SMSvcHost 3.0.0.0
Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\Windows\system32\sppsvc.exe (Microsoft Software Protection Platform Service/Microsoft Corporation) [AUTO] sppsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] sppuinotify
Service System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
Service System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
Service System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SstpSvc
Service system32\drivers\stexstor.sys (Promise SuperTrak EX Series Driver for Windows /Promise Technology) [MANUAL] stexstor
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] stisvc
Service system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TabletInputService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TBS
Service System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [BOOT] Tcpip
Service system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] TCPIP6
Service TCPIP6TUNNEL
Service System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
Service TCPIPTUNNEL
Service system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
Service system32\DRIVERS\termdd.sys (Remote Desktop Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TermService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
Service TSDDD
Service System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
Service system32\drivers\tsusbflt.sys (Remote Desktop USB Hub Filter Driver/Microsoft Corporation) [MANUAL] TsUsbFlt
Service system32\drivers\TsUsbGD.sys (Remote Desktop Generic USB Driver/Microsoft Corporation) [MANUAL] TsUsbGD
Service system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel
Service system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35
Service system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect
Service system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx
Service system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
Service system32\drivers\umpass.sys (Generic pass-through driver/Microsoft Corporation) [MANUAL] UmPass
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] upnphost
Service system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [MANUAL] usbcir
Service system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service system32\drivers\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service system32\drivers\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] VaultSvc
Service system32\drivers\vdrvroot.sys (Virtual Drive Root Enumerator/Microsoft Corporation) [BOOT] vdrvroot
Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds
Service system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service system32\drivers\vhdmp.sys (VHD Miniport Driver/Microsoft Corporation) [MANUAL] vhdmp
Service system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [MANUAL] viaide
Service system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr
Service System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [BOOT] volmgrx
Service system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] volsnap
Service system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [MANUAL] vsmraid
Service C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service system32\DRIVERS\vwifibus.sys (Virtual WiFi Bus Driver/Microsoft Corporation) [MANUAL] vwifibus
Service system32\DRIVERS\vwififlt.sys (Virtual WiFi Filter Driver/Microsoft Corporation) [SYSTEM] vwififlt
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] W32Time
Service W3SVC
Service system32\drivers\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [MANUAL] WacomPen
Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] WANARP
Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
Service C:\Windows\system32\Wat\WatAdminSvc.exe (Windows Activation Technologies Service/Microsoft Corporation) [MANUAL] WatAdminSvc
Service C:\Windows\system32\wbengine.exe (Microsoft® Block Level Backup Engine Service EXE/Microsoft Corporation) [MANUAL] wbengine
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WbioSrvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService
Service system32\drivers\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [MANUAL] Wd
Service system32\drivers\Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) [BOOT] Wdf01000
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WebClient
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WerSvc
Service system32\DRIVERS\wfplwf.sys (WFP NDIS 6.20 Lightweight Filter Driver/Microsoft Corporation) [SYSTEM] WfpLwf
Service C:\Windows\system32\drivers\wimmount.sys (Wim file system Driver/Microsoft Corporation) [MANUAL] WIMMount
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WinDefend
Service Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc
Service system32\drivers\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [MANUAL] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv
Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [DISABLED] WMPNetworkSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPDBusEnum
Service system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch
Service WSearchIdxPi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv
Service system32\drivers\WudfPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) [MANUAL] WudfPf
Service system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WwanSvc
Service xmlprov
Service {08CB359B-EC6A-461A-BFE9-DEC78A102CB2}
Service {29AD5D2F-70A9-4176-B675-81D510DA7811}
Service {76ECBB4F-2CF1-41D7-BB59-B727D1C3DDA7}

---- EOF - GMER 1.0.15 ----

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:04 PM

Posted 24 June 2012 - 06:42 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#4 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 25 June 2012 - 09:14 AM

I am here but the pc would not boot and had to end up doing a complete reinstall. I did reformat but I have already done this 5 times and the virus still returns. Saying that I hope we can figure out what is going on. I have 3 pcs with the same problem. The descrition of the "Flame" virus seems possible. I have nothing on the pc's that I need to save so they are all lab rats as far as I am concerned. I have no problem trying anything. Thanks for your time. I will donate if there is a way to do so not using PayPal.

#5 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 25 June 2012 - 10:21 AM

Hi. I had to bring a pc(not the one in this topic) to work because my Verizon MiFI(internet service) device went bad or is infected too, so I could use there network to get on line. I was trying to download DDS in case you wanted to check it out. When I try to download it says my C: disk is full. By the way this pc is the one that first got infected. I think ther has been a hidden partition set up in it if this is possible and I have some ehow gotten into it. I think the dvd drive has something to do with it because sometimes when I eject it I lose connection.

Edited by bwrighttwo, 25 June 2012 - 10:21 AM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:04 PM

Posted 25 June 2012 - 06:15 PM

We will need to boot the system outside of normal Windows

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#7 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 26 June 2012 - 01:01 PM

I will be able to do this around 6:pm edt USA. Thank you for the help.

#8 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 26 June 2012 - 09:14 PM

Hello. This log is the pc in the original post. As I said before it had been reinstalled so the user names are different. The pc I spoke of as the one that had all the problems to begin with (several months ago) and seemed like it was running 2 different partitions is now unbootable. Just to let you know when I did the scan on the pc with this log it got stuck in some kind of loop and kept running scans over and over so I do not know if it is 100% accurate.


Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 26-06-2012 21:28:51
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\LJHOU\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10

==================== Services (Whitelisted) ======

2 ioloDMV; C:\Program Files (x86)\iolo\Common\Lib\ioloDMVSvc.exe [299360 2007-10-03] ()
2 RalinkRegistryWriter; "C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe" [374112 2011-04-25] (Ralink Technology, Corp.)
2 RalinkRegistryWriter64; "C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe" [451936 2011-04-25] (Ralink Technology, Corp.)

========================== Drivers (Whitelisted) =============

3 u01w3ynw; C:\Windows\SysWow64\Drivers\u01w3ynw.sys [35904 2012-06-24] (VirusBlokAda Ltd.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-24 01:05 - 2012-06-26 21:28 - 00000000 ____D C:\FRST
2012-06-24 01:01 - 2012-06-26 20:20 - 00000146 ____A C:\Windows\setupact.log
2012-06-24 01:01 - 2012-06-24 01:01 - 00000000 ____A C:\Windows\setuperr.log
2012-06-24 00:57 - 2012-06-24 00:57 - 00000020 __ASH C:\Users\LJHOU\ntuser.ini
2012-06-24 00:57 - 2012-06-24 00:57 - 00000000 ____D C:\Users\LJHOU\AppData\Local\VirtualStore
2012-06-24 00:57 - 2012-06-24 00:57 - 00000000 ____D C:\users\LJHOU
2012-06-24 00:56 - 2012-06-24 00:56 - 00069632 ____A C:\Users\lucky\Desktop\mkhgfuf.evtx
2012-06-24 00:56 - 2012-06-24 00:56 - 00000000 ____D C:\Users\lucky\Desktop\LocaleMetaData
2012-06-24 00:36 - 2012-06-24 00:36 - 00001180 ____A C:\Users\lucky\Desktop\DriveScrubber 3.lnk
2012-06-24 00:36 - 2012-06-24 00:36 - 00000000 ____D C:\Program Files (x86)\iolo
2012-06-24 00:36 - 2007-09-20 13:12 - 00012800 ____A (EldoS Corporation) C:\Windows\SysWOW64\elrawdsk.sys
2012-06-24 00:35 - 2012-06-24 00:36 - 00000000 ____D C:\Users\All Users\iolo
2012-06-24 00:35 - 2012-06-24 00:35 - 00000000 ____D C:\Users\lucky\AppData\Roaming\iolo
2012-06-24 00:31 - 2012-06-24 00:32 - 00000820 ____A C:\Users\lucky\Desktop\fgyk.reg
2012-06-24 00:04 - 2012-06-24 00:04 - 00035904 ____A (VirusBlokAda Ltd.) C:\Windows\SysWOW64\Drivers\u01w3ynw.sys
2012-06-24 00:01 - 2012-06-24 00:01 - 00000000 ____A C:\Users\Driver Sweeper\Filters.xml
2012-06-24 00:00 - 2012-06-24 00:02 - 00000385 ____A C:\Users\Driver Sweeper\Settings.xml
2012-06-23 23:38 - 2012-06-24 00:16 - 00000000 ____D C:\users\Driver Sweeper
2012-06-23 23:38 - 2012-06-23 23:38 - 00057560 ____A C:\Users\lucky\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-23 23:38 - 2012-06-23 23:38 - 00003003 ____A C:\Users\lucky\Desktop\HiJackThis.lnk
2012-06-23 23:37 - 2012-06-23 23:37 - 00000000 ____A C:\Users\lucky\defogger_reenable
2012-06-23 23:34 - 2012-06-23 23:34 - 00000000 ____D C:\Users\All Users\F-Secure uninstallationtool
2012-06-23 23:29 - 2012-06-23 23:29 - 00000014 ____A C:\Users\lucky\AppData\Roaming\mbam.context.scan
2012-06-23 23:25 - 2012-06-23 23:25 - 00000000 ____D C:\Users\lucky\AppData\Roaming\Malwarebytes
2012-06-23 23:25 - 2012-06-23 23:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-23 23:23 - 2012-06-23 23:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-23 21:30 - 2012-06-23 20:39 - 00000000 ____D C:\Windows\Panther
2012-06-23 20:47 - 2012-06-23 20:47 - 00000000 ____D C:\Users\All Users\Belkin Driver
2012-06-23 20:47 - 2011-07-26 07:50 - 00014119 ____A C:\Windows\SysWOW64\RaCoInst.dat
2012-06-23 20:47 - 2011-07-26 07:50 - 00014119 ____A C:\Windows\System32\RaCoInst.dat
2012-06-23 20:46 - 2012-06-23 20:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-23 20:46 - 2012-06-23 20:46 - 00000000 ____D C:\Users\lucky\AppData\Roaming\InstallShield
2012-06-23 20:46 - 2012-06-23 20:46 - 00000000 ____D C:\Program Files (x86)\Belkin
2012-06-23 20:46 - 2011-04-25 10:00 - 02399584 ____A (Ralink Technology, Corp.) C:\Windows\System32\RaCertMgr.dll
2012-06-23 20:46 - 2011-04-25 10:00 - 01607008 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RaCertMgr.dll
2012-06-23 20:46 - 2011-04-25 10:00 - 01112928 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAIHV.dll
2012-06-23 20:46 - 2011-04-25 10:00 - 01112928 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAIHV.dll
2012-06-23 20:46 - 2011-04-25 10:00 - 00792416 ____A C:\Windows\SysWOW64\DiagFunc.dll
2012-06-23 20:46 - 2011-04-25 10:00 - 00792416 ____A C:\Windows\System32\DiagFunc.dll
2012-06-23 20:46 - 2011-04-25 10:00 - 00128864 ____A (Ralink Technology, Corp.) C:\Windows\SysWOW64\RAEXTUI.dll
2012-06-23 20:46 - 2011-04-25 10:00 - 00128864 ____A (Ralink Technology, Corp.) C:\Windows\System32\RAEXTUI.dll
2012-06-23 20:46 - 2011-04-25 10:00 - 00000451 ____A C:\Windows\SysWOW64\DiagFunc.ini
2012-06-23 20:46 - 2011-04-25 10:00 - 00000451 ____A C:\Windows\System32\DiagFunc.ini
2012-06-23 20:39 - 2012-06-25 22:55 - 00034571 ____A C:\Windows\WindowsUpdate.log
2012-06-23 20:39 - 2012-06-23 23:37 - 00000000 ____D C:\users\lucky
2012-06-23 20:39 - 2012-06-23 20:39 - 00000020 __ASH C:\Users\lucky\ntuser.ini
2012-06-23 20:39 - 2012-06-23 20:39 - 00000000 __SHD C:\Recovery
2012-06-23 20:39 - 2012-06-23 20:39 - 00000000 ____D C:\Users\lucky\AppData\Local\VirtualStore
2012-06-23 20:33 - 2012-06-23 20:33 - 00001355 ____A C:\Windows\TSSysprep.log


============ 3 Months Modified Files and Folders =============

2012-06-26 20:20 - 2012-06-24 01:01 - 00000146 ____A C:\Windows\setupact.log
2012-06-26 20:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-25 22:55 - 2012-06-23 20:39 - 00034571 ____A C:\Windows\WindowsUpdate.log
2012-06-25 22:55 - 2009-07-13 20:45 - 00020640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-25 22:55 - 2009-07-13 20:45 - 00020640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-25 22:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-25 22:07 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-24 01:01 - 2012-06-24 01:01 - 00000000 ____A C:\Windows\setuperr.log
2012-06-24 00:57 - 2012-06-24 00:57 - 00000020 __ASH C:\Users\LJHOU\ntuser.ini
2012-06-24 00:57 - 2012-06-24 00:57 - 00000000 ____D C:\Users\LJHOU\AppData\Local\VirtualStore
2012-06-24 00:57 - 2012-06-24 00:57 - 00000000 ____D C:\users\LJHOU
2012-06-24 00:56 - 2012-06-24 00:56 - 00069632 ____A C:\Users\lucky\Desktop\mkhgfuf.evtx
2012-06-24 00:56 - 2012-06-24 00:56 - 00000000 ____D C:\Users\lucky\Desktop\LocaleMetaData
2012-06-24 00:36 - 2012-06-24 00:36 - 00001180 ____A C:\Users\lucky\Desktop\DriveScrubber 3.lnk
2012-06-24 00:36 - 2012-06-24 00:36 - 00000000 ____D C:\Program Files (x86)\iolo
2012-06-24 00:36 - 2012-06-24 00:35 - 00000000 ____D C:\Users\All Users\iolo
2012-06-24 00:35 - 2012-06-24 00:35 - 00000000 ____D C:\Users\lucky\AppData\Roaming\iolo
2012-06-24 00:32 - 2012-06-24 00:31 - 00000820 ____A C:\Users\lucky\Desktop\fgyk.reg
2012-06-24 00:16 - 2012-06-23 23:38 - 00000000 ____D C:\users\Driver Sweeper
2012-06-24 00:04 - 2012-06-24 00:04 - 00035904 ____A (VirusBlokAda Ltd.) C:\Windows\SysWOW64\Drivers\u01w3ynw.sys
2012-06-24 00:02 - 2012-06-24 00:00 - 00000385 ____A C:\Users\Driver Sweeper\Settings.xml
2012-06-24 00:01 - 2012-06-24 00:01 - 00000000 ____A C:\Users\Driver Sweeper\Filters.xml
2012-06-23 23:38 - 2012-06-23 23:38 - 00057560 ____A C:\Users\lucky\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-23 23:38 - 2012-06-23 23:38 - 00003003 ____A C:\Users\lucky\Desktop\HiJackThis.lnk
2012-06-23 23:37 - 2012-06-23 23:37 - 00000000 ____A C:\Users\lucky\defogger_reenable
2012-06-23 23:37 - 2012-06-23 20:39 - 00000000 ____D C:\users\lucky
2012-06-23 23:34 - 2012-06-23 23:34 - 00000000 ____D C:\Users\All Users\F-Secure uninstallationtool
2012-06-23 23:29 - 2012-06-23 23:29 - 00000014 ____A C:\Users\lucky\AppData\Roaming\mbam.context.scan
2012-06-23 23:25 - 2012-06-23 23:25 - 00000000 ____D C:\Users\lucky\AppData\Roaming\Malwarebytes
2012-06-23 23:25 - 2012-06-23 23:25 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-23 23:23 - 2012-06-23 23:23 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-23 21:30 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-06-23 21:30 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-06-23 20:47 - 2012-06-23 20:47 - 00000000 ____D C:\Users\All Users\Belkin Driver
2012-06-23 20:46 - 2012-06-23 20:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-23 20:46 - 2012-06-23 20:46 - 00000000 ____D C:\Users\lucky\AppData\Roaming\InstallShield
2012-06-23 20:46 - 2012-06-23 20:46 - 00000000 ____D C:\Program Files (x86)\Belkin
2012-06-23 20:43 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-06-23 20:42 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\restore
2012-06-23 20:39 - 2012-06-23 21:30 - 00000000 ____D C:\Windows\Panther
2012-06-23 20:39 - 2012-06-23 20:39 - 00000020 __ASH C:\Users\lucky\ntuser.ini
2012-06-23 20:39 - 2012-06-23 20:39 - 00000000 __SHD C:\Recovery
2012-06-23 20:39 - 2012-06-23 20:39 - 00000000 ____D C:\Users\lucky\AppData\Local\VirtualStore
2012-06-23 20:39 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Recovery
2012-06-23 20:34 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-23 20:33 - 2012-06-23 20:33 - 00001355 ____A C:\Windows\TSSysprep.log
2012-06-23 20:33 - 2009-07-13 21:01 - 00115640 ____A C:\Windows\SysWOW64\license.rtf
2012-06-23 20:33 - 2009-07-13 21:01 - 00115640 ____A C:\Windows\System32\license.rtf
2012-06-23 20:33 - 2009-07-13 20:46 - 00002790 ____A C:\Windows\DtcInstall.log
2012-06-23 20:33 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 7664.61 MB
Available physical RAM: 6946.66 MB
Total Pagefile: 7662.81 MB
Available Pagefile: 6933.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:909.45 GB) NTFS
3 Drive f: () (Removable) (Total:7.45 GB) (Free:5.29 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7633 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-25 22:32

======================= End Of Log ==========================

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:04 PM

Posted 27 June 2012 - 02:47 PM

I've took a look at some past threads and I've seen you disappear a few times which I am not happy to see. I will close this topic and keep it closed if you do not reply within the three days. I also see things like you blaming Ebay mods for suspicious behaviour? That sounds plain weird and is not the problem. In fact, I don't see a problem in any of the threads following the first where you seem to have had a rootkit which is now long gone.

So....can you explain what you mean by "it comes back after a reinstall"?

  • What is coming back?
  • What symptoms are you seeing?
  • Are you aware that Flame does not target home computers and networks? It has no interest in your machine and the only similarity between the machines they are targeting and yours is they both run Windows.

Posted Image
m0le is a proud member of UNITE

#10 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 27 June 2012 - 08:08 PM

I will make this as quick as I can. You will not believe this, i wish you had a way to see that I was just on this site typing a reply to this topic and my pc shut down after about 30 minutes of trying to explain the problems I have had.
When I did not finish a topic, it was only because the pc was no longer able to function. Look,,,, I will be more than happy to pay you for your time if there is a way other than PayPal. It seems as if you do not wish to help any longer and I can not blame you. I will give you a list of sypmtoms to the best of my ability and if you wish to close this topic, you may.

High host usage warnings from AV.
Unexplained Live accounts.
USB ports do not work
Cd/DVD drive will eject when starting a backup.
Unexplained portable devices.
Speakers pop when CD/DVD drive opens.


I will go on is you like. Just let me know if I am waisting my time first.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:04 PM

Posted 28 June 2012 - 05:16 PM

This seems more like hardware failure than a malware invasion.

Have you checked out the possibility of a hard drive or a motherboard problem?

Unexplained Live accounts.
Unexplained portable devices.


What can you tell me about these?
Posted Image
m0le is a proud member of UNITE

#12 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 29 June 2012 - 09:35 AM

I will get with you tonight. I have access to several different pc's from a pawnshop. I started using one that I am running frst64 logs 3 times a day on my network at home and at work. I am also taking some screenshots of things that may shed some light. I have trouble expaining everthing because as I said before I only know enough to be dangerous. Yesterday I did a FSS scan and it said no Windows programs were running (defender-firewall......). I then check and the pc said all were running. This is on the pc that I just started using a few days ago. I will give you more info tonight. Let me know if this is ok and what you want me to do next and I will do it. Thanks for your time.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:04 PM

Posted 29 June 2012 - 07:22 PM

I have PMd you.
Posted Image
m0le is a proud member of UNITE

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:04 PM

Posted 30 June 2012 - 05:35 AM

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your next reply.[/list]
Posted Image
m0le is a proud member of UNITE

#15 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:04 AM

Posted 30 June 2012 - 09:40 AM

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 26-06-2012 21:58:28
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2723112 2011-03-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6561384 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418840 2011-03-30] (Intel Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10222080 2010-12-14] (Intel Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Startup: C:\Users\gina\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) ======

2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [901184 2010-12-14] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1298496 2010-12-14] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [974912 2010-12-14] (Intel Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 btmaux; C:\Windows\System32\Drivers\btmaux.sys [58128 2010-12-14] (Intel Corporation)
3 btmhsf; C:\Windows\System32\Drivers\btmhsf.sys [274432 2010-12-14] (Intel Corporation)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2010-12-14] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel® Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-26 21:58 - 2012-06-26 21:58 - 00000000 ____D C:\FRST
2012-06-26 21:03 - 2012-06-26 21:03 - 00000588 ____A C:\Users\gina\Desktop\FRST - Shortcut.lnk
2012-06-26 19:26 - 2012-02-23 10:18 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-06-26 19:23 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-26 19:23 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-26 19:23 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-26 19:23 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-26 19:23 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-26 19:23 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-26 19:23 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-26 19:23 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-26 19:23 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-26 19:20 - 2012-06-26 19:20 - 00000000 ____D C:\Users\gina\My Documents\My Received Files
2012-06-26 19:20 - 2012-06-26 19:20 - 00000000 ____D C:\Users\gina\Documents\My Received Files
2012-06-26 19:12 - 2012-06-26 19:12 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 19:12 - 2012-06-26 19:12 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\gina\Application Data\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\gina\AppData\Roaming\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 19:12 - 2012-04-04 15:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 19:11 - 2012-06-26 19:11 - 00000000 ____A C:\Users\gina\defogger_reenable
2012-06-26 19:10 - 2012-06-26 19:10 - 00000361 ____A C:\rkill.log
2012-06-26 19:09 - 2012-06-26 19:09 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf

============ 3 Months Modified Files and Folders =============

2012-06-26 21:55 - 2009-07-14 00:10 - 01133375 ____A C:\Windows\WindowsUpdate.log
2012-06-26 21:37 - 2009-07-13 23:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 21:37 - 2009-07-13 23:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 21:30 - 2009-07-14 00:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-26 21:27 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-06-26 21:27 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-06-26 21:27 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-06-26 21:27 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-06-26 21:27 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-06-26 21:27 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-06-26 21:27 - 2011-06-10 14:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-26 21:26 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-26 21:26 - 2009-07-13 23:51 - 00024142 ____A C:\Windows\setupact.log
2012-06-26 21:03 - 2012-06-26 21:03 - 00000588 ____A C:\Users\gina\Desktop\FRST - Shortcut.lnk
2012-06-26 20:57 - 2011-06-10 14:49 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-26 20:57 - 2011-06-10 14:49 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-06-26 20:56 - 2011-06-10 15:55 - 00012902 ____A C:\Windows\PFRO.log
2012-06-26 20:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-06-26 20:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-06-26 20:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-06-26 19:20 - 2012-06-26 19:20 - 00000000 ____D C:\Users\gina\My Documents\My Received Files
2012-06-26 19:20 - 2012-06-26 19:20 - 00000000 ____D C:\Users\gina\Documents\My Received Files
2012-06-26 19:12 - 2012-06-26 19:12 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 19:12 - 2012-06-26 19:12 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\gina\Application Data\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\gina\AppData\Roaming\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 19:11 - 2012-06-26 19:11 - 00000000 ____A C:\Users\gina\defogger_reenable
2012-06-26 19:11 - 2011-12-19 15:28 - 00000000 ____D C:\users\gina
2012-06-26 19:10 - 2012-06-26 19:10 - 00000361 ____A C:\rkill.log
2012-06-26 19:09 - 2012-06-26 19:09 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-26 18:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2012-06-26 18:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2012-06-26 18:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-26 18:33 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-02 17:19 - 2012-06-26 19:23 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-26 19:23 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-26 19:23 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-26 19:23 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-26 19:23 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-26 19:23 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-26 19:23 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-26 19:23 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-26 19:23 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-29 12:00 - 2011-06-10 14:55 - 00000000 ____D C:\Users\All Users\Sonic
2012-05-29 12:00 - 2011-06-10 14:55 - 00000000 ____D C:\Users\All Users\Application Data\Sonic
2012-04-04 15:56 - 2012-06-26 19:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 6058.17 MB
Available physical RAM: 5395.12 MB
Total Pagefile: 6056.32 MB
Available Pagefile: 5368.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:540.39 GB) NTFS
3 Drive e: () (Removable) (Total:7.45 GB) (Free:5.29 GB) FAT32
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.6 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 14 GB 102 MB
Partition 3 Primary 581 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 101 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 581 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E FAT32 Removable 7633 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-26 18:22

======================= End Of Log ==========================

Scan result of Farbar Recovery Scan Tool Version: 19-06-2012
Ran by SYSTEM at 27-06-2012 23:11:02
Running from D:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2723112 2011-03-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6561384 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-03-30] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-03-30] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418840 2011-03-30] (Intel Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10222080 2010-12-14] (Intel Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Startup: C:\Users\gina\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) ======

4 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [901184 2010-12-14] (Intel Corporation)
4 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1298496 2010-12-14] (Intel Corporation)
4 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [974912 2010-12-14] (Intel Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
4 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-11-25] (Sonic Solutions)
4 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 btmaux; C:\Windows\System32\Drivers\btmaux.sys [58128 2010-12-14] (Intel Corporation)
3 btmhsf; C:\Windows\System32\Drivers\btmhsf.sys [274432 2010-12-14] (Intel Corporation)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [59904 2010-12-14] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [250984 2010-12-01] (Realtek Semiconductor Corp.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [16120 2010-11-29] (Intel® Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-27 21:57 - 2012-06-27 21:57 - 00003288 ____N C:\bootsqm.dat
2012-06-27 21:47 - 2012-06-27 21:47 - 307783264 ____A C:\Windows\MEMORY.DMP
2012-06-27 18:20 - 2012-06-27 18:21 - 00007605 ____A C:\Users\gina\Local Settings\Resmon.ResmonCfg
2012-06-27 18:20 - 2012-06-27 18:21 - 00007605 ____A C:\Users\gina\Local Settings\Application Data\Resmon.ResmonCfg
2012-06-27 18:20 - 2012-06-27 18:21 - 00007605 ____A C:\Users\gina\AppData\Local\Resmon.ResmonCfg
2012-06-27 18:02 - 2012-03-01 01:54 - 00022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-06-27 18:02 - 2012-03-01 01:45 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-06-27 18:02 - 2012-03-01 01:40 - 00080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-06-27 18:02 - 2012-03-01 01:35 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-06-27 18:02 - 2012-03-01 00:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-06-27 18:02 - 2012-03-01 00:45 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-06-27 18:02 - 2012-03-01 00:40 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-06-27 18:00 - 2012-05-17 21:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-27 18:00 - 2012-05-17 21:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-27 18:00 - 2012-05-17 21:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-27 18:00 - 2012-05-17 20:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-27 18:00 - 2012-05-17 20:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-27 18:00 - 2012-05-17 20:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-27 18:00 - 2012-05-17 20:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-27 18:00 - 2012-05-17 20:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-27 18:00 - 2012-05-17 20:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-27 18:00 - 2012-05-17 20:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-27 18:00 - 2012-05-17 20:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-27 18:00 - 2012-05-17 20:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-27 18:00 - 2012-05-17 20:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-27 18:00 - 2012-05-17 20:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-27 18:00 - 2012-05-17 18:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-27 18:00 - 2012-05-17 17:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-27 18:00 - 2012-05-17 17:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-27 18:00 - 2012-05-17 17:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-27 18:00 - 2012-05-17 17:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-27 18:00 - 2012-05-17 17:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-27 18:00 - 2012-05-17 17:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-27 18:00 - 2012-05-17 17:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-27 18:00 - 2012-05-17 17:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-27 18:00 - 2012-05-17 17:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-27 18:00 - 2012-05-17 17:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-27 18:00 - 2012-05-17 17:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-27 18:00 - 2012-05-17 17:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-27 18:00 - 2012-05-17 17:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-27 13:35 - 2012-04-26 00:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-27 13:35 - 2012-04-26 00:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-27 13:35 - 2012-04-26 00:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-27 13:34 - 2012-05-14 20:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-27 13:34 - 2012-05-04 11:52 - 05473136 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-27 13:34 - 2012-05-04 05:03 - 03970928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-27 13:34 - 2012-05-04 05:03 - 03915632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-27 13:34 - 2012-04-27 22:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-27 13:34 - 2012-03-17 02:55 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-27 13:34 - 2011-12-27 22:59 - 00499200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-06-27 13:34 - 2011-12-16 03:42 - 00634368 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-06-27 13:34 - 2011-12-16 02:59 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-06-27 13:33 - 2012-03-30 06:09 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-27 11:12 - 2012-02-15 01:27 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-06-27 11:12 - 2012-02-15 00:44 - 00826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-06-27 11:12 - 2012-02-14 23:46 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-06-26 23:06 - 2012-06-26 23:06 - 00001542 ____A C:\Users\gina\Local Settings\PDLSetup.20120626.230600.txt
2012-06-26 23:06 - 2012-06-26 23:06 - 00001542 ____A C:\Users\gina\Local Settings\Application Data\PDLSetup.20120626.230600.txt
2012-06-26 23:06 - 2012-06-26 23:06 - 00001542 ____A C:\Users\gina\AppData\Local\PDLSetup.20120626.230600.txt
2012-06-26 21:58 - 2012-06-27 23:11 - 00000000 ____D C:\FRST
2012-06-26 21:03 - 2012-06-26 21:03 - 00000588 ____A C:\Users\gina\Desktop\FRST - Shortcut.lnk
2012-06-26 19:26 - 2012-02-23 10:18 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-06-26 19:23 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-26 19:23 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-26 19:23 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-26 19:23 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-26 19:23 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-26 19:23 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-26 19:23 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-26 19:23 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-26 19:23 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-26 19:20 - 2012-06-26 19:20 - 00000000 ____D C:\Users\gina\My Documents\My Received Files
2012-06-26 19:20 - 2012-06-26 19:20 - 00000000 ____D C:\Users\gina\Documents\My Received Files
2012-06-26 19:12 - 2012-06-26 19:12 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 19:12 - 2012-06-26 19:12 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\gina\Application Data\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\gina\AppData\Roaming\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 19:12 - 2012-04-04 15:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-26 19:11 - 2012-06-26 19:11 - 00000000 ____A C:\Users\gina\defogger_reenable
2012-06-26 19:10 - 2012-06-26 19:10 - 00000361 ____A C:\rkill.log
2012-06-26 19:09 - 2012-06-26 19:09 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf


============ 3 Months Modified Files and Folders =============

2012-06-27 21:58 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-27 21:57 - 2012-06-27 21:57 - 00003288 ____N C:\bootsqm.dat
2012-06-27 21:47 - 2012-06-27 21:47 - 307783264 ____A C:\Windows\MEMORY.DMP
2012-06-27 21:31 - 2009-07-14 00:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-27 20:14 - 2009-07-14 00:10 - 01710045 ____A C:\Windows\WindowsUpdate.log
2012-06-27 19:33 - 2009-07-13 23:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-27 19:33 - 2009-07-13 23:45 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-27 18:21 - 2012-06-27 18:20 - 00007605 ____A C:\Users\gina\Local Settings\Resmon.ResmonCfg
2012-06-27 18:21 - 2012-06-27 18:20 - 00007605 ____A C:\Users\gina\Local Settings\Application Data\Resmon.ResmonCfg
2012-06-27 18:21 - 2012-06-27 18:20 - 00007605 ____A C:\Users\gina\AppData\Local\Resmon.ResmonCfg
2012-06-27 18:14 - 2009-07-13 23:45 - 00311848 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-27 18:12 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-06-27 17:40 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-06-27 17:40 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-06-27 17:40 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-06-27 17:40 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-06-27 17:40 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-06-27 17:40 - 2011-06-10 15:06 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-06-27 17:40 - 2011-06-10 14:55 - 00000000 ____D C:\Users\All Users\Sonic
2012-06-27 17:40 - 2011-06-10 14:55 - 00000000 ____D C:\Users\All Users\Application Data\Sonic
2012-06-27 17:40 - 2011-06-10 14:34 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-06-26 23:06 - 2012-06-26 23:06 - 00001542 ____A C:\Users\gina\Local Settings\PDLSetup.20120626.230600.txt
2012-06-26 23:06 - 2012-06-26 23:06 - 00001542 ____A C:\Users\gina\Local Settings\Application Data\PDLSetup.20120626.230600.txt
2012-06-26 23:06 - 2012-06-26 23:06 - 00001542 ____A C:\Users\gina\AppData\Local\PDLSetup.20120626.230600.txt
2012-06-26 21:03 - 2012-06-26 21:03 - 00000588 ____A C:\Users\gina\Desktop\FRST - Shortcut.lnk
2012-06-26 20:57 - 2011-06-10 14:49 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-26 20:57 - 2011-06-10 14:49 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-06-26 20:56 - 2011-06-10 15:55 - 00012902 ____A C:\Windows\PFRO.log
2012-06-26 20:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2012-06-26 20:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2012-06-26 20:55 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-06-26 19:20 - 2012-06-26 19:20 - 00000000 ____D C:\Users\gina\My Documents\My Received Files
2012-06-26 19:20 - 2012-06-26 19:20 - 00000000 ____D C:\Users\gina\Documents\My Received Files
2012-06-26 19:12 - 2012-06-26 19:12 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 19:12 - 2012-06-26 19:12 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\gina\Application Data\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\gina\AppData\Roaming\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-26 19:12 - 2012-06-26 19:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-26 19:11 - 2012-06-26 19:11 - 00000000 ____A C:\Users\gina\defogger_reenable
2012-06-26 19:11 - 2011-12-19 15:28 - 00000000 ____D C:\users\gina
2012-06-26 19:10 - 2012-06-26 19:10 - 00000361 ____A C:\rkill.log
2012-06-26 19:09 - 2012-06-26 19:09 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-06-26 18:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-26 18:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2012-06-26 18:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2012-06-26 18:40 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2012-06-26 18:33 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2012-06-02 17:19 - 2012-06-26 19:23 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-26 19:23 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-26 19:23 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-26 19:23 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-26 19:23 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-26 19:23 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-26 19:23 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-26 19:23 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-26 19:23 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-17 21:47 - 2012-06-27 18:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 21:16 - 2012-06-27 18:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 21:06 - 2012-06-27 18:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 20:59 - 2012-06-27 18:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 20:59 - 2012-06-27 18:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 20:58 - 2012-06-27 18:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 20:58 - 2012-06-27 18:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 20:56 - 2012-06-27 18:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 20:55 - 2012-06-27 18:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 20:55 - 2012-06-27 18:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 20:54 - 2012-06-27 18:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 20:51 - 2012-06-27 18:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 20:51 - 2012-06-27 18:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 20:47 - 2012-06-27 18:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 18:11 - 2012-06-27 18:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 17:48 - 2012-06-27 18:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 17:45 - 2012-06-27 18:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 17:36 - 2012-06-27 18:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 17:35 - 2012-06-27 18:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 17:35 - 2012-06-27 18:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 17:33 - 2012-06-27 18:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 17:31 - 2012-06-27 18:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 17:29 - 2012-06-27 18:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 17:29 - 2012-06-27 18:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 17:27 - 2012-06-27 18:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 17:25 - 2012-06-27 18:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 17:24 - 2012-06-27 18:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 17:20 - 2012-06-27 18:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 20:32 - 2012-06-27 13:34 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-04 11:52 - 2012-06-27 13:34 - 05473136 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-27 13:34 - 03970928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-27 13:34 - 03915632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-27 22:50 - 2012-06-27 13:34 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:34 - 2012-06-27 13:35 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:34 - 2012-06-27 13:35 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:28 - 2012-06-27 13:35 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-04 15:56 - 2012-06-26 19:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 06:09 - 2012-06-27 13:33 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 6058.17 MB
Available physical RAM: 5391.89 MB
Total Pagefile: 6056.32 MB
Available Pagefile: 5365.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:537.45 GB) NTFS
2 Drive d: (Jun 19 2012) (CDROM) (Total:4.38 GB) (Free:4.2 GB) UDF
3 Drive e: () (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32
4 Drive f: () (Removable) (Total:29.8 GB) (Free:26.38 GB) FAT32
5 Drive g: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.6 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 14 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 Online 29 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 14 GB 102 MB
Partition 3 Primary 581 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 101 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 G RECOVERY NTFS Partition 14 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 581 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT32 Removable 14 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 16 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F FAT32 Removable 29 GB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-26 18:22

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users