Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

UK Police Scam. (+related problems)


  • This topic is locked This topic is locked
27 replies to this topic

#1 Fiale

Fiale

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 08 July 2012 - 03:37 PM

I've been told to come here from the "Am I infected? What do I do?" board, and post my DDS notepad and Attach file.


Link to original thread: http://www.bleepingcomputer.com/forums/topic459789.html


So I got the uk police ukash scam ransomware 3 days ago and I still dont entirely know if I'm still infected or not, but my laptop is acting weird. I'm running Windows 7.

I unchecked these 2 things from the startup from msconfig because they seemed strange (The Mcafee one seems to have a strange directory):

Posted Image


I ran malwarebytes and it found

Posted Image


Windows Firewall is gone from my list of services and wont let me open it (Looked at another thread on here that seemed to be having this problem too, got the error code 0x80070424)

I'm unsure if this problem is related or not, but I have these 2 long digit folders that look "dodgy" and I can't delete them either.

Posted Image

There also seems to be some problem as to whether my account is the administrator, when it is.

Thankyou for any help you can give me, i'm very stressed out with all of this.. :/


===The DDS file===

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_31
Run by Kerry at 21:21:19 on 2012-07-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1755 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sega.co.jp/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DeLorme Send To GPS: {fbaad182-3c7a-4bc4-a5e9-207b8e0f02fd} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Kerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Kerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: bigfile.co.kr
Trusted Zone: gogobox.com.tw
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {77D54273-FD01-4E93-B109-68C1F375A7D4} - hxxp://api.2ndrive.com/update/NdStarter.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{02D4FA97-262D-4DCA-9088-C92E5B543AF8} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{02D4FA97-262D-4DCA-9088-C92E5B543AF8}\35B4950333438393 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll
BHO-X64: PNBHO - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\sb8aqoux.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppnplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\sb8aqoux.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 128752]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-8-31 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
S2 AMD FusionUtility Service;AMD FusionUtility Service;C:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionUtility2Service.exe [2010-4-14 275832]
S2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-4-14 140160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-4-25 514232]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-7 654408]
S2 NATService;NATService;C:\Program Files (x86)\NAT Service\natsvc.exe [2010-11-5 483952]
S2 QuickDownload Agent;QuickDownload Agent;C:\Program Files (x86)\QuickDownloadService\qdownagent.exe [2010-11-5 114688]
S2 QuickDownload Service;QuickDownload Service;C:\Program Files (x86)\QuickDownloadService\qdownservice.exe [2010-11-5 102400]
S2 QuickDownload Update;QuickDownload Update;C:\Program Files (x86)\QuickDownloadService\qdownupdate.exe [2010-11-5 94208]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-26 1153368]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-28 257696]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 113120]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-08 19:04:19 -------- d-----w- C:\Windows\pss
2012-07-08 17:01:04 -------- d-----w- C:\Users\Kerry\AppData\Roaming\SpeedyPC Software
2012-07-08 17:01:04 -------- d-----w- C:\Users\Kerry\AppData\Roaming\DriverCure
2012-07-08 17:00:57 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-07-08 17:00:56 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-07-08 17:00:56 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-06-28 13:01:08 4126880 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-06-28 12:36:54 -------- d-----w- C:\Users\Kerry\AppData\Local\Macromedia
2012-06-28 12:34:18 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-06-28 12:34:17 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-06-28 12:34:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-28 12:34:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-26 08:09:03 75208 ----a-w- C:\Windows\System32\drivers\442564429e863a90.sys
2012-06-22 06:35:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AC6E5546-54D5-4F47-A843-B1E8FADBA7E9}\mpengine.dll
2012-06-19 17:52:27 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 17:52:26 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 22:44:55 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-18 22:44:43 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-18 22:44:13 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-18 22:44:13 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-06-10 07:33:32 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 21:10:14 215336 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-05-01 21:10:14 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-05-01 21:10:14 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-05-01 21:10:13 400168 ----a-w- C:\Windows\System32\SynCOM.dll
2012-05-01 21:10:13 271144 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-05-01 21:10:13 214312 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-05-01 21:10:13 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-05-01 21:08:12 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2012-05-01 21:08:12 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2012-05-01 21:08:12 3891200 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2012-05-01 21:08:12 3555840 ----a-w- C:\Windows\System32\bcmihvui64.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 17:05:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 21:24:15.95 ===============

Attached Files


Edited by Fiale, 09 July 2012 - 12:31 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 13 July 2012 - 03:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459801 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Fiale

Fiale
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 13 July 2012 - 04:08 PM

I dont have my original CD of Windows and I'm running Windows 64-bit. All of the above problems still persist, and I've been running my laptop in Safe Mode with networking since. Unfortunatly i'm not completely sure if there is more damage than I'm describing, this is all I've found so far. But I know the ukash malware is a nasty one, so I wouldn't be suprised at what it's done.

The 4 things Malwarebytes found in the original post were deleted.

Here's a new DDS file and the attach file, as requested by the bot:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_31
Run by Kerry at 21:49:52 on 2012-07-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.2151 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sega.co.jp/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: DeLorme Send To GPS: {fbaad182-3c7a-4bc4-a5e9-207b8e0f02fd} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Kerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\Users\Kerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: bigfile.co.kr
Trusted Zone: gogobox.com.tw
DPF: {0349EF81-B9C1-4B97-86F7-7B931D0E2532} - hxxp://sticube.clubbox.co.kr/sticubeupdate/cab/NowStarter2.cab
DPF: {77D54273-FD01-4E93-B109-68C1F375A7D4} - hxxp://api.2ndrive.com/update/NdStarter.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{02D4FA97-262D-4DCA-9088-C92E5B543AF8} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{02D4FA97-262D-4DCA-9088-C92E5B543AF8}\35B4950333438393 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll
BHO-X64: PNBHO - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\sb8aqoux.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppnplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kerry\AppData\Roaming\Mozilla\Firefox\Profiles\sb8aqoux.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 128752]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2012-7-7 0]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-8-31 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-19 365568]
S2 AMD FusionUtility Service;AMD FusionUtility Service;C:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionUtility2Service.exe [2010-4-14 275832]
S2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-4-14 140160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2010-4-25 514232]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
S2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-7 654408]
S2 NATService;NATService;C:\Program Files (x86)\NAT Service\natsvc.exe [2010-11-5 483952]
S2 QuickDownload Agent;QuickDownload Agent;C:\Program Files (x86)\QuickDownloadService\qdownagent.exe [2010-11-5 114688]
S2 QuickDownload Service;QuickDownload Service;C:\Program Files (x86)\QuickDownloadService\qdownservice.exe [2010-11-5 102400]
S2 QuickDownload Update;QuickDownload Update;C:\Program Files (x86)\QuickDownloadService\qdownupdate.exe [2010-11-5 94208]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-26 1153368]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-28 257696]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-08 19:04:19 -------- d-----w- C:\Windows\pss
2012-07-08 17:01:04 -------- d-----w- C:\Users\Kerry\AppData\Roaming\SpeedyPC Software
2012-07-08 17:01:04 -------- d-----w- C:\Users\Kerry\AppData\Roaming\DriverCure
2012-07-08 17:00:57 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-07-08 17:00:56 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-07-08 17:00:56 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-06-28 13:01:08 4126880 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-06-28 12:36:54 -------- d-----w- C:\Users\Kerry\AppData\Local\Macromedia
2012-06-28 12:34:18 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-06-28 12:34:17 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-06-28 12:34:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-28 12:34:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-26 08:09:03 75208 ----a-w- C:\Windows\System32\drivers\442564429e863a90.sys
2012-06-22 06:35:12 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AC6E5546-54D5-4F47-A843-B1E8FADBA7E9}\mpengine.dll
2012-06-19 17:52:27 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 17:52:26 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 22:44:55 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-18 22:44:43 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-18 22:44:13 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-18 22:44:13 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-06-10 07:33:32 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 21:10:14 215336 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-05-01 21:10:14 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-05-01 21:10:14 1390640 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-05-01 21:10:14 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-05-01 21:10:13 400168 ----a-w- C:\Windows\System32\SynCOM.dll
2012-05-01 21:10:13 271144 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-05-01 21:10:13 214312 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-05-01 21:10:13 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-05-01 21:08:12 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2012-05-01 21:08:12 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2012-05-01 21:08:12 3891200 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2012-05-01 21:08:12 3555840 ----a-w- C:\Windows\System32\bcmihvui64.dll
2012-05-01 21:08:12 3063360 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 17:05:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 21:53:17.90 ===============


The new attach file:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 26/08/2010 09:46:25
System Uptime: 13/07/2012 21:27:33 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1441
Processor: AMD Turion™ II N530 Dual-Core Processor | Socket S1G4 | 2493/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 277 GiB total, 34.329 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.994 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
F: is CDROM (CDFS)
G: is CDROM (CDFS)
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\NET\0001
Manufacturer:
Name:
PNP Device ID: ROOT\NET\0001
Service:
.
Class GUID:
Description:
Device ID: ROOT\NET\0002
Manufacturer:
Name:
PNP Device ID: ROOT\NET\0002
Service:
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP459: 13/06/2012 06:38:42 - Windows Update
RP460: 14/06/2012 07:19:14 - Windows Update
RP461: 18/06/2012 23:43:33 - Windows Update
RP462: 19/06/2012 18:07:07 - Windows Update
RP463: 01/07/2012 00:30:52 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
????
??????
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player
AMD Fusion Utility
AMD USB Filter Driver
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Bamboo
BioShock 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help English
Content Manager Assistant for PlayStation®
CyberLink DVD Suite
D3DX10
DAEMON Tools Lite
DeLorme Send To GPS 1.2
DoremiSoft MPG to FLV Converter 1.0
DVD Menu Pack for HP MediaSmart Video
ESU for Microsoft Windows 7
FINAL FANTASY XI: Ultimate Collection - Abyssea Edition
Fraps
Grandia2
Gtk+ Development Environment for Windows 2.12.9-2
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Video
HP MediaSmart Webcam
HP Photo Creations
HP Power Plan Utility
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0193
IDT Audio
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 31
Junk Mail filter update
K-Lite Codec Pack 7.1.0 (Full)
Legend of Grimrock
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Media Go
Media Go Video Playback Engine 1.64.104.02270
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft AppLocale
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 13.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mystara
NAT Service 2.3.0.11
NVIDIA PhysX
PCSX2 - Playstation 2 Emulator
PlayStation®Network Downloader
PlayStation®Store
Project64 1.6
Prototype™
QuickDownloadService
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Roll
RollerCoaster Tycoon 3
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SpeedyPC Pro
Spybot - Search & Destroy
StarCraft II
Steam
System Requirements Lab CYRI
Ulead VideoStudio SE DVD
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
USB2.0 Capture Device
Visual C++ 8.0 Runtime Setup Package (x64)
Visual C++ 9.0 ATL (x86) WinSXS MSM
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 MFC (x86) WinSXS MSM
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
13/07/2012 21:29:57, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
13/07/2012 21:28:19, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
13/07/2012 21:28:16, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
13/07/2012 21:28:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
13/07/2012 21:28:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/07/2012 21:28:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/07/2012 21:28:02, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
13/07/2012 21:27:57, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache DVMIO prodrv05 prodrv06 prohlp01 prohlp02 prosync1 SASDIFSV SASKUTIL sfhlp01 spldr Wanarpv6
13/07/2012 21:27:56, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
13/07/2012 21:27:56, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
13/07/2012 21:27:56, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
13/07/2012 21:27:56, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
09/07/2012 06:36:26, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\prodrv06.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
09/07/2012 06:36:26, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\prodrv05.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
08/07/2012 20:09:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
08/07/2012 18:52:29, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache DVMIO prodrv05 prodrv06 prohlp01 prohlp02 prosync1 SASDIFSV SASKUTIL sfhlp01 spldr sptd Wanarpv6
08/07/2012 18:52:06, Error: sptd [4] - Driver detected an internal error in its data structures for .
08/07/2012 18:50:32, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
08/07/2012 18:50:32, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
08/07/2012 16:49:49, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: A device attached to the system is not functioning.
08/07/2012 16:49:49, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: A device attached to the system is not functioning.
08/07/2012 16:47:47, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prodrv05 prodrv06 prohlp01 prohlp02 prosync1 SASDIFSV sfhlp01 sptd
08/07/2012 16:47:47, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: SASDIFSV is not a valid Win32 application.
08/07/2012 16:47:40, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
07/07/2012 15:39:41, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
07/07/2012 15:39:41, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/07/2012 15:39:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
07/07/2012 15:39:16, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
07/07/2012 15:39:16, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
07/07/2012 14:04:30, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: prodrv05 prodrv06 prohlp01 prohlp02 prosync1 sfhlp01 sptd
06/07/2012 21:20:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
06/07/2012 21:19:27, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The system cannot find the file specified.
06/07/2012 20:36:02, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache DVMIO prodrv05 prodrv06 prohlp01 prohlp02 prosync1 sfhlp01 spldr sptd Wanarpv6
.
==== End Of File ===========================

Edited by Fiale, 13 July 2012 - 04:19 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:18 PM

Posted 14 July 2012 - 05:58 AM

Hello Fiale,

Apologies for the delay.

Please tell me the reason you have been running the computer in Safe Mode with networking.

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 Fiale

Fiale
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 14 July 2012 - 01:33 PM

Lol i've just been overly cautious, and whilst networking allows for internet access, I just feel better running in safe mode whilst all this is going on. Just because i'm not entirely sure what the malware did, and if it's still on here, or if it's just the aftermath now. Though i'm not running in safe mode now, because I realise how silly it is. No worries about the delay, this has all taught me to be patient, and I'm incredibly greatful for the reply and the help, so thankyou.

Here's the frst64 log you requested:

Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 14-07-2012 19:24:37
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-01-27] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-08-30] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [x]
HKU\Kerry\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Kerry\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [2988488 2011-04-22] (SUPERAntiSpyware.com)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs:
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Kerry\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
ShortcutTarget: BBC iPlayer Desktop.lnk -> C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe (No File)
Startup: C:\Users\Kerry\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [128752 2010-06-29] (SUPERAntiSpyware.com)
2 AMD FusionUtility Service; "C:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionUtility2Service.exe" /launchService [275832 2010-04-14] (Advanced Micro Devices, Inc.)
2 AMD Reservation Manager; "C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe" [140160 2010-04-14] (Advanced Micro Devices)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
2 NATService; C:\Program Files (x86)\NAT Service\natsvc.exe [483952 2010-11-01] (interhouse Co.,Ltd)
2 QuickDownload Agent; C:\Program Files (x86)\QuickDownloadService\qdownagent.exe [114688 2009-02-06] (Innogrid, Inc)
2 QuickDownload Service; C:\Program Files (x86)\QuickDownloadService\qdownservice.exe [102400 2009-02-10] (Innogrid, Inc)
2 QuickDownload Update; C:\Program Files (x86)\QuickDownloadService\qdownupdate.exe [94208 2009-02-09] (Innogrid, Inc)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

========================== Drivers (Whitelisted) =============

0 442564429e863a90; C:\Windows\System32\Drivers\442564429e863a90.sys [75208 2012-06-26] ()
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [279616 2011-11-22] (DT Soft Ltd)
1 DVMIO; C:\Windows\System32\Drivers\DVMIO.sys [20056 2009-11-11] (DeviceVM, Inc.)
3 ezplay; C:\Windows\System32\Drivers\ezplay.sys [118400 2011-01-31] (VSO Software)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 msloop; C:\Windows\System32\DRIVERS\loop.sys [7680 2009-07-13] (Microsoft Corporation)
1 prodrv05; C:\Windows\SysWow64\Drivers\prodrv05.sys [53568 2002-12-26] (Protection Technology Co.)
1 prodrv06; C:\Windows\SysWow64\Drivers\prodrv06.sys [51264 2003-07-15] (StarForce Technologies, Inc.)
0 prohlp01; C:\Windows\SysWow64\Drivers\prohlp01.sys [61728 2002-12-26] (Protection Technology Co.)
0 prohlp02; C:\Windows\SysWow64\Drivers\prohlp02.sys [94816 2003-07-15] (StarForce Technologies, Inc.)
0 prosync1; C:\Windows\SysWow64\Drivers\prosync1.sys [6848 2003-04-03] (StarForce Technologies, Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [0 2012-07-07] ()
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 sfhlp01; C:\Windows\SysWow64\Drivers\sfhlp01.sys [4448 2003-04-29] (StarForce Technologies, Inc.)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-01-20] (Duplex Secure Ltd.)
3 SysInfo; \??\C:\Windows\system32\drivers\SysInfo.sys [x]
3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-14 19:24 - 2012-07-14 19:24 - 00000000 ____D C:\FRST
2012-07-14 10:05 - 2012-07-14 10:05 - 01436595 ____A (Farbar) C:\Users\Kerry\Desktop\FRST64.exe
2012-07-13 12:57 - 2012-07-13 12:57 - 00302592 ____A C:\Users\Kerry\Desktop\r1yw90d3.exe
2012-07-08 21:36 - 2012-07-14 10:01 - 00000168 ____A C:\Windows\setupact.log
2012-07-08 21:36 - 2012-07-08 21:36 - 00000000 ____A C:\Windows\setuperr.log
2012-07-08 12:25 - 2012-07-08 12:25 - 00016994 ____A C:\Users\Kerry\Desktop\Attach.txt
2012-07-08 12:25 - 2012-07-08 12:25 - 00016313 ____A C:\Users\Kerry\Desktop\DDS.txt
2012-07-08 12:20 - 2012-07-08 12:20 - 00607260 ____R (Swearware) C:\Users\Kerry\Desktop\dds.scr
2012-07-08 12:18 - 2012-07-08 12:18 - 00000524 ____A C:\Users\Kerry\Desktop\defogger_disable.log
2012-07-08 12:18 - 2012-07-08 12:18 - 00000384 ____A C:\Users\Kerry\defogger_reenable
2012-07-08 12:17 - 2012-07-08 12:17 - 00050477 ____A C:\Users\Kerry\Desktop\Defogger.exe
2012-07-08 12:06 - 2012-07-08 12:06 - 00001044 ____A C:\Users\Kerry\Desktop\aswMBR.txt
2012-07-08 11:52 - 2012-07-08 11:55 - 00031250 ____A C:\Users\Kerry\Desktop\Result.txt
2012-07-08 11:51 - 2012-07-08 11:51 - 00004570 ____A C:\Users\Kerry\Desktop\FSS.txt
2012-07-08 11:48 - 2012-07-08 11:49 - 04731392 ____A (AVAST Software) C:\Users\Kerry\Desktop\aswMBR.exe
2012-07-08 11:48 - 2012-07-08 11:48 - 00688663 ____A (Farbar) C:\Users\Kerry\Desktop\FSS.exe
2012-07-08 11:48 - 2012-07-08 11:48 - 00403231 ____A C:\Users\Kerry\Desktop\MiniToolBox.exe
2012-07-08 11:47 - 2012-07-08 11:47 - 00869194 ____A C:\Users\Kerry\Desktop\SecurityCheck.exe
2012-07-08 11:04 - 2012-07-08 11:04 - 00000000 ____D C:\Windows\pss
2012-07-08 09:01 - 2012-07-14 10:01 - 00000492 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-08 09:01 - 2012-07-08 09:01 - 00001159 ____A C:\Users\Kerry\Desktop\SpeedyPC Pro.lnk
2012-07-08 09:01 - 2012-07-08 09:01 - 00000000 ____D C:\Users\Kerry\AppData\Roaming\SpeedyPC Software
2012-07-08 09:01 - 2012-07-08 09:01 - 00000000 ____D C:\Users\Kerry\AppData\Roaming\DriverCure
2012-07-08 09:00 - 2012-07-14 10:01 - 00000464 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-08 09:00 - 2012-07-14 10:01 - 00000420 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-08 09:00 - 2012-07-08 09:00 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-08 09:00 - 2012-07-08 09:00 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-07-08 08:59 - 2012-07-08 09:00 - 04731432 ____A (SpeedyPC Software Inc.) C:\Users\Kerry\Desktop\SpeedyPC_Error_Fix.exe
2012-07-07 06:41 - 2012-07-14 10:09 - 00006576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-07 06:41 - 2012-07-14 10:09 - 00006576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-07 06:41 - 2012-07-07 06:41 - 00000552 ____A C:\Windows\System32\spsys.log
2012-07-07 06:31 - 2012-07-07 06:31 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-07 06:30 - 2012-07-07 06:30 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Kerry\Desktop\mbam-setup-1.61.0.1400.exe
2012-07-07 05:58 - 2012-07-07 05:58 - 03889704 ____A (Piriform Ltd) C:\Users\Kerry\Desktop\ccsetup320.exe
2012-06-28 05:01 - 2012-06-28 05:01 - 04126880 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-06-28 04:36 - 2012-06-28 04:36 - 00000000 ____D C:\Users\Kerry\AppData\Local\Macromedia
2012-06-28 04:34 - 2012-07-08 09:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-28 04:34 - 2012-07-07 05:05 - 00002054 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-06-28 04:34 - 2012-07-07 05:05 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2012-06-28 04:34 - 2012-07-06 21:42 - 00000000 ____D C:\Users\All Users\McAfee Security Scan
2012-06-28 04:34 - 2012-06-28 05:01 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-28 04:34 - 2012-06-28 05:01 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-28 04:34 - 2012-06-28 04:34 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-28 04:34 - 2012-06-28 04:34 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-26 00:09 - 2012-06-26 00:09 - 00075208 ____A C:\Windows\System32\Drivers\442564429e863a90.sys
2012-06-18 14:44 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 14:44 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 14:44 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 14:44 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 14:44 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 14:44 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 14:44 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 14:44 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 14:44 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-14 10:18 - 2009-07-13 21:13 - 00779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-14 10:14 - 2012-05-01 13:13 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-14 10:14 - 2010-08-30 20:29 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-07-14 10:09 - 2012-07-07 06:41 - 00006576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-14 10:09 - 2012-07-07 06:41 - 00006576 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-14 10:05 - 2012-07-14 10:05 - 01436595 ____A (Farbar) C:\Users\Kerry\Desktop\FRST64.exe
2012-07-14 10:01 - 2012-07-08 21:36 - 00000168 ____A C:\Windows\setupact.log
2012-07-14 10:01 - 2012-07-08 09:01 - 00000492 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-14 10:01 - 2012-07-08 09:00 - 00000464 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-14 10:01 - 2012-07-08 09:00 - 00000420 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-14 10:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-13 12:57 - 2012-07-13 12:57 - 00302592 ____A C:\Users\Kerry\Desktop\r1yw90d3.exe
2012-07-08 21:36 - 2012-07-08 21:36 - 00000000 ____A C:\Windows\setuperr.log
2012-07-08 12:25 - 2012-07-08 12:25 - 00016994 ____A C:\Users\Kerry\Desktop\Attach.txt
2012-07-08 12:25 - 2012-07-08 12:25 - 00016313 ____A C:\Users\Kerry\Desktop\DDS.txt
2012-07-08 12:20 - 2012-07-08 12:20 - 00607260 ____R (Swearware) C:\Users\Kerry\Desktop\dds.scr
2012-07-08 12:18 - 2012-07-08 12:18 - 00000524 ____A C:\Users\Kerry\Desktop\defogger_disable.log
2012-07-08 12:18 - 2012-07-08 12:18 - 00000384 ____A C:\Users\Kerry\defogger_reenable
2012-07-08 12:17 - 2012-07-08 12:17 - 00050477 ____A C:\Users\Kerry\Desktop\Defogger.exe
2012-07-08 12:06 - 2012-07-08 12:06 - 00001044 ____A C:\Users\Kerry\Desktop\aswMBR.txt
2012-07-08 11:55 - 2012-07-08 11:52 - 00031250 ____A C:\Users\Kerry\Desktop\Result.txt
2012-07-08 11:51 - 2012-07-08 11:51 - 00004570 ____A C:\Users\Kerry\Desktop\FSS.txt
2012-07-08 11:49 - 2012-07-08 11:48 - 04731392 ____A (AVAST Software) C:\Users\Kerry\Desktop\aswMBR.exe
2012-07-08 11:48 - 2012-07-08 11:48 - 00688663 ____A (Farbar) C:\Users\Kerry\Desktop\FSS.exe
2012-07-08 11:48 - 2012-07-08 11:48 - 00403231 ____A C:\Users\Kerry\Desktop\MiniToolBox.exe
2012-07-08 11:47 - 2012-07-08 11:47 - 00869194 ____A C:\Users\Kerry\Desktop\SecurityCheck.exe
2012-07-08 09:01 - 2012-07-08 09:01 - 00001159 ____A C:\Users\Kerry\Desktop\SpeedyPC Pro.lnk
2012-07-08 09:01 - 2012-06-28 04:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-08 09:00 - 2012-07-08 08:59 - 04731432 ____A (SpeedyPC Software Inc.) C:\Users\Kerry\Desktop\SpeedyPC_Error_Fix.exe
2012-07-07 06:41 - 2012-07-07 06:41 - 00000552 ____A C:\Windows\System32\spsys.log
2012-07-07 06:38 - 2012-02-06 14:41 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForKerry.job
2012-07-07 06:31 - 2012-07-07 06:31 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-07 06:30 - 2012-07-07 06:30 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Kerry\Desktop\mbam-setup-1.61.0.1400.exe
2012-07-07 05:58 - 2012-07-07 05:58 - 03889704 ____A (Piriform Ltd) C:\Users\Kerry\Desktop\ccsetup320.exe
2012-07-07 05:58 - 2012-04-26 07:53 - 00000981 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-07 05:05 - 2012-06-28 04:34 - 00002054 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-06-28 05:01 - 2012-06-28 05:01 - 04126880 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-06-28 05:01 - 2012-06-28 04:34 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-28 05:01 - 2012-06-28 04:34 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-26 00:09 - 2012-06-26 00:09 - 00075208 ____A C:\Windows\System32\Drivers\442564429e863a90.sys
2012-06-24 09:25 - 2011-05-02 10:28 - 00001273 ____A C:\Users\Kerry\Documents\Passwords birthdays & Addresses.txt
2012-06-13 22:59 - 2009-07-13 20:45 - 00415480 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 22:27 - 2010-08-28 22:16 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-09 23:33 - 2011-05-07 10:34 - 00043520 ____A C:\Windows\SysWOW64\CmdLineExt03.dll
2012-06-05 10:59 - 2012-06-05 10:59 - 00000141 ____A C:\Users\Kerry\Documents\Bills.txt
2012-06-02 14:19 - 2012-06-18 14:44 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 14:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 14:44 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 14:44 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 14:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 14:44 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 14:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-18 14:44 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-18 14:44 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-14 17:32 - 2012-06-12 21:43 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 12:05 - 2011-10-04 05:40 - 00192500 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-05-07 10:23 - 2010-09-17 06:36 - 01474832 ____A C:\Windows\System32\Drivers\sfi.dat
2012-05-04 03:06 - 2012-06-12 21:43 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 21:43 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 21:43 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-03 11:26 - 2012-05-01 13:35 - 00000023 ____A C:\Windows\BlendSettings.ini
2012-05-03 00:37 - 2012-05-03 00:37 - 00000781 ____A C:\Users\Kerry\Desktop\Steam.lnk
2012-05-01 13:10 - 2012-05-01 13:10 - 01390640 ____A (Synaptics Incorporated) C:\Windows\System32\Drivers\SynTP.sys
2012-05-01 13:10 - 2012-05-01 13:10 - 00400168 ____A (Synaptics Incorporated) C:\Windows\System32\SynCOM.dll
2012-05-01 13:10 - 2012-05-01 13:10 - 00271144 ____A (Synaptics Incorporated) C:\Windows\System32\SynCtrl.dll
2012-05-01 13:10 - 2012-05-01 13:10 - 00215336 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPAPI.dll
2012-05-01 13:10 - 2012-05-01 13:10 - 00214312 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCtrl.dll
2012-05-01 13:10 - 2012-05-01 13:10 - 00173352 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynCOM.dll
2012-05-01 13:10 - 2012-05-01 13:10 - 00147752 ____A (Synaptics Incorporated) C:\Windows\System32\SynTPCo4.dll
2012-05-01 13:10 - 2012-05-01 13:10 - 00107816 ____A (Synaptics Incorporated) C:\Windows\SysWOW64\SynTPCOM.dll
2012-05-01 13:08 - 2010-05-26 00:48 - 03891200 ____A (Broadcom Corporation) C:\Windows\System32\bcmihvsrv64.dll
2012-05-01 13:08 - 2010-05-26 00:48 - 03555840 ____A (Broadcom Corporation) C:\Windows\System32\bcmihvui64.dll
2012-05-01 13:08 - 2010-05-26 00:48 - 03063360 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\BCMWL664.SYS
2012-05-01 13:08 - 2010-05-26 00:48 - 00095544 ____A (Broadcom Corporation) C:\Windows\System32\bcmwlcoi.dll
2012-05-01 13:08 - 2010-05-26 00:48 - 00006656 ____A C:\Windows\System32\bcmwlrc.dll
2012-05-01 12:43 - 2012-05-01 12:43 - 00002139 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-04-30 21:40 - 2012-06-12 21:43 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-12 21:43 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 01:53 - 2012-04-26 07:50 - 00007597 ____A C:\Users\Kerry\AppData\Local\Resmon.ResmonCfg
2012-04-26 07:53 - 2010-08-26 04:31 - 00001240 ____A C:\Users\Kerry\Desktop\Spybot - Search & Destroy.lnk
2012-04-25 21:41 - 2012-06-12 21:43 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 21:43 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 21:43 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 16:38 - 2012-04-24 16:38 - 00001974 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-04-24 09:05 - 2011-04-11 09:34 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-04-24 09:05 - 2011-04-11 09:34 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-04-24 09:05 - 2011-04-11 09:34 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-04-24 09:05 - 2010-08-26 04:12 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-04-23 21:37 - 2012-06-12 21:43 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 21:43 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 21:43 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 21:43 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 21:43 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 21:43 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-16 09:41 - 2012-04-16 09:41 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk


ZeroAccess:
C:\Windows\Installer\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}
C:\Windows\Installer\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}\@
C:\Windows\Installer\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}\L
C:\Windows\Installer\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}\U
C:\Windows\Installer\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}\U\00000001.@
C:\Windows\Installer\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}\U\80000000.@

ZeroAccess:
C:\Users\Kerry\AppData\Local\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}
C:\Users\Kerry\AppData\Local\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}\@
C:\Users\Kerry\AppData\Local\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}\L
C:\Users\Kerry\AppData\Local\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 2810.9 MB
Available physical RAM: 2151.16 MB
Total Pagefile: 2809.05 MB
Available Pagefile: 2144.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:277.16 GB) (Free:34.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:20.63 GB) (Free:2.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (RCT3) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS
5 Drive h: () (Removable) (Total:3.69 GB) (Free:0.88 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3781 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 277 GB 200 MB
Partition 3 Primary 20 GB 277 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 277 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 20 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3777 MB 4096 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3777 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 05:39

======================= End Of Log ==========================

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:18 PM

Posted 14 July 2012 - 07:03 PM

Thanks for the feedback.

We are going to take care of the infection and check the system before we restore Windows services that are damaged. There is a TeaTimer startup that belongs to Spybot Search & Destroy. We remove it to prevent the TeaTimer from running in order to make sure it doesn't interfere with the fix. Otherwise it is a safe and legit entry.

The first step should be done in recovery mode, but the other steps will be done in normal mode.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    start
    HKU\Kerry\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
    0 442564429e863a90; C:\Windows\System32\Drivers\442564429e863a90.sys [75208 2012-06-26] ()
    C:\Windows\System32\Drivers\442564429e863a90.sys
    C:\Windows\Installer\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}
    C:\Users\Kerry\AppData\Local\{3bafb80d-9cf8-25b0-291a-5ad1c3319246}
    end
    

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options and select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#7 Fiale

Fiale
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 15 July 2012 - 02:35 AM

Just wanna say again I really appreciate the help, so thankyou again.

I've just noticed something, in the bottom right of my desktop it says Test Mode, Windows 7, Build 7601. I've never noticed that before. Which leads me onto something else I just remembered. (Sorry...) At one point my laptop thought my version of windows wasn't legit (this was sometime after the malware infected, but I know it was definitly after malwarebytes had deleted the malware), and I had to enter the product key that's underneath the laptop again to confirm my copy of windows. Anything to worry about? I'm really sorry if that's a major thing I should've remembered, which I imagine it is. It's just hard to remember some things because all you're thinking is oh my god what's this malware doing etc etc.

Ok here's the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-15 08:11:44 Run:1
Running from H:\

==============================================

HKEY_USERS\Kerry\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer Value deleted successfully.
442564429e863a90 service deleted successfully.
C:\Windows\System32\Drivers\442564429e863a90.sys moved successfully.
C:\Windows\Installer\{3bafb80d-9cf8-25b0-291a-5ad1c3319246} moved successfully.
C:\Users\Kerry\AppData\Local\{3bafb80d-9cf8-25b0-291a-5ad1c3319246} moved successfully.

==== End of Fixlog ====





Here's the MBAM log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.15.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.7930.16406
Kerry :: MAREAL [administrator]

Protection: Disabled

15/07/2012 08:25:32
mbam-log-2012-07-15 (08-25-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209156
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Here's the TDSSKiller log, it didn't find anything or prompt for a restart:



08:30:29.0370 1248 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
08:30:29.0557 1248 ============================================================
08:30:29.0557 1248 Current date / time: 2012/07/15 08:30:29.0557
08:30:29.0557 1248 SystemInfo:
08:30:29.0557 1248
08:30:29.0557 1248 OS Version: 6.1.7601 ServicePack: 1.0
08:30:29.0557 1248 Product type: Workstation
08:30:29.0557 1248 ComputerName: MAREAL
08:30:29.0557 1248 UserName: Kerry
08:30:29.0557 1248 Windows directory: C:\Windows
08:30:29.0557 1248 System windows directory: C:\Windows
08:30:29.0557 1248 Running under WOW64
08:30:29.0557 1248 Processor architecture: Intel x64
08:30:29.0557 1248 Number of processors: 2
08:30:29.0557 1248 Page size: 0x1000
08:30:29.0557 1248 Boot type: Normal boot
08:30:29.0557 1248 ============================================================
08:30:31.0663 1248 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:30:31.0663 1248 Drive \Device\Harddisk1\DR1 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:30:31.0694 1248 ============================================================
08:30:31.0694 1248 \Device\Harddisk0\DR0:
08:30:31.0694 1248 MBR partitions:
08:30:31.0694 1248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
08:30:31.0694 1248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x22A53800
08:30:31.0694 1248 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x22AB7800, BlocksNum 0x2943000
08:30:31.0694 1248 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
08:30:31.0694 1248 \Device\Harddisk1\DR1:
08:30:31.0694 1248 MBR partitions:
08:30:31.0694 1248 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
08:30:31.0694 1248 ============================================================
08:30:31.0710 1248 C: <-> \Device\Harddisk0\DR0\Partition1
08:30:31.0741 1248 D: <-> \Device\Harddisk0\DR0\Partition2
08:30:31.0757 1248 E: <-> \Device\Harddisk0\DR0\Partition3
08:30:31.0757 1248 ============================================================
08:30:31.0757 1248 Initialize success
08:30:31.0757 1248 ============================================================
08:30:46.0967 2612 ============================================================
08:30:46.0967 2612 Scan started
08:30:46.0967 2612 Mode: Manual;
08:30:46.0967 2612 ============================================================
08:30:47.0388 2612 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
08:30:47.0388 2612 !SASCORE - ok
08:30:47.0575 2612 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:30:47.0575 2612 1394ohci - ok
08:30:47.0622 2612 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
08:30:47.0622 2612 Accelerometer - ok
08:30:47.0684 2612 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:30:47.0684 2612 ACPI - ok
08:30:47.0700 2612 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:30:47.0700 2612 AcpiPmi - ok
08:30:47.0871 2612 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:30:47.0871 2612 AdobeFlashPlayerUpdateSvc - ok
08:30:47.0949 2612 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:30:47.0949 2612 adp94xx - ok
08:30:48.0027 2612 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:30:48.0027 2612 adpahci - ok
08:30:48.0059 2612 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:30:48.0059 2612 adpu320 - ok
08:30:48.0074 2612 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:30:48.0090 2612 AeLookupSvc - ok
08:30:48.0183 2612 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
08:30:48.0199 2612 AESTFilters - ok
08:30:48.0277 2612 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:30:48.0277 2612 AFD - ok
08:30:48.0355 2612 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:30:48.0355 2612 agp440 - ok
08:30:48.0371 2612 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:30:48.0371 2612 ALG - ok
08:30:48.0402 2612 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:30:48.0417 2612 aliide - ok
08:30:48.0480 2612 AMD External Events Utility (29c151492510640343b00b63996e4070) C:\Windows\system32\atiesrxx.exe
08:30:48.0480 2612 AMD External Events Utility - ok
08:30:48.0558 2612 AMD FUEL Service - ok
08:30:48.0698 2612 AMD FusionUtility Service (72893d5e805cc0a721dac0102329f94e) C:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionUtility2Service.exe
08:30:48.0698 2612 AMD FusionUtility Service - ok
08:30:48.0714 2612 AMD Reservation Manager (ed5188382e64f860e0dfd32b2f1f259c) C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
08:30:48.0714 2612 AMD Reservation Manager - ok
08:30:48.0729 2612 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:30:48.0729 2612 amdide - ok
08:30:48.0776 2612 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
08:30:48.0776 2612 amdiox64 - ok
08:30:48.0839 2612 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:30:48.0839 2612 AmdK8 - ok
08:30:49.0275 2612 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys
08:30:49.0338 2612 amdkmdag - ok
08:30:49.0494 2612 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys
08:30:49.0494 2612 amdkmdap - ok
08:30:49.0556 2612 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:30:49.0556 2612 AmdPPM - ok
08:30:49.0619 2612 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:30:49.0619 2612 amdsata - ok
08:30:49.0650 2612 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:30:49.0650 2612 amdsbs - ok
08:30:49.0665 2612 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:30:49.0665 2612 amdxata - ok
08:30:49.0743 2612 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:30:49.0743 2612 AppID - ok
08:30:49.0759 2612 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:30:49.0759 2612 AppIDSvc - ok
08:30:49.0790 2612 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:30:49.0790 2612 Appinfo - ok
08:30:49.0884 2612 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:30:49.0899 2612 Apple Mobile Device - ok
08:30:49.0946 2612 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:30:49.0946 2612 arc - ok
08:30:49.0977 2612 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:30:49.0977 2612 arcsas - ok
08:30:50.0102 2612 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:30:50.0118 2612 aspnet_state - ok
08:30:50.0149 2612 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:30:50.0165 2612 AsyncMac - ok
08:30:50.0165 2612 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:30:50.0165 2612 atapi - ok
08:30:50.0258 2612 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
08:30:50.0258 2612 AtiHdmiService - ok
08:30:50.0305 2612 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
08:30:50.0305 2612 AtiPcie - ok
08:30:50.0399 2612 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:30:50.0399 2612 AudioEndpointBuilder - ok
08:30:50.0414 2612 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:30:50.0414 2612 AudioSrv - ok
08:30:50.0477 2612 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:30:50.0477 2612 AxInstSV - ok
08:30:50.0555 2612 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:30:50.0570 2612 b06bdrv - ok
08:30:50.0633 2612 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:30:50.0633 2612 b57nd60a - ok
08:30:50.0835 2612 BCM43XX (810be94a9e42309b3f74217ac28bc6ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:30:50.0867 2612 BCM43XX - ok
08:30:50.0976 2612 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:30:50.0976 2612 BDESVC - ok
08:30:51.0038 2612 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:30:51.0038 2612 Beep - ok
08:30:51.0132 2612 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:30:51.0147 2612 BITS - ok
08:30:51.0194 2612 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:30:51.0194 2612 blbdrive - ok
08:30:51.0303 2612 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:30:51.0303 2612 Bonjour Service - ok
08:30:51.0366 2612 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:30:51.0366 2612 bowser - ok
08:30:51.0381 2612 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:30:51.0381 2612 BrFiltLo - ok
08:30:51.0397 2612 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:30:51.0397 2612 BrFiltUp - ok
08:30:51.0428 2612 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:30:51.0428 2612 Browser - ok
08:30:51.0491 2612 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:30:51.0491 2612 Brserid - ok
08:30:51.0506 2612 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:30:51.0506 2612 BrSerWdm - ok
08:30:51.0569 2612 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:30:51.0569 2612 BrUsbMdm - ok
08:30:51.0584 2612 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:30:51.0584 2612 BrUsbSer - ok
08:30:51.0647 2612 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
08:30:51.0647 2612 BthEnum - ok
08:30:51.0834 2612 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:30:51.0834 2612 BTHMODEM - ok
08:30:51.0865 2612 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:30:51.0865 2612 BthPan - ok
08:30:51.0912 2612 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
08:30:51.0912 2612 BTHPORT - ok
08:30:51.0927 2612 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:30:51.0927 2612 bthserv - ok
08:30:51.0943 2612 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
08:30:51.0943 2612 BTHUSB - ok
08:30:51.0974 2612 btwampfl (17d2e427ea4d2acb8aed728f72f75d5d) C:\Windows\system32\drivers\btwampfl.sys
08:30:51.0990 2612 btwampfl - ok
08:30:52.0005 2612 btwaudio (c4df9bc1fbf261cadb2c73181a17ccff) C:\Windows\system32\drivers\btwaudio.sys
08:30:52.0021 2612 btwaudio - ok
08:30:52.0037 2612 btwavdt (a11905d0f4bd34771f195217b6aa5ae0) C:\Windows\system32\drivers\btwavdt.sys
08:30:52.0037 2612 btwavdt - ok
08:30:52.0146 2612 btwdins (0ac0d9adce627225e2fedf15676a0fab) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
08:30:52.0161 2612 btwdins - ok
08:30:52.0177 2612 btwl2cap (06e96cf5c046f7cab4aa131df6e2b9bc) C:\Windows\system32\DRIVERS\btwl2cap.sys
08:30:52.0177 2612 btwl2cap - ok
08:30:52.0193 2612 btwrchid (bd776f32d64ec615be4563dc2747224e) C:\Windows\system32\DRIVERS\btwrchid.sys
08:30:52.0193 2612 btwrchid - ok
08:30:52.0255 2612 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:30:52.0255 2612 cdfs - ok
08:30:52.0317 2612 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:30:52.0317 2612 cdrom - ok
08:30:52.0380 2612 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:30:52.0380 2612 CertPropSvc - ok
08:30:52.0442 2612 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:30:52.0442 2612 circlass - ok
08:30:52.0489 2612 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:30:52.0489 2612 CLFS - ok
08:30:52.0536 2612 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:30:52.0536 2612 clr_optimization_v2.0.50727_32 - ok
08:30:52.0598 2612 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:30:52.0598 2612 clr_optimization_v2.0.50727_64 - ok
08:30:52.0723 2612 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:30:52.0723 2612 clr_optimization_v4.0.30319_32 - ok
08:30:52.0754 2612 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:30:52.0785 2612 clr_optimization_v4.0.30319_64 - ok
08:30:52.0832 2612 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:30:52.0832 2612 CmBatt - ok
08:30:52.0848 2612 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:30:52.0848 2612 cmdide - ok
08:30:52.0895 2612 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:30:52.0910 2612 CNG - ok
08:30:52.0957 2612 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:30:52.0957 2612 Compbatt - ok
08:30:53.0019 2612 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:30:53.0019 2612 CompositeBus - ok
08:30:53.0035 2612 COMSysApp - ok
08:30:53.0082 2612 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:30:53.0082 2612 crcdisk - ok
08:30:53.0144 2612 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:30:53.0144 2612 CryptSvc - ok
08:30:53.0191 2612 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:30:53.0191 2612 DcomLaunch - ok
08:30:53.0253 2612 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:30:53.0253 2612 defragsvc - ok
08:30:53.0316 2612 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:30:53.0316 2612 DfsC - ok
08:30:53.0394 2612 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
08:30:53.0394 2612 dg_ssudbus - ok
08:30:53.0456 2612 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:30:53.0456 2612 Dhcp - ok
08:30:53.0487 2612 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:30:53.0487 2612 discache - ok
08:30:53.0565 2612 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:30:53.0565 2612 Disk - ok
08:30:53.0628 2612 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:30:53.0628 2612 Dnscache - ok
08:30:53.0659 2612 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:30:53.0659 2612 dot3svc - ok
08:30:53.0737 2612 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
08:30:53.0737 2612 Dot4 - ok
08:30:53.0799 2612 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
08:30:53.0799 2612 Dot4Print - ok
08:30:53.0815 2612 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
08:30:53.0815 2612 dot4usb - ok
08:30:53.0862 2612 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:30:53.0862 2612 DPS - ok
08:30:53.0924 2612 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:30:53.0924 2612 drmkaud - ok
08:30:53.0987 2612 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:30:54.0002 2612 dtsoftbus01 - ok
08:30:54.0049 2612 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
08:30:54.0049 2612 DVMIO - ok
08:30:54.0143 2612 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:30:54.0158 2612 DXGKrnl - ok
08:30:54.0221 2612 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:30:54.0221 2612 EapHost - ok
08:30:54.0361 2612 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:30:54.0408 2612 ebdrv - ok
08:30:54.0486 2612 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:30:54.0486 2612 EFS - ok
08:30:54.0579 2612 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:30:54.0595 2612 ehRecvr - ok
08:30:54.0626 2612 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:30:54.0626 2612 ehSched - ok
08:30:54.0735 2612 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:30:54.0735 2612 elxstor - ok
08:30:54.0767 2612 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:30:54.0767 2612 ErrDev - ok
08:30:54.0813 2612 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:30:54.0813 2612 EventSystem - ok
08:30:54.0876 2612 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:30:54.0876 2612 exfat - ok
08:30:54.0938 2612 ezplay (f7a7da530618c3700a449fe7971db924) C:\Windows\system32\Drivers\ezplay.sys
08:30:54.0954 2612 ezplay - ok
08:30:54.0954 2612 ezSharedSvc - ok
08:30:54.0985 2612 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:30:54.0985 2612 fastfat - ok
08:30:55.0079 2612 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:30:55.0079 2612 Fax - ok
08:30:55.0110 2612 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:30:55.0110 2612 fdc - ok
08:30:55.0125 2612 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:30:55.0141 2612 fdPHost - ok
08:30:55.0141 2612 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:30:55.0141 2612 FDResPub - ok
08:30:55.0157 2612 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:30:55.0157 2612 FileInfo - ok
08:30:55.0172 2612 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:30:55.0172 2612 Filetrace - ok
08:30:55.0203 2612 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:30:55.0203 2612 flpydisk - ok
08:30:55.0235 2612 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:30:55.0235 2612 FltMgr - ok
08:30:55.0313 2612 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:30:55.0328 2612 FontCache - ok
08:30:55.0437 2612 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:30:55.0437 2612 FontCache3.0.0.0 - ok
08:30:55.0484 2612 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:30:55.0484 2612 FsDepends - ok
08:30:55.0500 2612 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:30:55.0515 2612 Fs_Rec - ok
08:30:55.0593 2612 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:30:55.0593 2612 fvevol - ok
08:30:55.0640 2612 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:30:55.0640 2612 gagp30kx - ok
08:30:55.0718 2612 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:30:55.0718 2612 GEARAspiWDM - ok
08:30:55.0781 2612 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:30:55.0796 2612 gpsvc - ok
08:30:55.0827 2612 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:30:55.0827 2612 hcw85cir - ok
08:30:55.0905 2612 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:30:55.0905 2612 HdAudAddService - ok
08:30:55.0952 2612 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:30:55.0952 2612 HDAudBus - ok
08:30:55.0983 2612 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:30:55.0983 2612 HidBatt - ok
08:30:56.0015 2612 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:30:56.0015 2612 HidBth - ok
08:30:56.0046 2612 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:30:56.0046 2612 HidIr - ok
08:30:56.0077 2612 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:30:56.0077 2612 hidserv - ok
08:30:56.0124 2612 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:30:56.0124 2612 HidUsb - ok
08:30:56.0155 2612 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:30:56.0155 2612 hkmsvc - ok
08:30:56.0186 2612 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:30:56.0186 2612 HomeGroupListener - ok
08:30:56.0217 2612 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:30:56.0217 2612 HomeGroupProvider - ok
08:30:56.0327 2612 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
08:30:56.0327 2612 HP Support Assistant Service - ok
08:30:56.0451 2612 HP Wireless Assistant Service (9abd12fce4a62905731c286bb1d66789) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
08:30:56.0451 2612 HP Wireless Assistant Service - ok
08:30:56.0561 2612 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
08:30:56.0561 2612 HPDrvMntSvc.exe - ok
08:30:56.0592 2612 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
08:30:56.0592 2612 hpdskflt - ok
08:30:56.0654 2612 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
08:30:56.0654 2612 hpqwmiex - ok
08:30:56.0732 2612 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:30:56.0732 2612 HpSAMD - ok
08:30:56.0779 2612 hpsrv (aa036cc5f5221d9b915f4d4dce74ba9a) C:\Windows\system32\Hpservice.exe
08:30:56.0779 2612 hpsrv - ok
08:30:56.0826 2612 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
08:30:56.0826 2612 HPWMISVC - ok
08:30:56.0919 2612 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:30:56.0935 2612 HTTP - ok
08:30:57.0013 2612 hwdatacard (8f9b0fc4ec3a8194bd4cbc5ed3e7abeb) C:\Windows\system32\DRIVERS\ewusbmdm.sys
08:30:57.0013 2612 hwdatacard - ok
08:30:57.0029 2612 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:30:57.0029 2612 hwpolicy - ok
08:30:57.0091 2612 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:30:57.0107 2612 i8042prt - ok
08:30:57.0138 2612 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:30:57.0153 2612 iaStorV - ok
08:30:57.0263 2612 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:30:57.0263 2612 idsvc - ok
08:30:57.0684 2612 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:30:57.0746 2612 igfx - ok
08:30:57.0871 2612 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:30:57.0871 2612 iirsp - ok
08:30:57.0980 2612 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:30:57.0980 2612 IKEEXT - ok
08:30:58.0011 2612 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:30:58.0011 2612 intelide - ok
08:30:58.0074 2612 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:30:58.0074 2612 intelppm - ok
08:30:58.0136 2612 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:30:58.0136 2612 IPBusEnum - ok
08:30:58.0167 2612 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:30:58.0167 2612 IpFilterDriver - ok
08:30:58.0199 2612 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:30:58.0199 2612 IPMIDRV - ok
08:30:58.0214 2612 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:30:58.0214 2612 IPNAT - ok
08:30:58.0370 2612 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
08:30:58.0386 2612 iPod Service - ok
08:30:58.0417 2612 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:30:58.0417 2612 IRENUM - ok
08:30:58.0479 2612 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:30:58.0479 2612 isapnp - ok
08:30:58.0495 2612 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:30:58.0511 2612 iScsiPrt - ok
08:30:58.0542 2612 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:30:58.0542 2612 kbdclass - ok
08:30:58.0589 2612 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:30:58.0589 2612 kbdhid - ok
08:30:58.0604 2612 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:30:58.0604 2612 KeyIso - ok
08:30:58.0682 2612 KMWDFILTER (b3be7e30681eaa8ec96cc9a33e582435) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
08:30:58.0682 2612 KMWDFILTER - ok
08:30:58.0698 2612 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:30:58.0698 2612 KSecDD - ok
08:30:58.0713 2612 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:30:58.0713 2612 KSecPkg - ok
08:30:58.0745 2612 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:30:58.0745 2612 ksthunk - ok
08:30:58.0823 2612 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:30:58.0823 2612 KtmRm - ok
08:30:58.0869 2612 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:30:58.0869 2612 LanmanServer - ok
08:30:58.0901 2612 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:30:58.0901 2612 LanmanWorkstation - ok
08:30:58.0963 2612 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:30:58.0963 2612 lltdio - ok
08:30:59.0010 2612 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:30:59.0010 2612 lltdsvc - ok
08:30:59.0025 2612 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:30:59.0025 2612 lmhosts - ok
08:30:59.0088 2612 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:30:59.0088 2612 LSI_FC - ok
08:30:59.0135 2612 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:30:59.0135 2612 LSI_SAS - ok
08:30:59.0166 2612 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:30:59.0166 2612 LSI_SAS2 - ok
08:30:59.0197 2612 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:30:59.0197 2612 LSI_SCSI - ok
08:30:59.0228 2612 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:30:59.0228 2612 luafv - ok
08:30:59.0306 2612 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
08:30:59.0306 2612 MBAMProtector - ok
08:30:59.0400 2612 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:30:59.0400 2612 MBAMService - ok
08:30:59.0540 2612 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
08:30:59.0540 2612 McComponentHostService - ok
08:30:59.0618 2612 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
08:30:59.0618 2612 mcdbus - ok
08:30:59.0649 2612 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:30:59.0649 2612 Mcx2Svc - ok
08:30:59.0681 2612 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:30:59.0681 2612 megasas - ok
08:30:59.0727 2612 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:30:59.0743 2612 MegaSR - ok
08:30:59.0759 2612 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:30:59.0759 2612 MMCSS - ok
08:30:59.0790 2612 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:30:59.0790 2612 Modem - ok
08:30:59.0837 2612 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:30:59.0837 2612 monitor - ok
08:30:59.0899 2612 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:30:59.0899 2612 mouclass - ok
08:30:59.0946 2612 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:30:59.0946 2612 mouhid - ok
08:30:59.0977 2612 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:30:59.0977 2612 mountmgr - ok
08:31:00.0086 2612 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:31:00.0086 2612 MozillaMaintenance - ok
08:31:00.0117 2612 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:31:00.0117 2612 mpio - ok
08:31:00.0133 2612 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:31:00.0133 2612 mpsdrv - ok
08:31:00.0180 2612 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:31:00.0180 2612 MRxDAV - ok
08:31:00.0211 2612 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:31:00.0211 2612 mrxsmb - ok
08:31:00.0242 2612 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:31:00.0242 2612 mrxsmb10 - ok
08:31:00.0273 2612 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:31:00.0273 2612 mrxsmb20 - ok
08:31:00.0289 2612 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:31:00.0289 2612 msahci - ok
08:31:00.0320 2612 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:31:00.0320 2612 msdsm - ok
08:31:00.0367 2612 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:31:00.0367 2612 MSDTC - ok
08:31:00.0398 2612 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:31:00.0398 2612 Msfs - ok
08:31:00.0445 2612 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:31:00.0445 2612 mshidkmdf - ok
08:31:00.0461 2612 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:31:00.0461 2612 msisadrv - ok
08:31:00.0507 2612 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:31:00.0507 2612 MSiSCSI - ok
08:31:00.0507 2612 msiserver - ok
08:31:00.0554 2612 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:31:00.0554 2612 MSKSSRV - ok
08:31:00.0617 2612 msloop (103b3bbe23ab774b009d182276ec6786) C:\Windows\system32\DRIVERS\loop.sys
08:31:00.0617 2612 msloop - ok
08:31:00.0632 2612 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:31:00.0632 2612 MSPCLOCK - ok
08:31:00.0632 2612 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:31:00.0648 2612 MSPQM - ok
08:31:00.0679 2612 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:31:00.0679 2612 MsRPC - ok
08:31:00.0710 2612 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:31:00.0710 2612 mssmbios - ok
08:31:00.0710 2612 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:31:00.0710 2612 MSTEE - ok
08:31:00.0741 2612 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:31:00.0741 2612 MTConfig - ok
08:31:00.0788 2612 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:31:00.0804 2612 Mup - ok
08:31:00.0819 2612 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:31:00.0835 2612 napagent - ok
08:31:00.0913 2612 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:31:00.0913 2612 NativeWifiP - ok
08:31:01.0038 2612 NATService (6b4e48e0c4856cafa9c6aa703113198c) C:\Program Files (x86)\NAT Service\natsvc.exe
08:31:01.0038 2612 NATService - ok
08:31:01.0147 2612 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:31:01.0147 2612 NDIS - ok
08:31:01.0163 2612 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:31:01.0163 2612 NdisCap - ok
08:31:01.0209 2612 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:31:01.0225 2612 NdisTapi - ok
08:31:01.0241 2612 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:31:01.0241 2612 Ndisuio - ok
08:31:01.0272 2612 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:31:01.0272 2612 NdisWan - ok
08:31:01.0303 2612 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:31:01.0303 2612 NDProxy - ok
08:31:01.0350 2612 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
08:31:01.0365 2612 Net Driver HPZ12 - ok
08:31:01.0412 2612 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:31:01.0412 2612 NetBIOS - ok
08:31:01.0459 2612 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:31:01.0459 2612 NetBT - ok
08:31:01.0475 2612 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:31:01.0475 2612 Netlogon - ok
08:31:01.0553 2612 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:31:01.0553 2612 Netman - ok
08:31:01.0677 2612 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:01.0693 2612 NetMsmqActivator - ok
08:31:01.0693 2612 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:01.0693 2612 NetPipeActivator - ok
08:31:01.0755 2612 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:31:01.0755 2612 netprofm - ok
08:31:01.0755 2612 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:01.0755 2612 NetTcpActivator - ok
08:31:01.0771 2612 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:31:01.0771 2612 NetTcpPortSharing - ok
08:31:02.0099 2612 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
08:31:02.0161 2612 netw5v64 - ok
08:31:02.0270 2612 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:31:02.0270 2612 nfrd960 - ok
08:31:02.0348 2612 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:31:02.0348 2612 NlaSvc - ok
08:31:02.0364 2612 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:31:02.0364 2612 Npfs - ok
08:31:02.0379 2612 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:31:02.0379 2612 nsi - ok
08:31:02.0395 2612 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:31:02.0395 2612 nsiproxy - ok
08:31:02.0489 2612 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:31:02.0504 2612 Ntfs - ok
08:31:02.0582 2612 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:31:02.0582 2612 Null - ok
08:31:02.0598 2612 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:31:02.0598 2612 nvraid - ok
08:31:02.0629 2612 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:31:02.0629 2612 nvstor - ok
08:31:02.0660 2612 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:31:02.0660 2612 nv_agp - ok
08:31:02.0676 2612 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:31:02.0676 2612 ohci1394 - ok
08:31:02.0707 2612 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:31:02.0723 2612 p2pimsvc - ok
08:31:02.0769 2612 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:31:02.0769 2612 p2psvc - ok
08:31:02.0801 2612 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:31:02.0801 2612 Parport - ok
08:31:02.0832 2612 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:31:02.0832 2612 partmgr - ok
08:31:02.0863 2612 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:31:02.0863 2612 PcaSvc - ok
08:31:02.0894 2612 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:31:02.0894 2612 pci - ok
08:31:02.0941 2612 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:31:02.0941 2612 pciide - ok
08:31:03.0206 2612 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:31:03.0222 2612 pcmcia - ok
08:31:03.0269 2612 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:31:03.0269 2612 pcw - ok
08:31:03.0315 2612 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:31:03.0331 2612 PEAUTH - ok
08:31:03.0393 2612 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:31:03.0393 2612 PerfHost - ok
08:31:03.0565 2612 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:31:03.0581 2612 pla - ok
08:31:03.0674 2612 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:31:03.0674 2612 PlugPlay - ok
08:31:03.0721 2612 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
08:31:03.0721 2612 Pml Driver HPZ12 - ok
08:31:03.0737 2612 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:31:03.0737 2612 PNRPAutoReg - ok
08:31:03.0768 2612 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:31:03.0768 2612 PNRPsvc - ok
08:31:03.0861 2612 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
08:31:03.0861 2612 Point64 - ok
08:31:03.0893 2612 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:31:03.0893 2612 PolicyAgent - ok
08:31:03.0924 2612 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:31:03.0939 2612 Power - ok
08:31:03.0955 2612 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:31:03.0955 2612 PptpMiniport - ok
08:31:03.0986 2612 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:31:03.0986 2612 Processor - ok
08:31:04.0017 2612 prodrv05 - ok
08:31:04.0017 2612 prodrv06 - ok
08:31:04.0064 2612 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:31:04.0064 2612 ProfSvc - ok
08:31:04.0095 2612 prohlp01 - ok
08:31:04.0111 2612 prohlp02 - ok
08:31:04.0127 2612 prosync1 - ok
08:31:04.0158 2612 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:31:04.0158 2612 ProtectedStorage - ok
08:31:04.0220 2612 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:31:04.0220 2612 Psched - ok
08:31:04.0314 2612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:31:04.0329 2612 ql2300 - ok
08:31:04.0439 2612 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:31:04.0439 2612 ql40xx - ok
08:31:04.0548 2612 QuickDownload Agent (0ddc30d41837eeddfe9d52e0b81082d9) C:\Program Files (x86)\QuickDownloadService\qdownagent.exe
08:31:04.0548 2612 QuickDownload Agent - ok
08:31:04.0595 2612 QuickDownload Service (a2044bff4d624c42e65f361263888774) C:\Program Files (x86)\QuickDownloadService\qdownservice.exe
08:31:04.0595 2612 QuickDownload Service - ok
08:31:04.0610 2612 QuickDownload Update (a9f6951dfc9e1b880b0c8ea4bb5d3e3e) C:\Program Files (x86)\QuickDownloadService\qdownupdate.exe
08:31:04.0610 2612 QuickDownload Update - ok
08:31:04.0641 2612 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:31:04.0657 2612 QWAVE - ok
08:31:04.0673 2612 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:31:04.0673 2612 QWAVEdrv - ok
08:31:04.0688 2612 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:31:04.0688 2612 RasAcd - ok
08:31:04.0719 2612 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:31:04.0719 2612 RasAgileVpn - ok
08:31:04.0735 2612 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:31:04.0751 2612 RasAuto - ok
08:31:04.0766 2612 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:31:04.0766 2612 Rasl2tp - ok
08:31:04.0844 2612 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:31:04.0844 2612 RasMan - ok
08:31:04.0860 2612 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:31:04.0860 2612 RasPppoe - ok
08:31:04.0875 2612 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:31:04.0875 2612 RasSstp - ok
08:31:04.0907 2612 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:31:04.0907 2612 rdbss - ok
08:31:04.0922 2612 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:31:04.0922 2612 rdpbus - ok
08:31:04.0938 2612 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:31:04.0938 2612 RDPCDD - ok
08:31:04.0953 2612 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:31:04.0953 2612 RDPENCDD - ok
08:31:04.0969 2612 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:31:04.0969 2612 RDPREFMP - ok
08:31:05.0000 2612 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:31:05.0000 2612 RDPWD - ok
08:31:05.0063 2612 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:31:05.0078 2612 rdyboost - ok
08:31:05.0109 2612 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:31:05.0109 2612 RemoteAccess - ok
08:31:05.0125 2612 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:31:05.0141 2612 RemoteRegistry - ok
08:31:05.0156 2612 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:31:05.0156 2612 RFCOMM - ok
08:31:05.0187 2612 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:31:05.0187 2612 RpcEptMapper - ok
08:31:05.0203 2612 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:31:05.0203 2612 RpcLocator - ok
08:31:05.0250 2612 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:31:05.0250 2612 RpcSs - ok
08:31:05.0281 2612 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:31:05.0281 2612 rspndr - ok
08:31:05.0343 2612 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
08:31:05.0359 2612 RSUSBSTOR - ok
08:31:05.0421 2612 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:31:05.0421 2612 RTL8167 - ok
08:31:05.0437 2612 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:31:05.0437 2612 SamSs - ok
08:31:05.0531 2612 SASDIFSV - ok
08:31:05.0609 2612 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
08:31:05.0609 2612 SASKUTIL - ok
08:31:05.0640 2612 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:31:05.0640 2612 sbp2port - ok
08:31:05.0780 2612 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
08:31:05.0796 2612 SBSDWSCService - ok
08:31:05.0827 2612 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:31:05.0827 2612 SCardSvr - ok
08:31:05.0874 2612 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:31:05.0874 2612 scfilter - ok
08:31:05.0952 2612 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:31:05.0967 2612 Schedule - ok
08:31:05.0983 2612 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:31:05.0983 2612 SCPolicySvc - ok
08:31:06.0061 2612 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
08:31:06.0061 2612 sdbus - ok
08:31:06.0092 2612 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:31:06.0092 2612 SDRSVC - ok
08:31:06.0108 2612 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:31:06.0108 2612 secdrv - ok
08:31:06.0123 2612 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:31:06.0139 2612 seclogon - ok
08:31:06.0155 2612 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:31:06.0155 2612 SENS - ok
08:31:06.0170 2612 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:31:06.0186 2612 SensrSvc - ok
08:31:06.0201 2612 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:31:06.0201 2612 Serenum - ok
08:31:06.0233 2612 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:31:06.0233 2612 Serial - ok
08:31:06.0248 2612 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:31:06.0248 2612 sermouse - ok
08:31:06.0295 2612 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:31:06.0295 2612 SessionEnv - ok
08:31:06.0311 2612 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:31:06.0311 2612 sffdisk - ok
08:31:06.0326 2612 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:31:06.0326 2612 sffp_mmc - ok
08:31:06.0342 2612 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:31:06.0342 2612 sffp_sd - ok
08:31:06.0373 2612 sfhlp01 - ok
08:31:06.0420 2612 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:31:06.0420 2612 sfloppy - ok
08:31:06.0451 2612 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:31:06.0467 2612 ShellHWDetection - ok
08:31:06.0513 2612 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:31:06.0513 2612 SiSRaid2 - ok
08:31:06.0545 2612 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:31:06.0545 2612 SiSRaid4 - ok
08:31:06.0607 2612 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:31:06.0607 2612 Smb - ok
08:31:06.0685 2612 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:31:06.0685 2612 SNMPTRAP - ok
08:31:06.0716 2612 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:31:06.0716 2612 spldr - ok
08:31:06.0779 2612 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:31:06.0779 2612 Spooler - ok
08:31:06.0981 2612 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:31:07.0013 2612 sppsvc - ok
08:31:07.0091 2612 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:31:07.0091 2612 sppuinotify - ok
08:31:07.0122 2612 sptd - ok
08:31:07.0184 2612 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:31:07.0184 2612 srv - ok
08:31:07.0231 2612 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:31:07.0231 2612 srv2 - ok
08:31:07.0293 2612 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:31:07.0309 2612 SrvHsfHDA - ok
08:31:07.0387 2612 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:31:07.0403 2612 SrvHsfV92 - ok
08:31:07.0512 2612 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:31:07.0512 2612 SrvHsfWinac - ok
08:31:07.0543 2612 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:31:07.0543 2612 srvnet - ok
08:31:07.0605 2612 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:31:07.0605 2612 SSDPSRV - ok
08:31:07.0621 2612 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:31:07.0621 2612 SstpSvc - ok
08:31:07.0699 2612 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
08:31:07.0699 2612 ssudmdm - ok
08:31:07.0808 2612 STacSV (f009aa51b87e2cf6e89c16ddfe61abb3) C:\Program Files\IDT\WDM\STacSV64.exe
08:31:07.0808 2612 STacSV - ok
08:31:07.0933 2612 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
08:31:07.0933 2612 StarWindServiceAE - ok
08:31:08.0011 2612 Steam Client Service - ok
08:31:08.0058 2612 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:31:08.0058 2612 stexstor - ok
08:31:08.0105 2612 STHDA (e0428c27010305e3c54315be7078725b) C:\Windows\system32\DRIVERS\stwrt64.sys
08:31:08.0120 2612 STHDA - ok
08:31:08.0167 2612 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:31:08.0167 2612 stisvc - ok
08:31:08.0214 2612 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:31:08.0214 2612 swenum - ok
08:31:08.0261 2612 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:31:08.0276 2612 swprv - ok
08:31:08.0401 2612 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
08:31:08.0417 2612 SynTP - ok
08:31:08.0541 2612 SysInfo - ok
08:31:08.0651 2612 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:31:08.0666 2612 SysMain - ok
08:31:08.0744 2612 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:31:08.0744 2612 TabletInputService - ok
08:31:08.0775 2612 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:31:08.0775 2612 TapiSrv - ok
08:31:08.0807 2612 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:31:08.0807 2612 TBS - ok
08:31:08.0963 2612 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:31:08.0978 2612 Tcpip - ok
08:31:09.0228 2612 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:31:09.0243 2612 TCPIP6 - ok
08:31:09.0306 2612 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:31:09.0306 2612 tcpipreg - ok
08:31:09.0384 2612 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:31:09.0384 2612 TDPIPE - ok
08:31:09.0399 2612 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:31:09.0399 2612 TDTCP - ok
08:31:09.0431 2612 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:31:09.0431 2612 tdx - ok
08:31:09.0462 2612 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:31:09.0462 2612 TermDD - ok
08:31:09.0509 2612 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:31:09.0524 2612 TermService - ok
08:31:09.0540 2612 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:31:09.0540 2612 Themes - ok
08:31:09.0571 2612 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:31:09.0571 2612 THREADORDER - ok
08:31:09.0587 2612 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:31:09.0587 2612 TrkWks - ok
08:31:09.0633 2612 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:31:09.0633 2612 TrustedInstaller - ok
08:31:09.0665 2612 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:31:09.0665 2612 tssecsrv - ok
08:31:09.0696 2612 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:31:09.0696 2612 TsUsbFlt - ok
08:31:09.0758 2612 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:31:09.0758 2612 tunnel - ok
08:31:09.0805 2612 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:31:09.0805 2612 uagp35 - ok
08:31:09.0836 2612 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:31:09.0836 2612 udfs - ok
08:31:09.0867 2612 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:31:09.0867 2612 UI0Detect - ok
08:31:09.0961 2612 UleadBurningHelper (f13da74969897359a88f2a739f54a250) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
08:31:09.0961 2612 UleadBurningHelper - ok
08:31:09.0992 2612 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:31:09.0992 2612 uliagpkx - ok
08:31:10.0055 2612 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:31:10.0055 2612 umbus - ok
08:31:10.0070 2612 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:31:10.0070 2612 UmPass - ok
08:31:10.0117 2612 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:31:10.0117 2612 upnphost - ok
08:31:10.0148 2612 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
08:31:10.0148 2612 USBAAPL64 - ok
08:31:10.0211 2612 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:31:10.0211 2612 usbaudio - ok
08:31:10.0242 2612 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:31:10.0242 2612 usbccgp - ok
08:31:10.0304 2612 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:31:10.0304 2612 usbcir - ok
08:31:10.0335 2612 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:31:10.0335 2612 usbehci - ok
08:31:10.0398 2612 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
08:31:10.0398 2612 usbfilter - ok
08:31:10.0460 2612 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:31:10.0476 2612 usbhub - ok
08:31:10.0491 2612 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
08:31:10.0491 2612 usbohci - ok
08:31:10.0538 2612 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:31:10.0538 2612 usbprint - ok
08:31:10.0585 2612 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:31:10.0585 2612 usbscan - ok
08:31:10.0616 2612 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:31:10.0616 2612 USBSTOR - ok
08:31:10.0647 2612 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:31:10.0647 2612 usbuhci - ok
08:31:10.0710 2612 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:31:10.0710 2612 usbvideo - ok
08:31:10.0741 2612 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:31:10.0741 2612 UxSms - ok
08:31:10.0757 2612 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:31:10.0757 2612 VaultSvc - ok
08:31:10.0835 2612 VBoxNetAdp (85df2c59645d374be7e3234241761230) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
08:31:10.0835 2612 VBoxNetAdp - ok
08:31:10.0866 2612 VBoxNetFlt - ok
08:31:10.0897 2612 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:31:10.0897 2612 vdrvroot - ok
08:31:10.0944 2612 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:31:10.0944 2612 vds - ok
08:31:11.0022 2612 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:31:11.0022 2612 vga - ok
08:31:11.0037 2612 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:31:11.0037 2612 VgaSave - ok
08:31:11.0053 2612 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:31:11.0069 2612 vhdmp - ok
08:31:11.0084 2612 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:31:11.0084 2612 viaide - ok
08:31:11.0100 2612 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:31:11.0100 2612 volmgr - ok
08:31:11.0147 2612 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:31:11.0147 2612 volmgrx - ok
08:31:11.0178 2612 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:31:11.0178 2612 volsnap - ok
08:31:11.0240 2612 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:31:11.0240 2612 vsmraid - ok
08:31:11.0349 2612 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:31:11.0365 2612 VSS - ok
08:31:11.0459 2612 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:31:11.0459 2612 vwifibus - ok
08:31:11.0505 2612 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:31:11.0505 2612 vwififlt - ok
08:31:11.0552 2612 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:31:11.0552 2612 vwifimp - ok
08:31:11.0599 2612 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:31:11.0599 2612 W32Time - ok
08:31:11.0630 2612 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:31:11.0630 2612 WacomPen - ok
08:31:11.0708 2612 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:31:11.0708 2612 WANARP - ok
08:31:11.0708 2612 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:31:11.0708 2612 Wanarpv6 - ok
08:31:11.0833 2612 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:31:11.0849 2612 WatAdminSvc - ok
08:31:11.0942 2612 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:31:11.0958 2612 wbengine - ok
08:31:12.0051 2612 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:31:12.0067 2612 WbioSrvc - ok
08:31:12.0098 2612 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:31:12.0114 2612 wcncsvc - ok
08:31:12.0129 2612 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:31:12.0129 2612 WcsPlugInService - ok
08:31:12.0161 2612 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:31:12.0161 2612 Wd - ok
08:31:12.0223 2612 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:31:12.0223 2612 Wdf01000 - ok
08:31:12.0239 2612 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:31:12.0239 2612 WdiServiceHost - ok
08:31:12.0239 2612 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:31:12.0254 2612 WdiSystemHost - ok
08:31:12.0285 2612 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:31:12.0285 2612 WebClient - ok
08:31:12.0317 2612 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:31:12.0317 2612 Wecsvc - ok
08:31:12.0317 2612 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:31:12.0332 2612 wercplsupport - ok
08:31:12.0379 2612 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:31:12.0379 2612 WerSvc - ok
08:31:12.0441 2612 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:31:12.0441 2612 WfpLwf - ok
08:31:12.0457 2612 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:31:12.0457 2612 WIMMount - ok
08:31:12.0473 2612 WinHttpAutoProxySvc - ok
08:31:12.0519 2612 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:31:12.0519 2612 Winmgmt - ok
08:31:12.0644 2612 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:31:12.0660 2612 WinRM - ok
08:31:12.0800 2612 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:31:12.0800 2612 WinUsb - ok
08:31:12.0878 2612 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:31:12.0878 2612 Wlansvc - ok
08:31:13.0097 2612 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:31:13.0128 2612 wlidsvc - ok
08:31:13.0206 2612 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:31:13.0206 2612 WmiAcpi - ok
08:31:13.0253 2612 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:31:13.0268 2612 wmiApSrv - ok
08:31:13.0299 2612 WMPNetworkSvc - ok
08:31:13.0331 2612 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:31:13.0331 2612 WPCSvc - ok
08:31:13.0346 2612 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:31:13.0346 2612 WPDBusEnum - ok
08:31:13.0377 2612 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:31:13.0377 2612 ws2ifsl - ok
08:31:13.0377 2612 WSearch - ok
08:31:13.0518 2612 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:31:13.0549 2612 wuauserv - ok
08:31:13.0627 2612 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:31:13.0643 2612 WudfPf - ok
08:31:13.0658 2612 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:31:13.0658 2612 WUDFRd - ok
08:31:13.0689 2612 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:31:13.0689 2612 wudfsvc - ok
08:31:13.0705 2612 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:31:13.0721 2612 WwanSvc - ok
08:31:13.0783 2612 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
08:31:13.0783 2612 xusb21 - ok
08:31:13.0830 2612 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
08:31:13.0830 2612 yukonw7 - ok
08:31:13.0892 2612 MBR (0x1B8) (63c438d209c9d0f660f86a39a5fda43b) \Device\Harddisk0\DR0
08:31:14.0064 2612 \Device\Harddisk0\DR0 - ok
08:31:14.0064 2612 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
08:31:14.0095 2612 \Device\Harddisk1\DR1 - ok
08:31:14.0111 2612 Boot (0x1200) (fb51c2fd810e6da610853d2fcc1f76be) \Device\Harddisk0\DR0\Partition0
08:31:14.0111 2612 \Device\Harddisk0\DR0\Partition0 - ok
08:31:14.0111 2612 Boot (0x1200) (65ccae54227b57c12fbba32c3d6aa897) \Device\Harddisk0\DR0\Partition1
08:31:14.0126 2612 \Device\Harddisk0\DR0\Partition1 - ok
08:31:14.0142 2612 Boot (0x1200) (e2192526a5a2dcd9bdf14158baee5554) \Device\Harddisk0\DR0\Partition2
08:31:14.0142 2612 \Device\Harddisk0\DR0\Partition2 - ok
08:31:14.0157 2612 Boot (0x1200) (eed448a860ec535f9ebfc1a81b676352) \Device\Harddisk0\DR0\Partition3
08:31:14.0173 2612 \Device\Harddisk0\DR0\Partition3 - ok
08:31:14.0173 2612 Boot (0x1200) (95301e803e04bf6dc6273a1adde4dc02) \Device\Harddisk1\DR1\Partition0
08:31:14.0173 2612 \Device\Harddisk1\DR1\Partition0 - ok
08:31:14.0173 2612 ============================================================
08:31:14.0173 2612 Scan finished
08:31:14.0173 2612 ============================================================
08:31:14.0189 0512 Detected object count: 0
08:31:14.0189 0512 Actual detected object count: 0

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:18 PM

Posted 15 July 2012 - 07:01 AM

The rootkit driver and ZeroAccess folders are successfully removed. :thumbup2:

in the bottom right of my desktop it says Test Mode, Windows 7, Build 7601

This is done by the rootkit we just removed. We will fix it.

You don't have an antivirus installed. We will install one later on.

  • Please download Listparts64
    Run the tool. Check "List BCD". click Scan and post the log (Result.txt) it makes.
  • Please delete delete you copy of FSS and download Farbar Service Scanner and run it on the computer with the issue.
  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#9 Fiale

Fiale
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 15 July 2012 - 07:35 AM

:D Great!

Here's the Listparts64 log:

ListParts by Farbar Version: 15-07-2012
Ran by Kerry (administrator) on 15-07-2012 at 13:31:53
Windows 7 (X64)
Running From: C:\Users\Kerry\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 45%
Total physical RAM: 2810.9 MB
Available physical RAM: 1530.2 MB
Total Pagefile: 5620 MB
Available Pagefile: 3741.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:277.16 GB) (Free:33.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:20.63 GB) (Free:2.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive f: (RCT3) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS
5 Drive g: (RCTYCOON) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS
7 Drive i: () (Removable) (Total:3.69 GB) (Free:0.88 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3781 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 277 GB 200 MB
Partition 3 Primary 20 GB 277 GB
Partition 4 Primary 103 MB 297 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 277 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D RECOVERY NTFS Partition 20 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 E HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3777 MB 4096 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 I FAT32 Removable 3777 MB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {current}
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {fd7f9d53-68a9-11df-bb2e-8edfca240fe7}

Windows Boot Loader
-------------------
identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {fd7f9d53-68a9-11df-bb2e-8edfca240fe7}
recoveryenabled Yes
testsigning Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx OptIn

Windows Boot Loader
-------------------
identifier {fd7f9d53-68a9-11df-bb2e-8edfca240fe7}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{fd7f9d54-68a9-11df-bb2e-8edfca240fe7}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{fd7f9d54-68a9-11df-bb2e-8edfca240fe7}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {c279be75-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi

Device options
--------------
identifier {fd7f9d54-68a9-11df-bb2e-8edfca240fe7}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


****** End Of Log ******


Here's the FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by Kerry (administrator) on 15-07-2012 at 13:34:39
Running from "C:\Users\Kerry\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:18 PM

Posted 15 July 2012 - 11:04 AM

Let's fix the Test Mode issue first.

  • Please download Attached File  fix.bat   217bytes   4 downloads
    Important: right-click and select "Run as administrator".
    A command window and then a log file (log.txt) will open.
    Please post the content to your reply.
  • Restart the computer and tell me if the Test Mode Windows 7 is gone.


#11 Fiale

Fiale
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 15 July 2012 - 11:22 AM

Yes the Test Mode Windows 7 has gone from the desktop now.

Here's the fix.bat log:


Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {c279be76-9b51-11de-9b93-a29d207e6d0e}
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder {c279be76-9b51-11de-9b93-a29d207e6d0e}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {fd7f9d53-68a9-11df-bb2e-8edfca240fe7}

Windows Boot Loader
-------------------
identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes

Windows Boot Loader
-------------------
identifier {c279be76-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {fd7f9d53-68a9-11df-bb2e-8edfca240fe7}
recoveryenabled Yes
testsigning Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx OptIn

Windows Boot Loader
-------------------
identifier {fd7f9d53-68a9-11df-bb2e-8edfca240fe7}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{fd7f9d54-68a9-11df-bb2e-8edfca240fe7}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{fd7f9d54-68a9-11df-bb2e-8edfca240fe7}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {c279be75-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Setup Ramdisk Options
---------------------
identifier {ae5534e0-a924-466c-b836-758539a3ee3a}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi

Device options
--------------
identifier {fd7f9d54-68a9-11df-bb2e-8edfca240fe7}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi
The operation completed successfully.
An error occurred while attempting to delete the specified data element.
Element not found.

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {c279be76-9b51-11de-9b93-a29d207e6d0e}
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder {c279be76-9b51-11de-9b93-a29d207e6d0e}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {fd7f9d53-68a9-11df-bb2e-8edfca240fe7}

Windows Boot Loader
-------------------
identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes

Windows Boot Loader
-------------------
identifier {c279be76-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {fd7f9d53-68a9-11df-bb2e-8edfca240fe7}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx OptIn

Windows Boot Loader
-------------------
identifier {fd7f9d53-68a9-11df-bb2e-8edfca240fe7}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{fd7f9d54-68a9-11df-bb2e-8edfca240fe7}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{fd7f9d54-68a9-11df-bb2e-8edfca240fe7}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {c279be75-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Setup Ramdisk Options
---------------------
identifier {ae5534e0-a924-466c-b836-758539a3ee3a}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi

Device options
--------------
identifier {fd7f9d54-68a9-11df-bb2e-8edfca240fe7}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:18 PM

Posted 15 July 2012 - 12:36 PM

Good. :thumbup2:

Now we attempt to restore those missing Windows services like Windows firewall.

  • Please download Attached File  fix.reg   10.53KB   5 downloads
    Double-click it and confirm the prompt to allow to merge.
  • Important: Restart the computer.
  • Please download Windows Repair All in One zip file and unzip it.
    • Open the folder and run Repair_Windows.exe
    • Under "Start Repair" tab click "Start".
    • Click "No" to the prompt.
    • Unselect all the options. Then select only the following options:

      • Repair Windows Firewall.
      • Remove Policies Set by Infection.
    • Press Start.
  • Important: Restart the computer.
  • Please run FSS once more with the same setting and post the log.


#13 Fiale

Fiale
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 15 July 2012 - 03:30 PM

Everything seems to be going ok so far.

Here's the new FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by Kerry (administrator) on 15-07-2012 at 21:29:46
Running from "C:\Users\Kerry\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:18 PM

Posted 15 July 2012 - 03:46 PM

It looks much better but Window firewall is still not running.

Please download RestoreBFE and run it.

Restart the computer, run FSS and post a fresh FSS log.

#15 Fiale

Fiale
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:18 PM

Posted 15 July 2012 - 03:52 PM

Ok here's the new FSS log:

Farbar Service Scanner Version: 08-07-2012
Ran by Kerry (administrator) on 15-07-2012 at 21:51:31
Running from "C:\Users\Kerry\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users