After too much houres trying to find what is wrong with my desktop bored to hell I transfered some files to my"safe" laptop.From that point all the problems I was expiriencing to my desktop (hanging at start up, low responce times,etc..) moved to my hp pavilion g6 laptop.After a clean install (factory restore using hp partition ) under the task manager csrss.exe and winlogon.exe don't have discription and no user name.
My question is :is it possible for a bios virus that transfered from desktop currently infecting my pc ?????
(PLS I need help because someone stole my skype password and wrote something to a friend of mine there is certainly a security hole in one of my pc's so I need a safe laptop to work ).
After following the 5 step guide below I present the log files after recovering to factory setting by hp patrition.
ANY help will be great.
Thanks IN andvance.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
H_P :: H_P-HP [administrator]
Protection: Enabled
23/6/2012 4:28:59 πμ
mbam-log-2012-06-23 (04-28-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200146
Time elapsed: 1 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-23 05:04:45
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3fd10f5
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3fd10f5 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by H_P at 5:43:25 on 2012-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1033.18.4044.1759 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\REGEDIT.EXE
C:\Windows\SysWOW64\REGEDIT.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [<NO NAME>]
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\wubi.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B5535D1B-C9C8-44F6-B7EE-76B2E57AC1D7} : DhcpNameServer = 192.168.178.1
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [(Default)]
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-19 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-10 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-13 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-12 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-23 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-23 2425960]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-23 654408]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-23 2656280]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys --> C:\Windows\system32\drivers\bcbtums.sys [?]
R3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-06-23 02:07:13 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE20CE94-9443-4B0F-8C34-1A837981AE70}\mpengine.dll
2012-06-23 01:45:14 -------- d-----w- C:\Windows\ehome
2012-06-23 01:28:01 -------- d-----w- C:\Users\H_P\AppData\Roaming\Malwarebytes
2012-06-23 01:27:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-23 01:27:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-23 01:27:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-23 01:21:41 -------- d-----w- C:\ProgramData\Synaptics
2012-06-23 01:13:59 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-06-23 01:13:42 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 01:09:46 -------- d-----w- C:\Program Files (x86)\HP SimplePass 2011
2012-06-23 01:09:37 -------- d-----w- C:\Program Files\Common Files\AuthenTec
2012-06-23 01:09:37 -------- d-----w- C:\Program Files (x86)\Common Files\AuthenTec
2012-06-23 01:09:35 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-06-23 01:08:23 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-06-23 01:02:44 -------- d-----w- C:\Program Files\Symantec
2012-06-23 01:01:37 -------- d-----w- C:\Windows\Hewlett-Packard
2012-06-23 01:01:12 620584 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2012-06-23 01:00:13 22056 ----a-w- C:\Windows\System32\btwcoins.dll
2012-06-23 01:00:11 89640 ----a-w- C:\Windows\System32\drivers\btwdpan.sys
2012-06-23 01:00:11 39976 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-06-23 01:00:11 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-06-23 01:00:11 178728 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-06-23 01:00:10 167976 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2012-06-23 01:00:10 133672 ----a-w- C:\Windows\System32\drivers\bcbtums.sys
2012-06-23 00:59:10 -------- d-----w- C:\Program Files\WIDCOMM
2012-06-23 00:58:20 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2012-06-23 00:58:20 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2012-06-23 00:58:20 3617280 ----a-w- C:\Windows\System32\bcmihvui64.dll
2012-06-23 00:58:19 4729408 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2012-06-23 00:58:19 3952128 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2012-06-23 00:58:19 -------- d-----w- C:\Program Files\Broadcom
2012-06-23 00:58:08 -------- d-sh--w- C:\Windows\Installer
2012-06-23 00:57:24 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-06-23 00:57:24 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-06-23 00:57:24 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-06-23 00:57:11 6012416 ----a-w- C:\Windows\System32\IDTNGUI.exe
2012-06-23 00:57:11 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-06-23 00:57:11 5077504 ----a-w- C:\Windows\System32\IDTNHP.dll
2012-06-23 00:57:11 4113408 ----a-w- C:\Windows\System32\stlang64.dll
2012-06-23 00:57:11 233472 ----a-w- C:\Windows\System32\IDTNJ.exe
2012-06-23 00:57:11 1819136 ----a-w- C:\Windows\System32\IDTNC64.cpl
2012-06-23 00:57:11 1424896 ----a-w- C:\Windows\sttray64.exe
2012-06-23 00:57:11 1041920 ----a-w- C:\Windows\System32\IDTNX.dll
2012-06-23 00:57:11 -------- d-----w- C:\Windows\System32\SRSLabs
2012-06-23 00:55:48 -------- d-----w- C:\Program Files\Synaptics
2012-06-23 00:55:24 -------- d-----w- C:\Program Files\Common Files\Intel
2012-06-23 00:55:23 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-06-23 00:54:32 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-06-23 00:54:30 -------- d-----w- C:\Intel
2012-06-22 23:42:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B90E834-63B2-43AF-9A80-0689CFF7388F}\offreg.dll
2012-06-22 23:35:44 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90681BA4-F478-4489-BD1D-413D0A4E6B53}\gapaengine.dll
2012-06-22 23:35:42 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B90E834-63B2-43AF-9A80-0689CFF7388F}\mpengine.dll
2012-06-22 23:34:07 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-22 23:34:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-22 22:21:29 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-22 22:21:29 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-22 22:21:28 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-22 22:21:28 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-22 22:12:56 2504112 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\wubi.exe
2012-06-22 15:36:57 -------- d-----w- C:\Users\H_P\AppData\Local\Hewlett-Packard
2012-06-22 15:36:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 15:36:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 15:36:29 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 15:36:29 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 15:35:44 -------- d-----w- C:\Users\H_P\AppData\Local\Broadcom
2012-06-22 15:35:29 -------- d-----w- C:\Users\H_P\AppData\Roaming\Synaptics
2012-06-22 15:35:27 -------- d-----w- C:\Users\H_P\AppData\Roaming\hpqLog
2012-06-22 15:35:04 -------- d-----w- C:\Users\H_P\AppData\Local\AuthenTec
2012-06-22 15:34:32 -------- d-----w- C:\Users\H_P\AppData\Roaming\Symantec
2012-06-22 15:34:21 -------- d-----w- C:\Users\H_P\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
.
============= FINISH: 5:43:36,18 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 22/6/2012 6:33:41 μμ
System Uptime: 23/6/2012 2:34:12 πμ (3 hours ago)
.
Motherboard: Hewlett-Packard | | 166F
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU1 | 2501/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 164,154 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2,204 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1,078 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 22/6/2012 6:36:16 μμ - Windows Update
RP4: 23/6/2012 1:21:31 πμ - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
CyberLink YouCam
ESU for Microsoft Windows 7 SP1
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP On Screen Display
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP SimplePass PE 2011
HP Software Framework
HP Support Assistant
IDT Audio
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
VIP Access SDK (1.0.1.2)
.
==== Event Viewer Messages From Past Week ========
.
23/6/2012 2:19:22 πμ, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
22/6/2012 6:36:34 μμ, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
22/6/2012 6:36:33 μμ, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
22/6/2012 6:36:32 μμ, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
22/6/2012 6:35:37 μμ, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
My question is :is it possible for a bios virus that transfered from desktop currently infecting my pc ?????
(PLS I need help because someone stole my skype password and wrote something to a friend of mine there is certainly a security hole in one of my pc's so I need a safe laptop to work ).
After following the 5 step guide below I present the log files after recovering to factory setting by hp patrition.
ANY help will be great.
Thanks IN andvance.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
H_P :: H_P-HP [administrator]
Protection: Enabled
23/6/2012 4:28:59 πμ
mbam-log-2012-06-23 (04-28-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200146
Time elapsed: 1 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-23 05:04:45
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\7ce9d3fd10f5
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\7ce9d3fd10f5 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by H_P at 5:43:25 on 2012-06-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1033.18.4044.1759 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\REGEDIT.EXE
C:\Windows\SysWOW64\REGEDIT.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [<NO NAME>]
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\wubi.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B5535D1B-C9C8-44F6-B7EE-76B2E57AC1D7} : DhcpNameServer = 192.168.178.1
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [(Default)]
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-19 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-10 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-13 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-12 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-23 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-23 2425960]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-23 654408]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-23 2656280]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\system32\drivers\bcbtums.sys --> C:\Windows\system32\drivers\bcbtums.sys [?]
R3 btwampfl;btwampfl Bluetooth filter driver;\??\C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\system32\DRIVERS\btwdpan.sys --> C:\Windows\system32\DRIVERS\btwdpan.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
.
=============== Created Last 30 ================
.
2012-06-23 02:07:13 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE20CE94-9443-4B0F-8C34-1A837981AE70}\mpengine.dll
2012-06-23 01:45:14 -------- d-----w- C:\Windows\ehome
2012-06-23 01:28:01 -------- d-----w- C:\Users\H_P\AppData\Roaming\Malwarebytes
2012-06-23 01:27:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-23 01:27:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-23 01:27:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-23 01:21:41 -------- d-----w- C:\ProgramData\Synaptics
2012-06-23 01:13:59 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-06-23 01:13:42 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 01:09:46 -------- d-----w- C:\Program Files (x86)\HP SimplePass 2011
2012-06-23 01:09:37 -------- d-----w- C:\Program Files\Common Files\AuthenTec
2012-06-23 01:09:37 -------- d-----w- C:\Program Files (x86)\Common Files\AuthenTec
2012-06-23 01:09:35 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-06-23 01:08:23 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-06-23 01:02:44 -------- d-----w- C:\Program Files\Symantec
2012-06-23 01:01:37 -------- d-----w- C:\Windows\Hewlett-Packard
2012-06-23 01:01:12 620584 ----a-w- C:\Windows\System32\drivers\btwampfl.sys
2012-06-23 01:00:13 22056 ----a-w- C:\Windows\System32\btwcoins.dll
2012-06-23 01:00:11 89640 ----a-w- C:\Windows\System32\drivers\btwdpan.sys
2012-06-23 01:00:11 39976 ----a-w- C:\Windows\System32\drivers\btwl2cap.sys
2012-06-23 01:00:11 21544 ----a-w- C:\Windows\System32\drivers\btwrchid.sys
2012-06-23 01:00:11 178728 ----a-w- C:\Windows\System32\drivers\btwavdt.sys
2012-06-23 01:00:10 167976 ----a-w- C:\Windows\System32\drivers\btwaudio.sys
2012-06-23 01:00:10 133672 ----a-w- C:\Windows\System32\drivers\bcbtums.sys
2012-06-23 00:59:10 -------- d-----w- C:\Program Files\WIDCOMM
2012-06-23 00:58:20 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2012-06-23 00:58:20 6656 ----a-w- C:\Windows\System32\bcmwlrc.dll
2012-06-23 00:58:20 3617280 ----a-w- C:\Windows\System32\bcmihvui64.dll
2012-06-23 00:58:19 4729408 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS
2012-06-23 00:58:19 3952128 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2012-06-23 00:58:19 -------- d-----w- C:\Program Files\Broadcom
2012-06-23 00:58:08 -------- d-sh--w- C:\Windows\Installer
2012-06-23 00:57:24 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-06-23 00:57:24 565352 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-06-23 00:57:24 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-06-23 00:57:11 6012416 ----a-w- C:\Windows\System32\IDTNGUI.exe
2012-06-23 00:57:11 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-06-23 00:57:11 5077504 ----a-w- C:\Windows\System32\IDTNHP.dll
2012-06-23 00:57:11 4113408 ----a-w- C:\Windows\System32\stlang64.dll
2012-06-23 00:57:11 233472 ----a-w- C:\Windows\System32\IDTNJ.exe
2012-06-23 00:57:11 1819136 ----a-w- C:\Windows\System32\IDTNC64.cpl
2012-06-23 00:57:11 1424896 ----a-w- C:\Windows\sttray64.exe
2012-06-23 00:57:11 1041920 ----a-w- C:\Windows\System32\IDTNX.dll
2012-06-23 00:57:11 -------- d-----w- C:\Windows\System32\SRSLabs
2012-06-23 00:55:48 -------- d-----w- C:\Program Files\Synaptics
2012-06-23 00:55:24 -------- d-----w- C:\Program Files\Common Files\Intel
2012-06-23 00:55:23 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-06-23 00:54:32 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-06-23 00:54:30 -------- d-----w- C:\Intel
2012-06-22 23:42:11 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B90E834-63B2-43AF-9A80-0689CFF7388F}\offreg.dll
2012-06-22 23:35:44 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{90681BA4-F478-4489-BD1D-413D0A4E6B53}\gapaengine.dll
2012-06-22 23:35:42 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5B90E834-63B2-43AF-9A80-0689CFF7388F}\mpengine.dll
2012-06-22 23:34:07 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-22 23:34:03 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-22 22:21:29 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-22 22:21:29 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-22 22:21:28 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-22 22:21:28 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-22 22:12:56 2504112 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\wubi.exe
2012-06-22 15:36:57 -------- d-----w- C:\Users\H_P\AppData\Local\Hewlett-Packard
2012-06-22 15:36:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 15:36:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 15:36:29 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 15:36:29 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 15:35:44 -------- d-----w- C:\Users\H_P\AppData\Local\Broadcom
2012-06-22 15:35:29 -------- d-----w- C:\Users\H_P\AppData\Roaming\Synaptics
2012-06-22 15:35:27 -------- d-----w- C:\Users\H_P\AppData\Roaming\hpqLog
2012-06-22 15:35:04 -------- d-----w- C:\Users\H_P\AppData\Local\AuthenTec
2012-06-22 15:34:32 -------- d-----w- C:\Users\H_P\AppData\Roaming\Symantec
2012-06-22 15:34:21 -------- d-----w- C:\Users\H_P\AppData\Local\VirtualStore
.
==================== Find3M ====================
.
.
============= FINISH: 5:43:36,18 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 22/6/2012 6:33:41 μμ
System Uptime: 23/6/2012 2:34:12 πμ (3 hours ago)
.
Motherboard: Hewlett-Packard | | 166F
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU1 | 2501/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 164,154 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2,204 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1,078 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 22/6/2012 6:36:16 μμ - Windows Update
RP4: 23/6/2012 1:21:31 πμ - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
CyberLink YouCam
ESU for Microsoft Windows 7 SP1
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP On Screen Display
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP SimplePass PE 2011
HP Software Framework
HP Support Assistant
IDT Audio
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
VIP Access SDK (1.0.1.2)
.
==== Event Viewer Messages From Past Week ========
.
23/6/2012 2:19:22 πμ, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
22/6/2012 6:36:34 μμ, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
22/6/2012 6:36:33 μμ, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
22/6/2012 6:36:32 μμ, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
22/6/2012 6:35:37 μμ, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================