Is Laptop Completely Clean

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

adisx06x

Thread Starter
Joined
Mar 1, 2012
Messages
77
So I was cleaning my friends laptop because it had a blue screen every time you turned on the computer. I ran several scans on it with malwarebytes antimalware, super anitspyware, and tds killer. The computer no longer has the blue screen when turned on and I installed security essentials on it...I need help knowing if the laptop is good to go now because I still get some infected files (don't know if thats because of maybe conflicting anti-viruses) any way here is the hijackthis file...

ps: currently running ESET Online Scanner so far 2 infected files...again don't know if thats because of conflicting programs...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:14:43 PM, on 2/3/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r255264\payload\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (Dell) (QDLService2kDell) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r255264\payload\wdm\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7124 bytes
 
Joined
May 7, 2011
Messages
14,142
The HJT log you have posted is incomplete. Please go Here and follow the instructions to run DDS, then Copy and Paste both the logs into your next reply.

Conflicting Anti Virus programs will not cause detections. I can see in the log Microsoft Security Essentials, but no sign of any other Anti Virus so not sure what you are referring to. If you have any other Anti Virus program on the system it should be uninstalled, Malwarebytes and SuperAntiSpyware will not cause conflicts and should be kept.

Please post full details of what Eset finds and post the logs from TDSSKiller and Malwarebytes so we can see what you have removed. The TDSSKiller logs will be found on your C: drive and the Mbam logs can be found under the logs tab on the main window when you open the program.
 

adisx06x

Thread Starter
Joined
Mar 1, 2012
Messages
77
man i can't seem to get out of one :/...I was running a scan and the laptop rebooted and for some reason now the keys "a" "q" "z" and the number "1" key don't work...i need "a" and "1" to enter the password and login...is there anyway i can access windows virtual keyboard from login screen on an XP so I can worry about trying to fix those keys later and get to the malware for now...sorry for this mess, seems like it happened out of nowhere
 
Joined
May 7, 2011
Messages
14,142
Sounds like the keyboard has developed a fault considering those keys are all in line with each other. As far as I know you cannot switch on the virtual keyboard until you have reached the desktop, the only way I can think of getting around the problem is to use a USB keyboard borrowed from a desktop PC, just plug it in and reboot.

If you manage to get in using another keyboard change the password to blank so you don't have to enter it, just in case it happens again.
 

adisx06x

Thread Starter
Joined
Mar 1, 2012
Messages
77
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:13 PM, on 2/4/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r255264\payload\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\utilman.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis (1).exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellBtrEvent] D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.dell.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1274789308000
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://172.17.144.27/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spc.edu
O17 - HKLM\Software\..\Telephony: DomainName = spc.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spc.edu
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (Dell) (QDLService2kDell) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r255264\payload\wdm\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16309 bytes







DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 20:48:39 on 2013-02-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2223 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r255264\payload\wdm\stacsv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\utilman.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis (1).exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellBtrEvent] d:\program files\dell\reader 2.0\DellBtrEvent.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: legalnoticecaption = Saint Peter's College
mPolicies-System: legalnoticetext = Users of this system have no explicit or implicit expectation of privacy. In using this computer system, Saint Peter’s College (SPC) employees agree to comply with Saint Peter’s College Network Policy, Email Policy, and Acceptable Use Policy . These policies can be viewed on the St. Peter’s ITS website at http://www.spc.edu/pages/1607.asp.
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: dell.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274789308000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://172.17.144.27/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 167.206.245.129 167.206.245.130 192.168.1.1
TCP: Interfaces\{C9743D04-8E06-414C-BB29-539DBB338493} : DHCPNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-5-12 17072]
R1 DVMIO;DVMIO;d:\program files\dell\reader 2.0\dvmio.sys [2009-7-10 16984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-12-17 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-12-17 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 376608]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.0\DVMExportService.exe [2009-8-3 327680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-5-12 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-2 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-2 682344]
R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files\qualcomm\qdlservice2k\QDLService2kDell.exe [2010-6-25 331512]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-5-12 59904]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-11-9 2533400]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-5-12 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-5-12 113664]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-8-2 134144]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-5-12 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-5-12 167080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-12 132352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-2 21104]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\Netwxn00.sys [2013-2-3 10281088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-5-12 60928]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-8-2 144576]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-5-12 215040]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-9-17 370008]
.
=============== Created Last 30 ================
.
2013-02-05 01:34:37 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69cc2899-b5a4-4928-a6bb-217a789389b5}\mpengine.dll
2013-02-04 02:06:05 -------- d-sha-r- C:\cmdcons
2013-02-04 02:04:08 98816 ----a-w- c:\windows\sed.exe
2013-02-04 02:04:08 256000 ----a-w- c:\windows\PEV.exe
2013-02-04 02:04:08 208896 ----a-w- c:\windows\MBR.exe
2013-02-03 23:19:37 -------- d-----w- c:\windows\pss
2013-02-03 23:04:51 -------- d-----w- c:\documents and settings\administrator\application data\addpcs
2013-02-03 23:04:05 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Coupon Companion
2013-02-03 23:04:00 -------- d-----w- c:\program files\Coupon Companion
2013-02-03 23:03:54 -------- d-----w- c:\program files\Temp File Cleaner
2013-02-03 23:02:20 6991832 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-03 23:02:20 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-03 23:00:31 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-03 22:47:06 -------- d-----w- C:\708c2f746dd075b804
2013-02-03 22:40:22 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google
2013-02-03 22:36:07 3389712 ----a-w- c:\windows\system32\Netwrn00.dll
2013-02-03 22:36:07 10281088 ----a-w- c:\windows\system32\drivers\Netwxn00.sys
2013-02-03 22:36:06 743696 ----a-w- c:\windows\system32\Netwcn00.dll
2013-02-03 22:35:39 -------- d-----w- c:\program files\common files\Intel
2013-02-03 20:26:50 -------- d-----w- c:\program files\SystemRequirementsLab
2013-02-03 20:23:04 125922032 ----a-w- c:\documents and settings\administrator\application data\Network_Driver_M43X5_WN_5.100.235.12_A37.EXE
2013-02-03 20:19:39 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
2013-02-03 20:09:10 -------- d-----w- c:\program files\QUALCOMM
2013-02-03 20:09:10 -------- d-----w- c:\documents and settings\all users\application data\QUALCOMM
2013-02-03 20:08:38 -------- d-----w- c:\windows\Dell
2013-02-03 19:53:06 -------- d-----w- c:\documents and settings\administrator\application data\Dell
2013-02-03 05:15:10 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-03 04:37:40 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2013-02-03 04:37:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-02-03 04:37:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-03 04:37:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-03 04:07:44 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
2013-02-03 04:07:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-03 04:07:39 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
.
==================== Find3M ====================
.
2013-02-03 05:16:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-02-03 05:16:43 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
.
============= FINISH: 20:48:49.56 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/20/2010 1:51:10 PM
System Uptime: 2/4/2013 8:23:17 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0K42JR
Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz | CPU 1 | 2659/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 72 GiB total, 44.322 GiB free.
D: is FIXED (FAT32) - 2 GiB total, 1.897 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP76: 10/4/2011 10:36:24 PM - System Checkpoint
RP77: 10/6/2011 2:10:56 PM - System Checkpoint
RP78: 10/8/2011 4:27:18 PM - System Checkpoint
RP79: 10/9/2011 6:12:20 PM - System Checkpoint
RP80: 10/10/2011 10:02:09 PM - System Checkpoint
RP81: 10/13/2011 1:06:03 PM - System Checkpoint
RP82: 10/20/2011 9:29:43 AM - System Checkpoint
RP83: 10/23/2011 9:55:44 AM - System Checkpoint
RP84: 10/26/2011 10:24:43 AM - System Checkpoint
RP85: 10/31/2011 11:12:18 AM - System Checkpoint
RP86: 11/2/2011 2:09:32 PM - Removed NetAssistant
RP87: 11/3/2011 6:58:53 PM - System Checkpoint
RP88: 11/11/2011 10:52:30 PM - Restore Operation
RP89: 11/14/2011 3:37:52 PM - System Checkpoint
RP90: 1/31/2013 3:16:23 AM - Restore Operation
RP91: 1/31/2013 3:22:45 AM - Restore Operation
RP92: 2/2/2013 10:17:30 PM - Restore Operation
RP93: 2/3/2013 12:09:18 AM - Removed Intel(R) PROSet/Wireless WiFi Software.
RP94: 2/3/2013 3:09:07 PM - Installed Qualcomm Gobi 2000 Package for Dell
RP95: 2/3/2013 5:35:30 PM - Installed Intel(R) PROSet/Wireless WiFi Software.
RP96: 2/3/2013 5:49:51 PM - Removed Sophos Anti-Virus
RP97: 2/3/2013 5:53:03 PM - Removed Sophos AutoUpdate
RP98: 2/3/2013 5:53:50 PM - Removed Sophos Remote Management System
RP99: 2/3/2013 6:03:38 PM - Software Distribution Service 3.0
RP100: 2/3/2013 6:25:48 PM - Installed Kaspersky Security Scan.
RP101: 2/3/2013 6:45:04 PM - First Restore Point
RP102: 2/4/2013 8:34:34 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
AccelerometerP11
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
AXIS Camera Management 2.00
AXIS Media Control Embedded
BioAPI Framework
Compatibility Pack for the 2007 Office system
Coupon Companion
Crystal Reports for Visual Studio
DCP32MMWrapper
Definition update for Microsoft Office 2010 (KB982726)
Dell Control Point
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell ControlVault Host Components Installer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
Document Manager Lite
Dotfuscator Software Services - Community Edition
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Gemalto
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2455033)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB967048-v2)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM SPSS Statistics 19
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Network Connections 14.8.43.0
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 7
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB927977)
NOOK Study
NTRU TCG Software Stack
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PopCap Browser Plugin
PowerDVD DX
Preboot Manager
Private Information Manager
Qualcomm Gobi 2000 Package for Dell
Reader 2.0
RICOH Media Driver ver.2.11.01.02
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Wizards
Segoe UI
Service Pack 2 for SQL Server 2008 (KB2285068)
SO32MMWrapper
Sql Server Customer Experience Improvement Program
SUPERAntiSpyware
System Requirements Lab for Intel
Temp File Cleaner
Trusted Drive Manager
tsp patch
UI Desktop 2.2.0
UI Desktop 2.3.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
UPEK TouchChip Fingerprint Reader
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Wave Infrastructure Installer
Wave Support Software
Web Deployment Tool
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Search 4.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Software Update
Yahoo! Toolbar
Yontoo Layers Runtime 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
2/4/2013 12:11:01 AM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
2/3/2013 9:08:16 PM, error: Service Control Manager [7034] - The FF Install Filter Service service terminated unexpectedly. It has done this 1 time(s).
2/3/2013 7:46:08 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.J&threatid=2147651153 Name: Trojan:WinNT/Sirefef.J ID: 2147651153 Severity: Severe Category: Trojan Path: file:_C:\TDSSKiller_Quarantine\03.02.2013_00.13.59\rtkt0001\svc0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.143.1458.0, AS: 1.143.1458.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9103.0, NIS: 0.0.0.0
2/3/2013 6:01:32 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80244015 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/3/2013 12:18:47 AM, error: Service Control Manager [7024] - The SQL Server (SQLEXPRESS) service terminated with service-specific error 1814 (0x716).
2/3/2013 12:04:47 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
2/2/2013 9:58:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DVMIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVOnAccessControl SAVOnAccessFilter Tcpip
2/2/2013 9:58:56 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2013 9:58:56 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2013 9:58:56 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2013 9:58:56 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2013 11:53:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Pcmcia
2/2/2013 11:51:51 PM, error: NETLOGON [5719] - No Domain Controller is available for domain SPC due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
2/2/2013 11:51:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/2/2013 11:50:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/2/2013 11:38:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/2/2013 11:34:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/2/2013 11:28:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DVMIO Fips intelppm SASDIFSV SASKUTIL SAVOnAccessControl SAVOnAccessFilter
2/2/2013 11:27:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/2/2013 10:57:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DVMIO Fips intelppm SAVOnAccessControl SAVOnAccessFilter
1/31/2013 4:53:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/31/2013 4:43:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/31/2013 4:13:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/30/2013 1:32:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {B20E899D-B079-479D-A4DC-10F758D9CD9A}
.
==== End Of File ===========================
 

adisx06x

Thread Starter
Joined
Mar 1, 2012
Messages
77
Before you had replied to me i had ran a combofix it left a log and this is the log if im not mistaken! When I finally booted up to the computer all the keys worked again!!! It had to be combofix in my opinion. When I ran combofix to log in those keys were dead like i posted earlier and when i finally got to log in they were fine again.



ComboFix 13-02-03.03 - Administrator 02/04/2013 0:01.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2516 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\Jaguar.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
C:\install.exe
c:\program files\LP
c:\program files\LP\9700\13.tmp
c:\program files\LP\9700\14.tmp
c:\program files\LP\9700\18.tmp
c:\program files\LP\9700\1A.tmp
c:\program files\LP\9700\1B.tmp
c:\windows\system32\drivers\npf.sys
c:\windows\system32\OLD12.tmp
c:\windows\system32\OLD15.tmp
c:\windows\system32\Packet.dll
c:\windows\system32\test
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))
.
.
2013-02-03 23:04 . 2013-02-03 23:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\addpcs
2013-02-03 23:04 . 2013-02-03 23:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Coupon Companion
2013-02-03 23:04 . 2013-02-03 23:04 -------- d-----w- c:\program files\Coupon Companion
2013-02-03 23:03 . 2013-02-03 23:03 -------- d-----w- c:\program files\Temp File Cleaner
2013-02-03 23:02 . 2013-01-30 10:53 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-03 23:02 . 2013-01-18 17:17 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00441AFD-6730-4450-B677-993DC2D98007}\mpengine.dll
2013-02-03 23:00 . 2013-02-03 23:00 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-03 22:47 . 2013-02-03 22:54 -------- d-----w- C:\708c2f746dd075b804
2013-02-03 22:40 . 2013-02-03 22:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2013-02-03 22:40 . 2013-02-03 22:41 -------- d-----w- c:\program files\Google
2013-02-03 22:36 . 2012-09-30 16:14 10281088 ----a-w- c:\windows\system32\drivers\Netwxn00.sys
2013-02-03 22:36 . 2012-02-17 05:34 3389712 ----a-w- c:\windows\system32\Netwrn00.dll
2013-02-03 22:36 . 2012-02-17 05:34 743696 ----a-w- c:\windows\system32\Netwcn00.dll
2013-02-03 22:35 . 2013-02-03 22:35 -------- d-----w- c:\program files\Common Files\Intel
2013-02-03 20:26 . 2013-02-03 20:26 -------- d-----w- c:\program files\SystemRequirementsLab
2013-02-03 20:23 . 2013-02-03 20:27 125922032 ----a-w- c:\documents and settings\Administrator\Application Data\Network_Driver_M43X5_WN_5.100.235.12_A37.EXE
2013-02-03 20:19 . 2013-02-03 22:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
2013-02-03 20:09 . 2013-02-03 20:09 -------- d-----w- c:\program files\QUALCOMM
2013-02-03 20:09 . 2013-02-03 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\QUALCOMM
2013-02-03 20:08 . 2013-02-03 20:08 -------- d-----w- c:\windows\Dell
2013-02-03 19:53 . 2013-02-03 19:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Dell
2013-02-03 05:15 . 2013-02-03 05:15 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-03 04:37 . 2013-02-03 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-02-03 04:37 . 2013-02-03 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-02-03 04:37 . 2013-02-03 04:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-03 04:37 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-03 04:07 . 2013-02-03 04:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-02-03 04:07 . 2013-02-03 04:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-02-03 04:07 . 2013-02-03 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-05 01:25 . 2010-05-12 16:11 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
2013-02-03 05:16 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-02-03 05:16 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-06-04 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-14 495711]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2010-01-14 737280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-02 144920]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-01-15 284696]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-14 158592]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-14 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"DellBtrEvent"="d:\program files\Dell\Reader 2.0\DellBtrEvent.exe" [2009-08-26 147456]
"nwiz"="nwiz.exe" [2010-04-17 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-17 13803520]
"NVHotkey"="nvHotkey.dll" [2010-04-17 86016]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-07-09 112152]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-25 1407248]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-25 1210640]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-2-25 636256]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-12-10 1338144]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-951548198-541532591-617630493-11571\Scripts\Logon\0\0]
"Script"=SPCDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-951548198-541532591-617630493-19843\Scripts\Logon\0\0]
"Script"=SPCDrives.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Barnes & Noble\\NOOKstudy\\NOOKStudy.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [5/12/2010 11:01 AM 17072]
R1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.0\dvmio.sys [7/10/2009 3:12 PM 16984]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [11/20/2009 5:42 PM 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [12/17/2009 10:45 AM 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [12/17/2009 10:45 AM 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [12/10/2009 1:09 PM 376608]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.0\DVMExportService.exe [8/3/2009 2:35 PM 327680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [5/12/2010 11:00 AM 13336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/2/2013 11:37 PM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/2/2013 11:37 PM 682344]
R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files\QUALCOMM\QDLService2k\QDLService2kDell.exe [6/25/2010 11:54 AM 331512]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [5/12/2010 1:44 PM 59904]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [11/9/2010 2:04 PM 2533400]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [5/12/2010 11:01 AM 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/12/2010 1:44 PM 113664]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [8/2/2010 2:51 PM 134144]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [5/12/2010 1:44 PM 33832]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [5/12/2010 1:44 PM 167080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [5/12/2010 1:44 PM 132352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/2/2013 11:37 PM 21104]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\Netwxn00.sys [2/3/2013 5:36 PM 10281088]
S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [5/12/2010 11:01 AM 60928]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [8/2/2010 2:51 PM 144576]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [5/12/2010 1:44 PM 215040]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 10:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [9/17/2010 9:14 AM 370008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-03 22:41 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 22:40]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 22:40]
.
2013-02-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2013-02-04 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2013-02-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3924ce28-1fd3-4019-9648-379090d45ea6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-02-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 85c1ba20-3a6d-4689-8725-64cc2cf0154f.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-02-05 c:\windows\Tasks\User_Feed_Synchronization-{22C88B02-DF79-450A-9D05-58DA1AC2C680}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Trusted Zone: dell.com
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://172.17.144.27/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-57430312.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-04 20:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3232935390-2093100799-4264996292-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,d0,c3,69,2d,14,93,4e,af,19,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,d0,c3,69,2d,14,93,4e,af,19,9a,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5144)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\btmmhook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\drivers\audio\r255264\payload\wdm\stacsv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\locator.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\utilman.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-02-04 20:31:28 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-05 01:31
.
Pre-Run: 47,827,156,992 bytes free
Post-Run: 47,797,768,192 bytes free
.
- - End Of File - - 149308806CA26E2E491E735E658D1729
 
Joined
May 7, 2011
Messages
14,142
Combofix should not be run without guidance:

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.
Glad to hear the problem with the keyboard is fixed, but please don't run any other scans unless instructed. You have saved Combofix in the wrong location, it needs to be moved to the desktop.

Please post the other logs I asked for in post 2.
 

adisx06x

Thread Starter
Joined
Mar 1, 2012
Messages
77
here is all the logs on the malwarebytes in order

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.14.11

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: E6410-STULOAN43 [administrator]

Protection: Disabled

2/2/2013 11:38:23 PM
mbam-log-2013-02-02 (23-38-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 294602
Time elapsed: 10 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DsQJ7dEK8RqYwUr (Trojan.Dropper.PE4) -> Data: C:\Documents and Settings\Administrator\Application Data\dwme.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MozillaAgent (Trojan.Agent) -> Data: C:\WINDOWS\Temp\_ex-68.exe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:53758 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vTZqjYCwkVzNx0v8234A (Trojan.FakeAlert.CLGen) -> Data: C:\WINDOWS\system32\AV Security 2012v121.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4D7.exe (Backdoor.CycBot) -> Data: C:\Program Files\LP\9700\4D7.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 16
C:\Documents and Settings\Administrator\Application Data\dwme.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\0ED23\241B9.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\0ED23\3ACE9.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\0ED23\69289.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\0ED23\72059.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\0ED23\9F329.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\0ED23\A8C09.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\0ED23\B6949.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\0ED23\C3CC9.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\0ED23\E41D9.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\0ED23\FCF39.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\dwme.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\5689.sys (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ypphiq\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.

(end)


Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.14.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: E6410-STULOAN43 [administrator]

Protection: Enabled

2/3/2013 3:43:51 PM
mbam-log-2013-02-03 (15-43-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 298228
Time elapsed: 23 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.03.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: E6410-STULOAN43 [administrator]

Protection: Enabled

2/3/2013 5:45:33 PM
mbam-log-2013-02-03 (17-45-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 56000
Time elapsed: 6 minute(s), 52 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.03.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: E6410-STULOAN43 [administrator]

Protection: Enabled

2/3/2013 8:45:05 PM
mbam-log-2013-02-03 (20-45-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282953
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 748a9223b6845f51adb19c129edb73a8 -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



2013/02/02 23:52:02 -0500 E6410-STULOAN43 MESSAGE Starting protection
2013/02/02 23:52:02 -0500 E6410-STULOAN43 MESSAGE Protection started successfully
2013/02/02 23:52:02 -0500 E6410-STULOAN43 MESSAGE Starting IP protection
2013/02/02 23:53:18 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully

2013/02/03 00:02:24 -0500 E6410-STULOAN43 Administrator MESSAGE Executing scheduled update: Daily
2013/02/03 00:02:26 -0500 E6410-STULOAN43 Administrator ERROR Scheduled update failed: Host not found failed with error code 0
2013/02/03 00:17:57 -0500 E6410-STULOAN43 MESSAGE Starting protection
2013/02/03 00:17:57 -0500 E6410-STULOAN43 MESSAGE Protection started successfully
2013/02/03 00:17:57 -0500 E6410-STULOAN43 MESSAGE Starting IP protection
2013/02/03 00:19:22 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/03 00:29:54 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/03 00:29:54 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/03 00:29:54 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/03 00:30:31 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/03 00:31:47 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/03 00:31:48 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/03 00:31:48 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/03 00:31:48 -0500 E6410-STULOAN43 (null) ERROR IP protection failed: PfMakeLog failed with error code 21
2013/02/03 14:43:19 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/03 14:43:19 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/03 14:43:19 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/03 14:43:25 -0500 E6410-STULOAN43 Administrator MESSAGE Executing scheduled update: Daily
2013/02/03 14:43:32 -0500 E6410-STULOAN43 Administrator ERROR Scheduled update failed: Host not found failed with error code 0
2013/02/03 14:44:14 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/03 17:14:07 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/03 17:14:07 -0500 E6410-STULOAN43 Administrator MESSAGE Protection started successfully
2013/02/03 17:14:07 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
2013/02/03 17:15:23 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/03 17:44:50 -0500 E6410-STULOAN43 Administrator MESSAGE Starting database refresh
2013/02/03 17:44:50 -0500 E6410-STULOAN43 Administrator MESSAGE Stopping IP protection
2013/02/03 17:44:50 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection stopped successfully
2013/02/03 17:44:56 -0500 E6410-STULOAN43 Administrator MESSAGE Database refreshed successfully
2013/02/03 17:44:56 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
2013/02/03 17:45:10 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/03 17:56:38 -0500 E6410-STULOAN43 Administrator MESSAGE Starting protection
2013/02/03 17:56:38 -0500 E6410-STULOAN43 Administrator MESSAGE Protection started successfully
2013/02/03 17:56:38 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
2013/02/03 17:57:13 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/03 21:13:54 -0500 E6410-STULOAN43 Administrator MESSAGE Starting protection
2013/02/03 21:13:55 -0500 E6410-STULOAN43 Administrator MESSAGE Protection started successfully
2013/02/03 21:13:55 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
2013/02/03 21:14:32 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/03 23:39:00 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/03 23:39:00 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/03 23:39:00 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/03 23:39:30 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully


2013/02/04 00:00:18 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/04 00:00:19 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/04 00:00:19 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/04 00:01:00 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/04 00:13:09 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/04 00:13:09 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/04 00:13:09 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/04 00:13:36 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/04 00:24:27 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/04 00:24:27 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/04 00:24:27 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/04 00:24:56 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/04 00:36:24 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/04 00:36:24 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/04 00:36:24 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/04 00:36:58 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/04 00:44:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/04 00:44:50 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/04 00:44:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/04 00:45:18 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/04 08:45:06 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/04 08:45:06 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/04 08:45:06 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/04 08:45:35 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/04 20:23:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/04 20:23:50 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/04 20:23:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/04 20:24:24 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/04 20:31:27 -0500 E6410-STULOAN43 Administrator MESSAGE Executing scheduled update: Daily
2013/02/04 20:32:05 -0500 E6410-STULOAN43 Administrator MESSAGE Starting database refresh
2013/02/04 20:32:05 -0500 E6410-STULOAN43 Administrator MESSAGE Scheduled update executed successfully: database updated from version v2013.02.03.11 to version v2013.02.04.09
2013/02/04 20:32:05 -0500 E6410-STULOAN43 Administrator MESSAGE Stopping IP protection
2013/02/04 20:32:06 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection stopped successfully
2013/02/04 20:32:11 -0500 E6410-STULOAN43 Administrator MESSAGE Database refreshed successfully
2013/02/04 20:32:11 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
2013/02/04 20:32:22 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/04 22:23:04 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/04 22:23:04 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/04 22:23:04 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/04 22:23:28 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully



2013/02/05 19:35:54 -0500 E6410-STULOAN43 Administrator MESSAGE Starting protection
2013/02/05 19:35:54 -0500 E6410-STULOAN43 Administrator MESSAGE Protection started successfully
2013/02/05 19:35:54 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
2013/02/05 19:36:41 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/05 19:40:07 -0500 E6410-STULOAN43 Administrator MESSAGE Starting protection
2013/02/05 19:40:07 -0500 E6410-STULOAN43 Administrator MESSAGE Protection started successfully
2013/02/05 19:40:07 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
2013/02/05 19:40:13 -0500 E6410-STULOAN43 Administrator MESSAGE Executing scheduled update: Daily
2013/02/05 19:40:30 -0500 E6410-STULOAN43 Administrator ERROR Scheduled update failed: Host not found failed with error code 0
2013/02/05 19:40:46 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/05 19:45:05 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 19:45:05 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 19:45:05 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 19:45:34 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 19:47:59 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 19:47:59 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 19:47:59 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 19:48:27 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 19:53:33 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 19:53:33 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 19:53:33 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 19:53:59 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 20:08:42 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 20:08:42 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 20:08:42 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 20:09:06 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 20:10:56 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 20:10:56 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 20:10:56 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 20:11:30 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/05 20:29:56 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 20:29:57 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 20:29:57 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 20:30:25 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 20:35:38 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 20:35:38 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 20:35:38 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 20:36:00 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 20:39:17 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 20:39:17 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 20:39:17 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 20:39:45 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/05 20:50:41 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 20:50:41 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 20:50:41 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 20:51:13 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/05 20:56:01 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 20:56:01 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 20:56:01 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 20:56:22 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 20:58:41 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 20:58:41 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 20:58:41 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 20:59:13 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 21:00:30 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 21:00:30 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 21:00:30 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 21:00:54 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 21:07:59 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 21:07:59 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 21:07:59 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 21:08:20 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 21:09:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 21:09:50 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 21:09:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 21:10:11 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
2013/02/05 22:17:58 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 22:17:58 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 22:17:58 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 22:18:23 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
2013/02/05 22:47:21 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
2013/02/05 22:47:21 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
2013/02/05 22:47:21 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
2013/02/05 22:47:42 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
 

adisx06x

Thread Starter
Joined
Mar 1, 2012
Messages
77
tds killer log files:

00:13:59.0812 5212 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
00:13:59.0906 5212 ============================================================
00:13:59.0906 5212 Current date / time: 2013/02/03 00:13:59.0906
00:13:59.0906 5212 SystemInfo:
00:13:59.0906 5212
00:13:59.0906 5212 OS Version: 5.1.2600 ServicePack: 3.0
00:13:59.0906 5212 Product type: Workstation
00:13:59.0906 5212 ComputerName: E6410-STULOAN43
00:13:59.0906 5212 UserName: Administrator
00:13:59.0906 5212 Windows directory: C:\WINDOWS
00:13:59.0906 5212 System windows directory: C:\WINDOWS
00:13:59.0906 5212 Processor architecture: Intel x86
00:13:59.0906 5212 Number of processors: 4
00:13:59.0906 5212 Page size: 0x1000
00:13:59.0906 5212 Boot type: Normal boot
00:13:59.0906 5212 ============================================================
00:14:00.0968 5212 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:14:00.0968 5212 Drive \Device\Harddisk1\DR4 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:14:00.0968 5212 ============================================================
00:14:00.0968 5212 \Device\Harddisk0\DR0:
00:14:00.0968 5212 MBR partitions:
00:14:00.0968 5212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x90FC000
00:14:01.0000 5212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x91128BD, BlocksNum 0x3FBC04
00:14:01.0000 5212 \Device\Harddisk1\DR4:
00:14:01.0000 5212 MBR partitions:
00:14:01.0000 5212 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080
00:14:01.0000 5212 ============================================================
00:14:01.0046 5212 C: <-> \Device\Harddisk0\DR0\Partition1
00:14:01.0046 5212 D: <-> \Device\Harddisk0\DR0\Partition2
00:14:01.0046 5212 ============================================================
00:14:01.0046 5212 Initialize success
00:14:01.0046 5212 ============================================================
00:14:22.0984 7156 ============================================================
00:14:22.0984 7156 Scan started
00:14:22.0984 7156 Mode: Manual;
00:14:22.0984 7156 ============================================================
00:14:23.0156 7156 ================ Scan system memory ========================
00:14:24.0281 7156 System memory - ok
00:14:24.0281 7156 ================ Scan services =============================
00:14:24.0390 7156 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
00:14:24.0390 7156 !SASCORE - ok
00:14:24.0546 7156 Abiosdsk - ok
00:14:24.0578 7156 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:14:24.0625 7156 abp480n5 - ok
00:14:24.0656 7156 [ AF1F178B0218B44876E63BF0B019E96B ] Acceler C:\WINDOWS\system32\DRIVERS\Accelern.sys
00:14:24.0671 7156 Acceler - ok
00:14:24.0718 7156 [ D8FB7D1C3F5BFA3F53FE9CC6367E9E99 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:14:24.0718 7156 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: D8FB7D1C3F5BFA3F53FE9CC6367E9E99, Fake md5: 8FD99680A539792A30E97944FDAECF17
00:14:24.0718 7156 ACPI ( Virus.Win32.Rloader.a ) - infected
00:14:24.0718 7156 ACPI - detected Virus.Win32.Rloader.a (0)
00:14:24.0718 7156 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:14:24.0734 7156 ACPIEC - ok
00:14:24.0765 7156 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:14:24.0828 7156 adpu160m - ok
00:14:24.0875 7156 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
00:14:24.0875 7156 aec - ok
00:14:24.0906 7156 [ 822D53766D57C90C437536232ECE9023 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
00:14:24.0937 7156 AESTAud - ok
00:14:25.0000 7156 [ 355556D9E580915118CD7EF736653A89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
00:14:25.0000 7156 AFD - ok
00:14:25.0031 7156 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
00:14:25.0031 7156 agp440 - ok
00:14:25.0093 7156 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:14:25.0093 7156 agpCPQ - ok
00:14:25.0140 7156 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:14:25.0156 7156 Aha154x - ok
00:14:25.0187 7156 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:14:25.0218 7156 aic78u2 - ok
00:14:25.0234 7156 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:14:25.0265 7156 aic78xx - ok
00:14:25.0296 7156 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
00:14:25.0296 7156 Alerter - ok
00:14:25.0312 7156 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
00:14:25.0312 7156 ALG - ok
00:14:25.0343 7156 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
00:14:25.0359 7156 AliIde - ok
00:14:25.0359 7156 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:14:25.0375 7156 alim1541 - ok
00:14:25.0406 7156 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:14:25.0421 7156 amdagp - ok
00:14:25.0437 7156 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
00:14:25.0453 7156 amsint - ok
00:14:25.0500 7156 [ E8A8E6072CB7E2032E85E7735DAA511F ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
00:14:25.0515 7156 ApfiltrService - ok
00:14:25.0546 7156 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
00:14:25.0562 7156 AppMgmt - ok
00:14:25.0625 7156 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:14:25.0640 7156 Arp1394 - ok
00:14:25.0656 7156 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
00:14:25.0718 7156 asc - ok
00:14:25.0750 7156 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:14:25.0812 7156 asc3350p - ok
00:14:25.0859 7156 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:14:25.0921 7156 asc3550 - ok
00:14:26.0000 7156 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:14:26.0046 7156 aspnet_state - ok
00:14:26.0062 7156 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:14:26.0062 7156 AsyncMac - ok
00:14:26.0093 7156 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
00:14:26.0093 7156 atapi - ok
00:14:26.0093 7156 Atdisk - ok
00:14:26.0125 7156 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:14:26.0140 7156 Atmarpc - ok
00:14:26.0187 7156 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
00:14:26.0187 7156 AudioSrv - ok
00:14:26.0203 7156 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
00:14:26.0203 7156 audstub - ok
00:14:26.0218 7156 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
00:14:26.0234 7156 Beep - ok
00:14:26.0296 7156 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
00:14:26.0375 7156 BITS - ok
00:14:26.0406 7156 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
00:14:26.0406 7156 Browser - ok
00:14:26.0453 7156 [ C5A0BB83ADA38F6FC0A2338DFAC789D1 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
00:14:26.0484 7156 BTKRNL - ok
00:14:26.0578 7156 [ 4DEAFA4D960FCA4A8A147837A41614FE ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
00:14:26.0578 7156 btwdins - ok
00:14:26.0593 7156 [ F9B15CFAEF98D8117313C6C4215B9EAC ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
00:14:26.0625 7156 BTWUSB - ok
00:14:26.0734 7156 [ D9846A19208E76604E1074BB30228AC8 ] buttonsvc32 c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
00:14:26.0734 7156 buttonsvc32 - ok
00:14:26.0765 7156 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:14:26.0796 7156 cbidf - ok
00:14:26.0796 7156 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
00:14:26.0796 7156 cbidf2k - ok
00:14:26.0828 7156 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:14:26.0828 7156 CCDECODE - ok
00:14:26.0859 7156 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:14:26.0890 7156 cd20xrnt - ok
00:14:26.0906 7156 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
00:14:26.0906 7156 Cdaudio - ok
00:14:26.0921 7156 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
00:14:26.0937 7156 Cdfs - ok
00:14:26.0953 7156 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:14:26.0953 7156 Cdrom - ok
00:14:26.0953 7156 Changer - ok
00:14:27.0015 7156 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
00:14:27.0031 7156 CiSvc - ok
00:14:27.0046 7156 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
00:14:27.0062 7156 ClipSrv - ok
00:14:27.0140 7156 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:14:27.0265 7156 clr_optimization_v2.0.50727_32 - ok
00:14:27.0312 7156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:14:27.0359 7156 clr_optimization_v4.0.30319_32 - ok
00:14:27.0390 7156 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:14:27.0406 7156 CmBatt - ok
00:14:27.0437 7156 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:14:27.0437 7156 CmdIde - ok
00:14:27.0468 7156 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:14:27.0468 7156 Compbatt - ok
00:14:27.0468 7156 COMSysApp - ok
00:14:27.0500 7156 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:14:27.0515 7156 Cpqarray - ok
00:14:27.0578 7156 [ 4163C86EA091F9621017B899AD66A8BE ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
00:14:27.0593 7156 Credential Vault Host Control Service - ok
00:14:27.0593 7156 [ AD6BA00E4F4E847151A3B4A0A2945C7C ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
00:14:27.0593 7156 Credential Vault Host Storage - ok
00:14:27.0625 7156 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
00:14:27.0625 7156 CryptSvc - ok
00:14:27.0671 7156 [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv C:\WINDOWS\system32\Drivers\CtAudDrv.sys
00:14:27.0671 7156 CtAudDrv - ok
00:14:27.0718 7156 [ AA52C0B88C46D5037809D05DD826C61E ] CtClsFlt C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
00:14:27.0734 7156 CtClsFlt - ok
00:14:27.0750 7156 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
00:14:27.0781 7156 CVirtA - ok
00:14:27.0828 7156 [ D1697063E2CDB6575AA46D668FFEE825 ] cvusbdrv C:\WINDOWS\system32\Drivers\cvusbdrv.sys
00:14:27.0843 7156 cvusbdrv - ok
00:14:27.0875 7156 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:14:27.0937 7156 dac2w2k - ok
00:14:27.0937 7156 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:14:27.0968 7156 dac960nt - ok
00:14:28.0000 7156 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
00:14:28.0015 7156 DcomLaunch - ok
00:14:28.0046 7156 [ E15C7077C7E14A910770FAFE9022689C ] dcpsysmgrsvc c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
00:14:28.0062 7156 dcpsysmgrsvc - ok
00:14:28.0093 7156 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
00:14:28.0109 7156 Dhcp - ok
00:14:28.0125 7156 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
00:14:28.0125 7156 Disk - ok
00:14:28.0125 7156 dmadmin - ok
00:14:28.0171 7156 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
00:14:28.0203 7156 dmboot - ok
00:14:28.0218 7156 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
00:14:28.0234 7156 dmio - ok
00:14:28.0234 7156 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
00:14:28.0250 7156 dmload - ok
00:14:28.0265 7156 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
00:14:28.0281 7156 dmserver - ok
00:14:28.0328 7156 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
00:14:28.0328 7156 DMusic - ok
00:14:28.0375 7156 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
00:14:28.0375 7156 Dnscache - ok
00:14:28.0390 7156 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
00:14:28.0390 7156 Dot3svc - ok
00:14:28.0406 7156 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:14:28.0406 7156 dpti2o - ok
00:14:28.0421 7156 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
00:14:28.0421 7156 drmkaud - ok
00:14:28.0484 7156 [ 6368D6A6DDA2E44EECC592EB50950463 ] DVMIO D:\Program Files\Dell\Reader 2.0\dvmio.sys
00:14:28.0484 7156 DVMIO - ok
00:14:28.0515 7156 [ 6F0952F5A3C8D9E90DF1F88B84541145 ] DvmMDES D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
00:14:28.0531 7156 DvmMDES - ok
00:14:28.0562 7156 [ 9F7AE949202F0EF6B17DD3CC5C117AD3 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
00:14:28.0578 7156 e1kexpress - ok
00:14:28.0625 7156 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
00:14:28.0625 7156 EapHost - ok
00:14:28.0625 7156 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
00:14:28.0625 7156 ERSvc - ok
00:14:28.0671 7156 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
00:14:28.0671 7156 Eventlog - ok
00:14:28.0703 7156 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
00:14:28.0703 7156 EventSystem - ok
00:14:28.0750 7156 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
00:14:28.0750 7156 Fastfat - ok
00:14:28.0781 7156 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
00:14:28.0796 7156 FastUserSwitchingCompatibility - ok
00:14:28.0843 7156 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
00:14:28.0843 7156 Fax - ok
00:14:28.0875 7156 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
00:14:28.0875 7156 Fdc - ok
00:14:28.0890 7156 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
00:14:28.0906 7156 Fips - ok
00:14:28.0906 7156 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
00:14:28.0921 7156 Flpydisk - ok
00:14:28.0937 7156 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:14:28.0953 7156 FltMgr - ok
00:14:29.0015 7156 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:14:29.0031 7156 FontCache3.0.0.0 - ok
00:14:29.0062 7156 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:14:29.0062 7156 Fs_Rec - ok
00:14:29.0078 7156 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:14:29.0093 7156 Ftdisk - ok
00:14:29.0109 7156 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:14:29.0125 7156 Gpc - ok
00:14:29.0140 7156 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:14:29.0140 7156 HDAudBus - ok
00:14:29.0171 7156 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
00:14:29.0312 7156 HECI - ok
00:14:29.0421 7156 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:14:29.0421 7156 helpsvc - ok
00:14:29.0437 7156 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
00:14:29.0437 7156 HidServ - ok
00:14:29.0453 7156 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:14:29.0468 7156 hidusb - ok
00:14:29.0484 7156 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
00:14:29.0500 7156 hkmsvc - ok
00:14:29.0515 7156 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
00:14:29.0578 7156 hpn - ok
00:14:29.0625 7156 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
00:14:29.0625 7156 HTTP - ok
00:14:29.0656 7156 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
00:14:29.0671 7156 HTTPFilter - ok
00:14:29.0750 7156 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
00:14:29.0750 7156 i2omgmt - ok
00:14:29.0781 7156 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:14:29.0796 7156 i2omp - ok
00:14:29.0812 7156 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:14:29.0828 7156 i8042prt - ok
00:14:29.0890 7156 [ 6F98AB7933E98F49654AC5E1B9F87CF3 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
00:14:30.0203 7156 ialm - ok
00:14:30.0234 7156 [ 39F7C9AEEE865FE8E98CF3EDD2B4BB4A ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
00:14:30.0250 7156 iaStor - ok
00:14:30.0359 7156 [ F627BC830EE548527966288E4968AAC0 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
00:14:30.0359 7156 IAStorDataMgrSvc - ok
00:14:30.0437 7156 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:14:30.0546 7156 idsvc - ok
00:14:30.0562 7156 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
00:14:30.0562 7156 Imapi - ok
00:14:30.0609 7156 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
00:14:30.0625 7156 ImapiService - ok
00:14:30.0656 7156 [ 1E8154841A0A24D6B38778F07831A82B ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys
00:14:30.0718 7156 Impcd - ok
00:14:30.0765 7156 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:14:30.0796 7156 ini910u - ok
00:14:30.0828 7156 [ 987A2CC8EC0E86CAA2D8068B1ED7B441 ] InstallFilterService C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
00:14:30.0828 7156 InstallFilterService - ok
00:14:30.0875 7156 [ 6FC3B9C53F1A8E19FC1761A8022DA8EB ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
00:14:30.0906 7156 IntcDAud - ok
00:14:30.0921 7156 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
00:14:30.0921 7156 IntelIde - ok
00:14:30.0968 7156 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:14:30.0968 7156 intelppm - ok
00:14:30.0984 7156 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:14:31.0000 7156 Ip6Fw - ok
00:14:31.0000 7156 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:14:31.0000 7156 IpFilterDriver - ok
00:14:31.0000 7156 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:14:31.0015 7156 IpInIp - ok
00:14:31.0031 7156 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:14:31.0031 7156 IpNat - ok
00:14:31.0046 7156 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:14:31.0062 7156 IPSec - ok
00:14:31.0078 7156 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
00:14:31.0078 7156 IRENUM - ok
00:14:31.0125 7156 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:14:31.0140 7156 isapnp - ok
00:14:31.0250 7156 [ A1509BA3A5FDC5366146E92B3D130EB5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
00:14:31.0250 7156 JavaQuickStarterService - ok
00:14:31.0281 7156 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:14:31.0281 7156 Kbdclass - ok
00:14:31.0296 7156 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:14:31.0312 7156 kbdhid - ok
00:14:31.0328 7156 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
00:14:31.0328 7156 kmixer - ok
00:14:31.0375 7156 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
00:14:31.0390 7156 KSecDD - ok
00:14:31.0421 7156 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
00:14:31.0437 7156 LanmanServer - ok
00:14:31.0468 7156 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
00:14:31.0468 7156 lanmanworkstation - ok
00:14:31.0484 7156 lbrtfdc - ok
00:14:31.0531 7156 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
00:14:31.0531 7156 LmHosts - ok
00:14:31.0578 7156 [ CE97B09D1BA41802A6FAE3BBED3CC37B ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:14:31.0593 7156 LMS - ok
00:14:31.0609 7156 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
00:14:31.0625 7156 MBAMProtector - ok
00:14:31.0671 7156 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:14:31.0671 7156 MBAMScheduler - ok
00:14:31.0718 7156 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:14:31.0718 7156 MBAMService - ok
00:14:31.0796 7156 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
00:14:31.0796 7156 MDM - ok
00:14:31.0828 7156 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
00:14:31.0859 7156 Messenger - ok
00:14:31.0937 7156 Microsoft SharePoint Workspace Audit Service - ok
00:14:31.0968 7156 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
00:14:31.0984 7156 mnmdd - ok
00:14:32.0015 7156 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
00:14:32.0031 7156 mnmsrvc - ok
00:14:32.0046 7156 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
00:14:32.0046 7156 Modem - ok
00:14:32.0078 7156 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:14:32.0078 7156 Mouclass - ok
00:14:32.0109 7156 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:14:32.0125 7156 mouhid - ok
00:14:32.0140 7156 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
00:14:32.0156 7156 MountMgr - ok
00:14:32.0156 7156 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:14:32.0203 7156 mraid35x - ok
00:14:32.0203 7156 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:14:32.0203 7156 MRxDAV - ok
00:14:32.0234 7156 [ CBCDA987C7D4FA251128CAC48EFCE5CC ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:14:32.0250 7156 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: CBCDA987C7D4FA251128CAC48EFCE5CC, Fake md5: 7D304A5EB4344EBEEAB53A2FE3FFB9F0
00:14:32.0250 7156 MRxSmb ( Virus.Win32.ZAccess.h ) - infected
00:14:32.0250 7156 MRxSmb - detected Virus.Win32.ZAccess.h (0)
00:14:32.0296 7156 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
00:14:32.0296 7156 MSDTC - ok
00:14:32.0328 7156 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
00:14:32.0343 7156 Msfs - ok
00:14:32.0343 7156 MSIServer - ok
00:14:32.0359 7156 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:14:32.0359 7156 MSKSSRV - ok
00:14:32.0375 7156 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:14:32.0390 7156 MSPCLOCK - ok
00:14:32.0390 7156 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
00:14:32.0390 7156 MSPQM - ok
00:14:32.0437 7156 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:14:32.0437 7156 mssmbios - ok
00:14:32.0500 7156 MSSQL$SQLEXPRESS - ok
00:14:32.0546 7156 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
00:14:32.0546 7156 MSSQLServerADHelper100 - ok
00:14:32.0578 7156 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
00:14:32.0593 7156 MSTEE - ok
00:14:32.0625 7156 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
00:14:32.0640 7156 Mup - ok
00:14:32.0687 7156 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:14:32.0703 7156 NABTSFEC - ok
00:14:32.0734 7156 [ CBBBBCACE1ABDA7336410DF4AB3C74D7 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
00:14:32.0734 7156 NAL - ok
00:14:32.0781 7156 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
00:14:32.0812 7156 napagent - ok
00:14:32.0875 7156 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
00:14:32.0890 7156 NDIS - ok
00:14:32.0921 7156 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:14:32.0921 7156 NdisIP - ok
00:14:32.0968 7156 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:14:32.0968 7156 NdisTapi - ok
00:14:32.0984 7156 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:14:32.0984 7156 Ndisuio - ok
00:14:32.0984 7156 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:14:33.0000 7156 NdisWan - ok
00:14:33.0046 7156 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
00:14:33.0062 7156 NDProxy - ok
00:14:33.0093 7156 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
00:14:33.0109 7156 NetBIOS - ok
00:14:33.0109 7156 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
00:14:33.0140 7156 NetBT - ok
00:14:33.0187 7156 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
00:14:33.0203 7156 NetDDE - ok
00:14:33.0203 7156 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
00:14:33.0203 7156 NetDDEdsdm - ok
00:14:33.0250 7156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
00:14:33.0250 7156 Netlogon - ok
00:14:33.0265 7156 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
00:14:33.0265 7156 Netman - ok
00:14:33.0296 7156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:14:33.0406 7156 NetTcpPortSharing - ok
00:14:33.0406 7156 NETw5x32 - ok
00:14:33.0453 7156 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:14:33.0453 7156 NIC1394 - ok
00:14:33.0484 7156 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
00:14:33.0484 7156 Nla - ok
00:14:33.0531 7156 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\NPF.sys
00:14:33.0531 7156 NPF - ok
00:14:33.0562 7156 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
00:14:33.0562 7156 Npfs - ok
00:14:33.0593 7156 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
00:14:33.0625 7156 Ntfs - ok
00:14:33.0640 7156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
00:14:33.0640 7156 NtLmSsp - ok
00:14:33.0687 7156 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
00:14:33.0703 7156 NtmsSvc - ok
00:14:33.0765 7156 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
00:14:33.0781 7156 Null - ok
00:14:33.0984 7156 [ 0D3D6537671D6A31A58C654F82B77110 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:14:34.0203 7156 nv - ok
00:14:34.0265 7156 [ 2D2B7B3AD297C659EFA1D02852CA9860 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
00:14:34.0281 7156 NVHDA - ok
00:14:34.0312 7156 [ 87FF0B427C6645DFAF15CCD6AE7823B6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
00:14:34.0328 7156 nvsvc - ok
00:14:34.0343 7156 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:14:34.0390 7156 NwlnkFlt - ok
00:14:34.0421 7156 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:14:34.0453 7156 NwlnkFwd - ok
00:14:34.0484 7156 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:14:34.0484 7156 ohci1394 - ok
00:14:34.0546 7156 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:14:34.0578 7156 ose - ok
00:14:34.0718 7156 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:14:34.0765 7156 osppsvc - ok
00:14:34.0796 7156 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
00:14:34.0812 7156 Parport - ok
00:14:34.0828 7156 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
00:14:34.0843 7156 PartMgr - ok
00:14:34.0859 7156 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
00:14:34.0875 7156 ParVdm - ok
00:14:34.0890 7156 [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV C:\WINDOWS\system32\DRIVERS\PBADRV.sys
00:14:34.0906 7156 PBADRV - ok
00:14:34.0906 7156 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
00:14:34.0906 7156 PCI - ok
00:14:34.0921 7156 PCIDump - ok
00:14:34.0921 7156 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
00:14:34.0937 7156 PCIIde - ok
00:14:34.0937 7156 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:14:34.0953 7156 Pcmcia - ok
00:14:34.0968 7156 PDCOMP - ok
00:14:34.0968 7156 PDFRAME - ok
00:14:34.0968 7156 PDRELI - ok
00:14:34.0968 7156 PDRFRAME - ok
00:14:35.0000 7156 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
00:14:35.0031 7156 perc2 - ok
00:14:35.0046 7156 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:14:35.0046 7156 perc2hib - ok
00:14:35.0078 7156 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
00:14:35.0078 7156 PlugPlay - ok
00:14:35.0078 7156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
00:14:35.0078 7156 PolicyAgent - ok
00:14:35.0093 7156 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:14:35.0109 7156 PptpMiniport - ok
00:14:35.0109 7156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
00:14:35.0109 7156 ProtectedStorage - ok
00:14:35.0109 7156 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
00:14:35.0125 7156 PSched - ok
00:14:35.0125 7156 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:14:35.0156 7156 Ptilink - ok
00:14:35.0218 7156 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:14:35.0234 7156 PxHelp20 - ok
00:14:35.0265 7156 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:14:35.0281 7156 ql1080 - ok
00:14:35.0296 7156 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:14:35.0328 7156 Ql10wnt - ok
00:14:35.0343 7156 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:14:35.0375 7156 ql12160 - ok
00:14:35.0406 7156 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:14:35.0468 7156 ql1240 - ok
00:14:35.0484 7156 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:14:35.0500 7156 ql1280 - ok
00:14:35.0531 7156 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:14:35.0531 7156 RasAcd - ok
00:14:35.0562 7156 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
00:14:35.0593 7156 RasAuto - ok
00:14:35.0609 7156 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:14:35.0609 7156 Rasl2tp - ok
00:14:35.0640 7156 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
00:14:35.0640 7156 RasMan - ok
00:14:35.0640 7156 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:14:35.0656 7156 RasPppoe - ok
00:14:35.0656 7156 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
00:14:35.0671 7156 Raspti - ok
00:14:35.0687 7156 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:14:35.0703 7156 Rdbss - ok
00:14:35.0718 7156 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:14:35.0750 7156 RDPCDD - ok
00:14:35.0750 7156 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:14:35.0765 7156 rdpdr - ok
00:14:35.0796 7156 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
00:14:35.0796 7156 RDPWD - ok
00:14:35.0828 7156 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
00:14:35.0843 7156 RDSessMgr - ok
00:14:35.0875 7156 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
00:14:35.0890 7156 redbook - ok
00:14:35.0921 7156 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
00:14:35.0937 7156 RemoteAccess - ok
00:14:35.0984 7156 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
00:14:35.0984 7156 RemoteRegistry - ok
00:14:36.0015 7156 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
00:14:36.0031 7156 RimUsb - ok
00:14:36.0062 7156 [ 5312F15DBEB47D906DCA2E334DC4C97D ] risdpcie C:\WINDOWS\system32\DRIVERS\risdpe86.sys
00:14:36.0062 7156 risdpcie - ok
00:14:36.0093 7156 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
00:14:36.0093 7156 RpcLocator - ok
00:14:36.0140 7156 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
00:14:36.0140 7156 RpcSs - ok
00:14:36.0187 7156 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
00:14:36.0296 7156 RsFx0103 - ok
00:14:36.0328 7156 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
00:14:36.0343 7156 RSVP - ok
00:14:36.0359 7156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
00:14:36.0359 7156 SamSs - ok
00:14:36.0390 7156 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:14:36.0437 7156 SASDIFSV - ok
00:14:36.0468 7156 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:14:36.0515 7156 SASKUTIL - ok
00:14:36.0593 7156 [ BD57B12FA4C21B1CE7DA3570410BF12D ] SAVAdminService C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
00:14:36.0593 7156 SAVAdminService - ok
00:14:36.0640 7156 [ D9DF915972694B5274FACC8D00492ACD ] SAVOnAccessControl C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
00:14:36.0687 7156 SAVOnAccessControl - ok
00:14:36.0687 7156 [ 31B35CCA652A3553FA4FB99EA79C35BF ] SAVOnAccessFilter C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
00:14:36.0703 7156 SAVOnAccessFilter - ok
00:14:36.0734 7156 [ 836AEC603665F6DB83965EE57B3DCF57 ] SAVService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
00:14:36.0734 7156 SAVService - ok
00:14:36.0781 7156 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
00:14:36.0781 7156 SCardSvr - ok
00:14:36.0796 7156 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
00:14:36.0796 7156 Schedule - ok
00:14:36.0843 7156 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:14:36.0859 7156 sdbus - ok
00:14:36.0875 7156 [ A957FD57A6AE1597943E4590DE10669B ] sdcfilter C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
00:14:36.0890 7156 sdcfilter - ok
00:14:36.0968 7156 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
00:14:36.0968 7156 SeaPort - ok
00:14:37.0000 7156 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:14:37.0015 7156 Secdrv - ok
00:14:37.0015 7156 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
00:14:37.0031 7156 seclogon - ok
00:14:37.0093 7156 [ F6A6DBD275EC9EF7B573E48B3FD8D3DF ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
00:14:37.0328 7156 SecureStorageService - ok
00:14:37.0375 7156 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
00:14:37.0375 7156 SENS - ok
00:14:37.0421 7156 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
00:14:37.0421 7156 Serenum - ok
00:14:37.0437 7156 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
00:14:37.0453 7156 Serial - ok
00:14:37.0468 7156 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
00:14:37.0468 7156 Sfloppy - ok
00:14:37.0515 7156 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
00:14:37.0515 7156 SharedAccess - ok
00:14:37.0546 7156 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
00:14:37.0546 7156 ShellHWDetection - ok
00:14:37.0546 7156 Simbad - ok
00:14:37.0562 7156 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:14:37.0578 7156 sisagp - ok
00:14:37.0609 7156 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:14:37.0609 7156 SLIP - ok
00:14:37.0671 7156 [ 85DD2D3A8E67AA75D03B74DEFFE4BC87 ] Sophos Agent C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
00:14:37.0671 7156 Sophos Agent - ok
00:14:37.0765 7156 [ E4A3CFFD81B4169128F187729E137417 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
00:14:37.0765 7156 Sophos AutoUpdate Service - ok
00:14:37.0781 7156 [ FE03582DE80740D22FE428F3351ADB16 ] Sophos Message Router C:\Program Files\Sophos\Remote Management System\RouterNT.exe
00:14:37.0796 7156 Sophos Message Router - ok
00:14:37.0828 7156 [ 3BDF94E0827D13E44249A646F6C0EB7C ] SophosBootDriver C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
00:14:37.0828 7156 SophosBootDriver - ok
00:14:37.0875 7156 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:14:37.0890 7156 Sparrow - ok
00:14:37.0921 7156 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
00:14:37.0921 7156 splitter - ok
00:14:37.0953 7156 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
00:14:37.0968 7156 Spooler - ok
00:14:38.0000 7156 [ D494597E8C665F2D515D9D24FA9616EF ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
00:14:38.0031 7156 SQLAgent$SQLEXPRESS - ok
00:14:38.0093 7156 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:14:38.0156 7156 SQLBrowser - ok
00:14:38.0187 7156 [ 997BC62F49D0D84214FE887F09197D41 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:14:38.0187 7156 SQLWriter - ok
00:14:38.0203 7156 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
00:14:38.0218 7156 sr - ok
00:14:38.0234 7156 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
00:14:38.0234 7156 srservice - ok
00:14:38.0250 7156 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
00:14:38.0265 7156 Srv - ok
00:14:38.0281 7156 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
00:14:38.0281 7156 SSDPSRV - ok
00:14:38.0343 7156 [ 90F4AB6DEDE1D075FC9656675D95C03B ] STacSV c:\drivers\audio\r255264\payload\wdm\stacsv.exe
00:14:38.0343 7156 STacSV - ok
00:14:38.0390 7156 [ A5B83C8050572622E5C43B5B3326A129 ] stdflt C:\WINDOWS\system32\DRIVERS\stdfltn.sys
00:14:38.0406 7156 stdflt - ok
00:14:38.0484 7156 [ 391D03926371E2A14775AD3005BFED3B ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
00:14:38.0843 7156 STHDA - ok
00:14:38.0875 7156 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
00:14:38.0875 7156 stisvc - ok
00:14:38.0921 7156 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
00:14:38.0937 7156 stllssvr - ok
00:14:38.0968 7156 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:14:38.0968 7156 streamip - ok
00:14:39.0000 7156 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
00:14:39.0015 7156 swenum - ok
00:14:39.0078 7156 [ AB22D10457BB1B8BB587C61AF03F909F ] swi_service C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
00:14:39.0078 7156 swi_service - ok
00:14:39.0093 7156 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
00:14:39.0109 7156 swmidi - ok
00:14:39.0109 7156 SwPrv - ok
00:14:39.0125 7156 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
00:14:39.0156 7156 symc810 - ok
00:14:39.0203 7156 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:14:39.0234 7156 symc8xx - ok
00:14:39.0234 7156 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:14:39.0281 7156 sym_hi - ok
00:14:39.0281 7156 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:14:39.0312 7156 sym_u3 - ok
00:14:39.0328 7156 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
00:14:39.0328 7156 sysaudio - ok
00:14:39.0375 7156 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
00:14:39.0390 7156 SysmonLog - ok
00:14:39.0406 7156 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
00:14:39.0421 7156 TapiSrv - ok
00:14:39.0453 7156 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:14:39.0484 7156 Tcpip - ok
00:14:39.0562 7156 [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
00:14:39.0562 7156 tcsd_win32.exe - ok
00:14:39.0640 7156 [ 55FF1B851D685C928807DFA84529BE9F ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
00:14:39.0640 7156 TdmService - ok
00:14:39.0671 7156 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
00:14:39.0671 7156 TDPIPE - ok
00:14:39.0718 7156 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
00:14:39.0718 7156 TDTCP - ok
00:14:39.0734 7156 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
00:14:39.0750 7156 TermDD - ok
00:14:39.0765 7156 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
00:14:39.0781 7156 TermService - ok
00:14:39.0796 7156 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
00:14:39.0796 7156 Themes - ok
00:14:39.0828 7156 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
00:14:39.0921 7156 TlntSvr - ok
00:14:39.0937 7156 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
00:14:39.0953 7156 TosIde - ok
00:14:39.0953 7156 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
00:14:39.0968 7156 TrkWks - ok
00:14:40.0000 7156 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
00:14:40.0000 7156 Udfs - ok
00:14:40.0015 7156 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
00:14:40.0078 7156 ultra - ok
00:14:40.0171 7156 [ C6C3B5AB7D807C1A97B1E95FED1AB90D ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:14:40.0187 7156 UNS - ok
00:14:40.0250 7156 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
00:14:40.0265 7156 Update - ok
00:14:40.0312 7156 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
00:14:40.0343 7156 upnphost - ok
00:14:40.0359 7156 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
00:14:40.0375 7156 UPS - ok
00:14:40.0390 7156 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:14:40.0406 7156 usbccgp - ok
00:14:40.0437 7156 [ 2825E0E294686A26506690059E1F437A ] USBCCID C:\WINDOWS\system32\DRIVERS\usbccid.sys
00:14:40.0453 7156 USBCCID - ok
00:14:40.0500 7156 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:14:40.0500 7156 usbehci - ok
00:14:40.0515 7156 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:14:40.0515 7156 usbhub - ok
00:14:40.0546 7156 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:14:40.0562 7156 usbscan - ok
00:14:40.0593 7156 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:14:40.0593 7156 USBSTOR - ok
00:14:40.0640 7156 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:14:40.0640 7156 usbuhci - ok
00:14:40.0671 7156 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
00:14:40.0687 7156 usbvideo - ok
00:14:40.0703 7156 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
00:14:40.0718 7156 VgaSave - ok
00:14:40.0734 7156 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:14:40.0750 7156 viaagp - ok
00:14:40.0765 7156 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
00:14:40.0765 7156 ViaIde - ok
00:14:40.0796 7156 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
00:14:40.0812 7156 VolSnap - ok
00:14:40.0843 7156 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
00:14:40.0875 7156 VSS - ok
00:14:40.0906 7156 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
00:14:40.0906 7156 w32time - ok
00:14:40.0906 7156 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:14:40.0921 7156 Wanarp - ok
00:14:40.0953 7156 [ D73243D8E1E2AC059DB249D12B1D1D8E ] WavxDMgr C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
00:14:40.0968 7156 WavxDMgr - ok
00:14:41.0015 7156 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
00:14:41.0031 7156 Wdf01000 - ok
00:14:41.0031 7156 WDICA - ok
00:14:41.0046 7156 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
00:14:41.0046 7156 wdmaud - ok
00:14:41.0093 7156 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
00:14:41.0093 7156 WebClient - ok
00:14:41.0187 7156 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
00:14:41.0187 7156 winmgmt - ok
00:14:41.0250 7156 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
00:14:41.0312 7156 WinRM - ok
00:14:41.0437 7156 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:14:41.0437 7156 wlidsvc - ok
00:14:41.0484 7156 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
00:14:41.0500 7156 WmdmPmSN - ok
00:14:41.0578 7156 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
00:14:41.0578 7156 Wmi - ok
00:14:41.0625 7156 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:14:41.0625 7156 WmiAcpi - ok
00:14:41.0656 7156 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:14:41.0687 7156 WmiApSrv - ok
00:14:41.0765 7156 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
00:14:41.0843 7156 WMPNetworkSvc - ok
00:14:41.0890 7156 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:14:41.0968 7156 WPFFontCache_v0400 - ok
00:14:41.0984 7156 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:14:41.0984 7156 WS2IFSL - ok
00:14:42.0015 7156 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
00:14:42.0031 7156 wscsvc - ok
00:14:42.0031 7156 WSearch - ok
00:14:42.0046 7156 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:14:42.0062 7156 WSTCODEC - ok
00:14:42.0078 7156 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
00:14:42.0078 7156 wuauserv - ok
00:14:42.0109 7156 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:14:42.0125 7156 WudfPf - ok
00:14:42.0140 7156 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:14:42.0156 7156 WudfRd - ok
00:14:42.0156 7156 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
00:14:42.0171 7156 WudfSvc - ok
00:14:42.0203 7156 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
00:14:42.0218 7156 WZCSVC - ok
00:14:42.0234 7156 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
00:14:42.0250 7156 xmlprov - ok
00:14:42.0328 7156 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:14:42.0343 7156 YahooAUService - ok
00:14:42.0359 7156 ================ Scan global ===============================
00:14:42.0406 7156 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
00:14:42.0421 7156 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
00:14:42.0437 7156 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
00:14:42.0468 7156 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
00:14:42.0468 7156 [Global] - ok
00:14:42.0468 7156 ================ Scan MBR ==================================
00:14:42.0484 7156 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
00:14:42.0796 7156 \Device\Harddisk0\DR0 - ok
00:14:42.0796 7156 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR4
00:14:42.0796 7156 \Device\Harddisk1\DR4 - ok
00:14:42.0796 7156 ================ Scan VBR ==================================
00:14:42.0796 7156 [ 4BA5950EBEF2D0609F42A98EEF0F466C ] \Device\Harddisk0\DR0\Partition1
00:14:42.0796 7156 \Device\Harddisk0\DR0\Partition1 - ok
00:14:42.0828 7156 [ EDAEE3FB0252396493D75DDA401B0368 ] \Device\Harddisk0\DR0\Partition2
00:14:42.0828 7156 \Device\Harddisk0\DR0\Partition2 - ok
00:14:42.0828 7156 [ 217C98F258F9135A876C4987DBA98679 ] \Device\Harddisk1\DR4\Partition1
00:14:42.0828 7156 \Device\Harddisk1\DR4\Partition1 - ok
00:14:42.0828 7156 ============================================================
00:14:42.0828 7156 Scan finished
00:14:42.0828 7156 ============================================================
00:14:42.0843 4432 Detected object count: 2
00:14:42.0843 4432 Actual detected object count: 2
00:15:10.0546 4432 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
00:15:10.0796 4432 Backup copy found, using it..
00:15:10.0859 4432 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
00:15:10.0859 4432 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
00:15:10.0906 4432 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
00:15:11.0593 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\@ - copied to quarantine
00:15:11.0593 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\bckfg.tmp - copied to quarantine
00:15:11.0593 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\cfg.ini - copied to quarantine
00:15:11.0609 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\Desktop.ini - copied to quarantine
00:15:11.0609 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\keywords - copied to quarantine
00:15:11.0625 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\kwrd.dll - copied to quarantine
00:15:11.0703 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\L\rohepcid - copied to quarantine
00:15:11.0703 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\lsflt7.ver - copied to quarantine
00:15:11.0734 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
00:15:11.0812 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
00:15:11.0828 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
00:15:11.0843 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
00:15:11.0859 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
00:15:11.0859 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
00:15:12.0281 4432 Backup copy found, using it..
00:15:12.0359 4432 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\@ - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\bckfg.tmp - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\cfg.ini - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\Desktop.ini - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\keywords - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\kwrd.dll - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\lsflt7.ver - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2857733078 - will be deleted on reboot
00:15:12.0406 4432 MRxSmb ( Virus.Win32.ZAccess.h ) - User select action: Cure
00:15:15.0453 4560 Deinitialize success






00:18:03.0781 3024 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
00:18:04.0875 3024 ============================================================
00:18:04.0875 3024 Current date / time: 2013/02/03 00:18:04.0875
00:18:04.0875 3024 SystemInfo:
00:18:04.0875 3024
00:18:04.0875 3024 OS Version: 5.1.2600 ServicePack: 3.0
00:18:04.0875 3024 Product type: Workstation
00:18:04.0875 3024 ComputerName: E6410-STULOAN43
00:18:04.0875 3024 UserName: Administrator
00:18:04.0875 3024 Windows directory: C:\WINDOWS
00:18:04.0875 3024 System windows directory: C:\WINDOWS
00:18:04.0875 3024 Processor architecture: Intel x86
00:18:04.0875 3024 Number of processors: 4
00:18:04.0875 3024 Page size: 0x1000
00:18:04.0875 3024 Boot type: Normal boot
00:18:04.0875 3024 ============================================================
00:18:10.0765 3024 BG loaded
00:18:15.0625 3024 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:18:15.0640 3024 Drive \Device\Harddisk1\DR4 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:18:15.0640 3024 ============================================================
00:18:15.0640 3024 \Device\Harddisk0\DR0:
00:18:15.0640 3024 MBR partitions:
00:18:15.0640 3024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x90FC000
00:18:15.0656 3024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x91128BD, BlocksNum 0x3FBC04
00:18:15.0656 3024 \Device\Harddisk1\DR4:
00:18:15.0656 3024 MBR partitions:
00:18:15.0656 3024 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080
00:18:15.0656 3024 ============================================================
00:18:15.0750 3024 C: <-> \Device\Harddisk0\DR0\Partition1
00:18:15.0781 3024 D: <-> \Device\Harddisk0\DR0\Partition2
00:18:15.0781 3024 ============================================================
00:18:15.0781 3024 Initialize success
00:18:15.0781 3024 ============================================================
00:22:14.0531 2876 Deinitialize success
 

adisx06x

Thread Starter
Joined
Mar 1, 2012
Messages
77
PS: There is so much wrong here...The mouse started going crazy then it suddenly was good again...now some other random keys stopped working, im using the virtual keyboard for the few keys that don't work...I'm starting to think factory restore is the best way to go as I must give this laptop back to my friend soon...
btw i haven't done anything you haven't instructed me to do...using combofix and those other tools i used before u started helping me, before i got to log in to the computer back when i couldn't log in cause of the "keys going bad"... thx for all your time really appreciated :)
 
Joined
May 7, 2011
Messages
14,142
The system was badly infected, please read the information below. We can continue to clean the machine if you wish but there may be some file damage that could be time consuming to repair so a clean install may be the quickest solution and it will guarantee the system is clean.


IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system


Backdoors and What They Mean to You
 

adisx06x

Thread Starter
Joined
Mar 1, 2012
Messages
77
Yes I think it is better to do a clean install on the computer...what is the next step...I hope it has its own partition so I don't have to worry about disks
 
Joined
May 7, 2011
Messages
14,142
First thing is to check the owner of the PC has backed up all there important data, when the system is re-installed it will delete everything on the hard drive.

As far as I can see from the logs there is no Recovery partition, but as the OS was installed in 2010 the owner must have the OEM Recovery discs or they will have there own copy of XP unless it was purchased second hand with the OS already installed.
 

adisx06x

Thread Starter
Joined
Mar 1, 2012
Messages
77
hey Mark, I just wanted to say that I installed a Windows 7 trial on the laptop....everything seemed fine after the installation it was all fixed (except the keys that randomly stopped working on the keyboard which is weird). I believe the owner is going to invest on a copy of windows before the trial ends they just wanted things to be clean for now...There isn't much now thx a lot, couldn't have done it with out your help.
 
Joined
May 7, 2011
Messages
14,142
You're most welcome, if those keys play up again they may also need a new keyboard.

If the PC has a licence sticker on it with the product key they should be able to save a chunk of money by purchasing Recovery Discs from the manufacturer.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top