1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Is Laptop Completely Clean

Discussion in 'Virus & Other Malware Removal' started by adisx06x, Feb 3, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. adisx06x

    adisx06x Thread Starter

    Joined:
    Mar 1, 2012
    Messages:
    77
    So I was cleaning my friends laptop because it had a blue screen every time you turned on the computer. I ran several scans on it with malwarebytes antimalware, super anitspyware, and tds killer. The computer no longer has the blue screen when turned on and I installed security essentials on it...I need help knowing if the laptop is good to go now because I still get some infected files (don't know if thats because of maybe conflicting anti-viruses) any way here is the hijackthis file...

    ps: currently running ESET Online Scanner so far 2 infected files...again don't know if thats because of conflicting programs...

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:14:43 PM, on 2/3/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\drivers\audio\r255264\payload\wdm\stacsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
    C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe

    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Qualcomm Gobi 2000 Download Service (Dell) (QDLService2kDell) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r255264\payload\wdm\stacsv.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 7124 bytes
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The HJT log you have posted is incomplete. Please go Here and follow the instructions to run DDS, then Copy and Paste both the logs into your next reply.

    Conflicting Anti Virus programs will not cause detections. I can see in the log Microsoft Security Essentials, but no sign of any other Anti Virus so not sure what you are referring to. If you have any other Anti Virus program on the system it should be uninstalled, Malwarebytes and SuperAntiSpyware will not cause conflicts and should be kept.

    Please post full details of what Eset finds and post the logs from TDSSKiller and Malwarebytes so we can see what you have removed. The TDSSKiller logs will be found on your C: drive and the Mbam logs can be found under the logs tab on the main window when you open the program.
     
  3. adisx06x

    adisx06x Thread Starter

    Joined:
    Mar 1, 2012
    Messages:
    77
    man i can't seem to get out of one :/...I was running a scan and the laptop rebooted and for some reason now the keys "a" "q" "z" and the number "1" key don't work...i need "a" and "1" to enter the password and login...is there anyway i can access windows virtual keyboard from login screen on an XP so I can worry about trying to fix those keys later and get to the malware for now...sorry for this mess, seems like it happened out of nowhere
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Sounds like the keyboard has developed a fault considering those keys are all in line with each other. As far as I know you cannot switch on the virtual keyboard until you have reached the desktop, the only way I can think of getting around the problem is to use a USB keyboard borrowed from a desktop PC, just plug it in and reboot.

    If you manage to get in using another keyboard change the password to blank so you don't have to enter it, just in case it happens again.
     
  5. adisx06x

    adisx06x Thread Starter

    Joined:
    Mar 1, 2012
    Messages:
    77
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:47:13 PM, on 2/4/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\drivers\audio\r255264\payload\wdm\stacsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\utilman.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis (1).exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
    R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
    O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [DellBtrEvent] D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.dell.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1274789308000
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://172.17.144.27/activex/AMC.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spc.edu
    O17 - HKLM\Software\..\Telephony: DomainName = spc.edu
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spc.edu
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Qualcomm Gobi 2000 Download Service (Dell) (QDLService2kDell) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r255264\payload\wdm\stacsv.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 16309 bytes







    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 20:48:39 on 2013-02-04
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2223 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\nvsvc32.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\drivers\audio\r255264\payload\wdm\stacsv.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\locator.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\utilman.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis (1).exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k eapsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k dot3svc
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [DellBtrEvent] d:\program files\dell\reader 2.0\DellBtrEvent.exe
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
    mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: legalnoticecaption = Saint Peter's College
    mPolicies-System: legalnoticetext = Users of this system have no explicit or implicit expectation of privacy. In using this computer system, Saint Peter’s College (SPC) employees agree to comply with Saint Peter’s College Network Policy, Email Policy, and Acceptable Use Policy . These policies can be viewed on the St. Peter’s ITS website at http://www.spc.edu/pages/1607.asp.
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: dell.com
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274789308000
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://172.17.144.27/activex/AMC.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 167.206.245.129 167.206.245.130 192.168.1.1
    TCP: Interfaces\{C9743D04-8E06-414C-BB29-539DBB338493} : DHCPNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Authentication Packages = msv1_0 wvauth
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-5-12 17072]
    R1 DVMIO;DVMIO;d:\program files\dell\reader 2.0\dvmio.sys [2009-7-10 16984]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-12-17 812448]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-12-17 27040]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 376608]
    R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.0\DVMExportService.exe [2009-8-3 327680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-5-12 13336]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-2 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-2 682344]
    R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files\qualcomm\qdlservice2k\QDLService2kDell.exe [2010-6-25 331512]
    R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-5-12 59904]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-11-9 2533400]
    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-5-12 42672]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-5-12 113664]
    R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-8-2 134144]
    R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-5-12 33832]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-5-12 167080]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-12 132352]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-2 21104]
    R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\Netwxn00.sys [2013-2-3 10281088]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-5-12 60928]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-8-2 144576]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-5-12 215040]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-9-17 370008]
    .
    =============== Created Last 30 ================
    .
    2013-02-05 01:34:37 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{69cc2899-b5a4-4928-a6bb-217a789389b5}\mpengine.dll
    2013-02-04 02:06:05 -------- d-sha-r- C:\cmdcons
    2013-02-04 02:04:08 98816 ----a-w- c:\windows\sed.exe
    2013-02-04 02:04:08 256000 ----a-w- c:\windows\PEV.exe
    2013-02-04 02:04:08 208896 ----a-w- c:\windows\MBR.exe
    2013-02-03 23:19:37 -------- d-----w- c:\windows\pss
    2013-02-03 23:04:51 -------- d-----w- c:\documents and settings\administrator\application data\addpcs
    2013-02-03 23:04:05 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Coupon Companion
    2013-02-03 23:04:00 -------- d-----w- c:\program files\Coupon Companion
    2013-02-03 23:03:54 -------- d-----w- c:\program files\Temp File Cleaner
    2013-02-03 23:02:20 6991832 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-02-03 23:02:20 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-02-03 23:00:31 -------- d-----w- c:\program files\Microsoft Security Client
    2013-02-03 22:47:06 -------- d-----w- C:\708c2f746dd075b804
    2013-02-03 22:40:22 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Google
    2013-02-03 22:36:07 3389712 ----a-w- c:\windows\system32\Netwrn00.dll
    2013-02-03 22:36:07 10281088 ----a-w- c:\windows\system32\drivers\Netwxn00.sys
    2013-02-03 22:36:06 743696 ----a-w- c:\windows\system32\Netwcn00.dll
    2013-02-03 22:35:39 -------- d-----w- c:\program files\common files\Intel
    2013-02-03 20:26:50 -------- d-----w- c:\program files\SystemRequirementsLab
    2013-02-03 20:23:04 125922032 ----a-w- c:\documents and settings\administrator\application data\Network_Driver_M43X5_WN_5.100.235.12_A37.EXE
    2013-02-03 20:19:39 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
    2013-02-03 20:09:10 -------- d-----w- c:\program files\QUALCOMM
    2013-02-03 20:09:10 -------- d-----w- c:\documents and settings\all users\application data\QUALCOMM
    2013-02-03 20:08:38 -------- d-----w- c:\windows\Dell
    2013-02-03 19:53:06 -------- d-----w- c:\documents and settings\administrator\application data\Dell
    2013-02-03 05:15:10 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-02-03 04:37:40 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
    2013-02-03 04:37:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2013-02-03 04:37:31 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-03 04:37:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-02-03 04:07:44 -------- d-----w- c:\documents and settings\administrator\application data\SUPERAntiSpyware.com
    2013-02-03 04:07:39 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-02-03 04:07:39 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    .
    ==================== Find3M ====================
    .
    2013-02-03 05:16:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2013-02-03 05:16:43 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
    .
    ============= FINISH: 20:48:49.56 ===============






    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/20/2010 1:51:10 PM
    System Uptime: 2/4/2013 8:23:17 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0K42JR
    Processor: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz | CPU 1 | 2659/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 72 GiB total, 44.322 GiB free.
    D: is FIXED (FAT32) - 2 GiB total, 1.897 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP76: 10/4/2011 10:36:24 PM - System Checkpoint
    RP77: 10/6/2011 2:10:56 PM - System Checkpoint
    RP78: 10/8/2011 4:27:18 PM - System Checkpoint
    RP79: 10/9/2011 6:12:20 PM - System Checkpoint
    RP80: 10/10/2011 10:02:09 PM - System Checkpoint
    RP81: 10/13/2011 1:06:03 PM - System Checkpoint
    RP82: 10/20/2011 9:29:43 AM - System Checkpoint
    RP83: 10/23/2011 9:55:44 AM - System Checkpoint
    RP84: 10/26/2011 10:24:43 AM - System Checkpoint
    RP85: 10/31/2011 11:12:18 AM - System Checkpoint
    RP86: 11/2/2011 2:09:32 PM - Removed NetAssistant
    RP87: 11/3/2011 6:58:53 PM - System Checkpoint
    RP88: 11/11/2011 10:52:30 PM - Restore Operation
    RP89: 11/14/2011 3:37:52 PM - System Checkpoint
    RP90: 1/31/2013 3:16:23 AM - Restore Operation
    RP91: 1/31/2013 3:22:45 AM - Restore Operation
    RP92: 2/2/2013 10:17:30 PM - Restore Operation
    RP93: 2/3/2013 12:09:18 AM - Removed Intel(R) PROSet/Wireless WiFi Software.
    RP94: 2/3/2013 3:09:07 PM - Installed Qualcomm Gobi 2000 Package for Dell
    RP95: 2/3/2013 5:35:30 PM - Installed Intel(R) PROSet/Wireless WiFi Software.
    RP96: 2/3/2013 5:49:51 PM - Removed Sophos Anti-Virus
    RP97: 2/3/2013 5:53:03 PM - Removed Sophos AutoUpdate
    RP98: 2/3/2013 5:53:50 PM - Removed Sophos Remote Management System
    RP99: 2/3/2013 6:03:38 PM - Software Distribution Service 3.0
    RP100: 2/3/2013 6:25:48 PM - Installed Kaspersky Security Scan.
    RP101: 2/3/2013 6:45:04 PM - First Restore Point
    RP102: 2/4/2013 8:34:34 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    AccelerometerP11
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.6
    AXIS Camera Management 2.00
    AXIS Media Control Embedded
    BioAPI Framework
    Compatibility Pack for the 2007 Office system
    Coupon Companion
    Crystal Reports for Visual Studio
    DCP32MMWrapper
    Definition update for Microsoft Office 2010 (KB982726)
    Dell Control Point
    Dell ControlPoint Security Manager
    Dell ControlPoint System Manager
    Dell ControlVault Host Components Installer
    Dell Embassy Trust Suite by Wave Systems
    Dell Security Device Driver Pack
    Dell Touchpad
    Dell Webcam Central
    Document Manager Lite
    Dotfuscator Software Services - Community Edition
    EMBASSY Security Center
    EMBASSY Security Setup
    ESC Home Page Plugin
    Gemalto
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2455033)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB958655-v2)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB967048-v2)
    Hotfix for Windows XP (KB968764)
    Hotfix for Windows XP (KB969084)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    IBM SPSS Statistics 19
    Intel PROSet Wireless
    Intel(R) Management Engine Components
    Intel(R) Network Connections 14.8.43.0
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 7
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Help Viewer 1.0
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Software Update for Web Folders (English) 14
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Runtime v1.0 SP1 (x86)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Sync Framework Services v1.0 SP1 (x86)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Office Developer Tools (x86)
    Microsoft Visual Studio 2010 Professional - ENU
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    Microsoft Visual Studio Macro Tools
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6.0 Parser (KB927977)
    NOOK Study
    NTRU TCG Software Stack
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PopCap Browser Plugin
    PowerDVD DX
    Preboot Manager
    Private Information Manager
    Qualcomm Gobi 2000 Package for Dell
    Reader 2.0
    RICOH Media Driver ver.2.11.01.02
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2251489)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2483614)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Wizards
    Segoe UI
    Service Pack 2 for SQL Server 2008 (KB2285068)
    SO32MMWrapper
    Sql Server Customer Experience Improvement Program
    SUPERAntiSpyware
    System Requirements Lab for Intel
    Temp File Cleaner
    Trusted Drive Manager
    tsp patch
    UI Desktop 2.2.0
    UI Desktop 2.3.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (KB982305)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    UPEK TouchChip Fingerprint Reader
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Wave Infrastructure Installer
    Wave Support Software
    Web Deployment Tool
    WebFldrs XP
    WIDCOMM Bluetooth Software
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows Search 4.0
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Software Update
    Yahoo! Toolbar
    Yontoo Layers Runtime 1.10.01
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/4/2013 12:11:01 AM, error: PlugPlayManager [11] - The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.
    2/3/2013 9:08:16 PM, error: Service Control Manager [7034] - The FF Install Filter Service service terminated unexpectedly. It has done this 1 time(s).
    2/3/2013 7:46:08 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:WinNT/Sirefef.J&threatid=2147651153 Name: Trojan:WinNT/Sirefef.J ID: 2147651153 Severity: Severe Category: Trojan Path: file:_C:\TDSSKiller_Quarantine\03.02.2013_00.13.59\rtkt0001\svc0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator. Signature Version: AV: 1.143.1458.0, AS: 1.143.1458.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.9103.0, NIS: 0.0.0.0
    2/3/2013 6:01:32 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80244015 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    2/3/2013 12:18:47 AM, error: Service Control Manager [7024] - The SQL Server (SQLEXPRESS) service terminated with service-specific error 1814 (0x716).
    2/3/2013 12:04:47 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    2/2/2013 9:58:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DVMIO Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVOnAccessControl SAVOnAccessFilter Tcpip
    2/2/2013 9:58:56 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2/2/2013 9:58:56 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/2/2013 9:58:56 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/2/2013 9:58:56 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    2/2/2013 11:53:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Pcmcia
    2/2/2013 11:51:51 PM, error: NETLOGON [5719] - No Domain Controller is available for domain SPC due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    2/2/2013 11:51:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    2/2/2013 11:50:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/2/2013 11:38:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2/2/2013 11:34:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2/2/2013 11:28:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DVMIO Fips intelppm SASDIFSV SASKUTIL SAVOnAccessControl SAVOnAccessFilter
    2/2/2013 11:27:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2/2/2013 10:57:55 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DVMIO Fips intelppm SAVOnAccessControl SAVOnAccessFilter
    1/31/2013 4:53:34 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/31/2013 4:43:09 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/31/2013 4:13:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/30/2013 1:32:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {B20E899D-B079-479D-A4DC-10F758D9CD9A}
    .
    ==== End Of File ===========================
     
  6. adisx06x

    adisx06x Thread Starter

    Joined:
    Mar 1, 2012
    Messages:
    77
    Before you had replied to me i had ran a combofix it left a log and this is the log if im not mistaken! When I finally booted up to the computer all the keys worked again!!! It had to be combofix in my opinion. When I ran combofix to log in those keys were dead like i posted earlier and when i finally got to log in they were fine again.



    ComboFix 13-02-03.03 - Administrator 02/04/2013 0:01.2.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2516 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\My Documents\Downloads\Jaguar.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\data\default\us_sres.data
    C:\install.exe
    c:\program files\LP
    c:\program files\LP\9700\13.tmp
    c:\program files\LP\9700\14.tmp
    c:\program files\LP\9700\18.tmp
    c:\program files\LP\9700\1A.tmp
    c:\program files\LP\9700\1B.tmp
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\OLD12.tmp
    c:\windows\system32\OLD15.tmp
    c:\windows\system32\Packet.dll
    c:\windows\system32\test
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-03 23:04 . 2013-02-03 23:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\addpcs
    2013-02-03 23:04 . 2013-02-03 23:24 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Coupon Companion
    2013-02-03 23:04 . 2013-02-03 23:04 -------- d-----w- c:\program files\Coupon Companion
    2013-02-03 23:03 . 2013-02-03 23:03 -------- d-----w- c:\program files\Temp File Cleaner
    2013-02-03 23:02 . 2013-01-30 10:53 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-02-03 23:02 . 2013-01-18 17:17 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00441AFD-6730-4450-B677-993DC2D98007}\mpengine.dll
    2013-02-03 23:00 . 2013-02-03 23:00 -------- d-----w- c:\program files\Microsoft Security Client
    2013-02-03 22:47 . 2013-02-03 22:54 -------- d-----w- C:\708c2f746dd075b804
    2013-02-03 22:40 . 2013-02-03 22:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
    2013-02-03 22:40 . 2013-02-03 22:41 -------- d-----w- c:\program files\Google
    2013-02-03 22:36 . 2012-09-30 16:14 10281088 ----a-w- c:\windows\system32\drivers\Netwxn00.sys
    2013-02-03 22:36 . 2012-02-17 05:34 3389712 ----a-w- c:\windows\system32\Netwrn00.dll
    2013-02-03 22:36 . 2012-02-17 05:34 743696 ----a-w- c:\windows\system32\Netwcn00.dll
    2013-02-03 22:35 . 2013-02-03 22:35 -------- d-----w- c:\program files\Common Files\Intel
    2013-02-03 20:26 . 2013-02-03 20:26 -------- d-----w- c:\program files\SystemRequirementsLab
    2013-02-03 20:23 . 2013-02-03 20:27 125922032 ----a-w- c:\documents and settings\Administrator\Application Data\Network_Driver_M43X5_WN_5.100.235.12_A37.EXE
    2013-02-03 20:19 . 2013-02-03 22:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment
    2013-02-03 20:09 . 2013-02-03 20:09 -------- d-----w- c:\program files\QUALCOMM
    2013-02-03 20:09 . 2013-02-03 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\QUALCOMM
    2013-02-03 20:08 . 2013-02-03 20:08 -------- d-----w- c:\windows\Dell
    2013-02-03 19:53 . 2013-02-03 19:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Dell
    2013-02-03 05:15 . 2013-02-03 05:15 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-02-03 04:37 . 2013-02-03 04:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2013-02-03 04:37 . 2013-02-03 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2013-02-03 04:37 . 2013-02-03 04:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-02-03 04:37 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-03 04:07 . 2013-02-03 04:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2013-02-03 04:07 . 2013-02-03 04:07 -------- d-----w- c:\program files\SUPERAntiSpyware
    2013-02-03 04:07 . 2013-02-03 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-05 01:25 . 2010-05-12 16:11 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
    2013-02-03 05:16 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2013-02-03 05:16 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-06-04 214840]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 292208]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-14 495711]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2010-01-14 737280]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-02 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-02 144920]
    "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-01-15 284696]
    "DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
    "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-14 158592]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-14 34232]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
    "DellBtrEvent"="d:\program files\Dell\Reader 2.0\DellBtrEvent.exe" [2009-08-26 147456]
    "nwiz"="nwiz.exe" [2010-04-17 1657448]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-17 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-17 13803520]
    "NVHotkey"="nvHotkey.dll" [2010-04-17 86016]
    "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
    "IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-07-09 112152]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2012-04-25 1407248]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-04-25 1210640]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
    .
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-2-25 636256]
    Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-12-10 1338144]
    TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-951548198-541532591-617630493-11571\Scripts\Logon\0\0]
    "Script"=SPCDrives.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-951548198-541532591-617630493-19843\Scripts\Logon\0\0]
    "Script"=SPCDrives.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\Program Files\\Barnes & Noble\\NOOKstudy\\NOOKStudy.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [5/12/2010 11:01 AM 17072]
    R1 DVMIO;DVMIO;d:\program files\Dell\Reader 2.0\dvmio.sys [7/10/2009 3:12 PM 16984]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [11/20/2009 5:42 PM 278304]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [12/17/2009 10:45 AM 812448]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [12/17/2009 10:45 AM 27040]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [12/10/2009 1:09 PM 376608]
    R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.0\DVMExportService.exe [8/3/2009 2:35 PM 327680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [5/12/2010 11:00 AM 13336]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/2/2013 11:37 PM 398184]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/2/2013 11:37 PM 682344]
    R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files\QUALCOMM\QDLService2k\QDLService2kDell.exe [6/25/2010 11:54 AM 331512]
    R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [5/12/2010 1:44 PM 59904]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [11/9/2010 2:04 PM 2533400]
    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [5/12/2010 11:01 AM 42672]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/12/2010 1:44 PM 113664]
    R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [8/2/2010 2:51 PM 134144]
    R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [5/12/2010 1:44 PM 33832]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [5/12/2010 1:44 PM 167080]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [5/12/2010 1:44 PM 132352]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/2/2013 11:37 PM 21104]
    R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\Netwxn00.sys [2/3/2013 5:36 PM 10281088]
    S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [5/12/2010 11:01 AM 60928]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [8/2/2010 2:51 PM 144576]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [5/12/2010 1:44 PM 215040]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 10:08 PM 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 2:09 AM 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [9/17/2010 9:14 AM 370008]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-03 22:41 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 22:40]
    .
    2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-02-03 22:40]
    .
    2013-02-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
    .
    2013-02-04 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
    .
    2013-02-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 3924ce28-1fd3-4019-9648-379090d45ea6.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2013-02-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 85c1ba20-3a6d-4689-8725-64cc2cf0154f.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2013-02-05 c:\windows\Tasks\User_Feed_Synchronization-{22C88B02-DF79-450A-9D05-58DA1AC2C680}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 167.206.245.129 167.206.245.130 192.168.1.1
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://172.17.144.27/activex/AMC.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-57430312.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-04 20:25
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3232935390-2093100799-4264996292-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,d0,c3,69,2d,14,93,4e,af,19,9a,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4b,d0,c3,69,2d,14,93,4e,af,19,9a,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(1008)
    c:\windows\system32\wvauth.dll
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(5144)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    c:\progra~1\MI1933~1\Office14\1033\GrooveIntlResource.dll
    c:\windows\system32\btmmhook.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\Intel\WiFi\bin\WLKeeper.exe
    c:\drivers\audio\r255264\payload\wdm\stacsv.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\windows\system32\locator.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\utilman.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\DellTPad\Apntex.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2013-02-04 20:31:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-02-05 01:31
    .
    Pre-Run: 47,827,156,992 bytes free
    Post-Run: 47,797,768,192 bytes free
    .
    - - End Of File - - 149308806CA26E2E491E735E658D1729
     
  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Combofix should not be run without guidance:

    Glad to hear the problem with the keyboard is fixed, but please don't run any other scans unless instructed. You have saved Combofix in the wrong location, it needs to be moved to the desktop.

    Please post the other logs I asked for in post 2.
     
  8. adisx06x

    adisx06x Thread Starter

    Joined:
    Mar 1, 2012
    Messages:
    77
    here is all the logs on the malwarebytes in order

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2012.12.14.11

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Administrator :: E6410-STULOAN43 [administrator]

    Protection: Disabled

    2/2/2013 11:38:23 PM
    mbam-log-2013-02-02 (23-38-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 294602
    Time elapsed: 10 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 15
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Detected: 5
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DsQJ7dEK8RqYwUr (Trojan.Dropper.PE4) -> Data: C:\Documents and Settings\Administrator\Application Data\dwme.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MozillaAgent (Trojan.Agent) -> Data: C:\WINDOWS\Temp\_ex-68.exe -> Quarantined and deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:53758 -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vTZqjYCwkVzNx0v8234A (Trojan.FakeAlert.CLGen) -> Data: C:\WINDOWS\system32\AV Security 2012v121.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|4D7.exe (Backdoor.CycBot) -> Data: C:\Program Files\LP\9700\4D7.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 16
    C:\Documents and Settings\Administrator\Application Data\dwme.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\_ex-68.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\0ED23\241B9.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\0ED23\3ACE9.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\0ED23\69289.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\0ED23\72059.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\0ED23\9F329.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\0ED23\A8C09.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\0ED23\B6949.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\0ED23\C3CC9.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\0ED23\E41D9.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\0ED23\FCF39.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temp\dwme.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\5689.sys (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\ypphiq\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.

    (end)


    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2012.12.14.11

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: E6410-STULOAN43 [administrator]

    Protection: Enabled

    2/3/2013 3:43:51 PM
    mbam-log-2013-02-03 (15-43-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 298228
    Time elapsed: 23 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.03.11

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: E6410-STULOAN43 [administrator]

    Protection: Enabled

    2/3/2013 5:45:33 PM
    mbam-log-2013-02-03 (17-45-33).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 56000
    Time elapsed: 6 minute(s), 52 second(s) [aborted]

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.03.11

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: E6410-STULOAN43 [administrator]

    Protection: Enabled

    2/3/2013 8:45:05 PM
    mbam-log-2013-02-03 (20-45-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 282953
    Time elapsed: 5 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: 748a9223b6845f51adb19c129edb73a8 -> Quarantined and deleted successfully.
    HKCU\Software\InstalledBrowserExtensions\215 Apps|4493 (PUP.CrossFire.SA) -> Data: Coupon Companion -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    2013/02/02 23:52:02 -0500 E6410-STULOAN43 MESSAGE Starting protection
    2013/02/02 23:52:02 -0500 E6410-STULOAN43 MESSAGE Protection started successfully
    2013/02/02 23:52:02 -0500 E6410-STULOAN43 MESSAGE Starting IP protection
    2013/02/02 23:53:18 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully

    2013/02/03 00:02:24 -0500 E6410-STULOAN43 Administrator MESSAGE Executing scheduled update: Daily
    2013/02/03 00:02:26 -0500 E6410-STULOAN43 Administrator ERROR Scheduled update failed: Host not found failed with error code 0
    2013/02/03 00:17:57 -0500 E6410-STULOAN43 MESSAGE Starting protection
    2013/02/03 00:17:57 -0500 E6410-STULOAN43 MESSAGE Protection started successfully
    2013/02/03 00:17:57 -0500 E6410-STULOAN43 MESSAGE Starting IP protection
    2013/02/03 00:19:22 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/03 00:29:54 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/03 00:29:54 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/03 00:29:54 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/03 00:30:31 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/03 00:31:47 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/03 00:31:48 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/03 00:31:48 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/03 00:31:48 -0500 E6410-STULOAN43 (null) ERROR IP protection failed: PfMakeLog failed with error code 21
    2013/02/03 14:43:19 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/03 14:43:19 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/03 14:43:19 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/03 14:43:25 -0500 E6410-STULOAN43 Administrator MESSAGE Executing scheduled update: Daily
    2013/02/03 14:43:32 -0500 E6410-STULOAN43 Administrator ERROR Scheduled update failed: Host not found failed with error code 0
    2013/02/03 14:44:14 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/03 17:14:07 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/03 17:14:07 -0500 E6410-STULOAN43 Administrator MESSAGE Protection started successfully
    2013/02/03 17:14:07 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
    2013/02/03 17:15:23 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/03 17:44:50 -0500 E6410-STULOAN43 Administrator MESSAGE Starting database refresh
    2013/02/03 17:44:50 -0500 E6410-STULOAN43 Administrator MESSAGE Stopping IP protection
    2013/02/03 17:44:50 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection stopped successfully
    2013/02/03 17:44:56 -0500 E6410-STULOAN43 Administrator MESSAGE Database refreshed successfully
    2013/02/03 17:44:56 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
    2013/02/03 17:45:10 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/03 17:56:38 -0500 E6410-STULOAN43 Administrator MESSAGE Starting protection
    2013/02/03 17:56:38 -0500 E6410-STULOAN43 Administrator MESSAGE Protection started successfully
    2013/02/03 17:56:38 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
    2013/02/03 17:57:13 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/03 21:13:54 -0500 E6410-STULOAN43 Administrator MESSAGE Starting protection
    2013/02/03 21:13:55 -0500 E6410-STULOAN43 Administrator MESSAGE Protection started successfully
    2013/02/03 21:13:55 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
    2013/02/03 21:14:32 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/03 23:39:00 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/03 23:39:00 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/03 23:39:00 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/03 23:39:30 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully


    2013/02/04 00:00:18 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/04 00:00:19 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/04 00:00:19 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/04 00:01:00 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/04 00:13:09 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/04 00:13:09 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/04 00:13:09 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/04 00:13:36 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/04 00:24:27 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/04 00:24:27 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/04 00:24:27 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/04 00:24:56 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/04 00:36:24 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/04 00:36:24 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/04 00:36:24 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/04 00:36:58 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/04 00:44:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/04 00:44:50 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/04 00:44:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/04 00:45:18 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/04 08:45:06 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/04 08:45:06 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/04 08:45:06 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/04 08:45:35 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/04 20:23:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/04 20:23:50 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/04 20:23:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/04 20:24:24 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/04 20:31:27 -0500 E6410-STULOAN43 Administrator MESSAGE Executing scheduled update: Daily
    2013/02/04 20:32:05 -0500 E6410-STULOAN43 Administrator MESSAGE Starting database refresh
    2013/02/04 20:32:05 -0500 E6410-STULOAN43 Administrator MESSAGE Scheduled update executed successfully: database updated from version v2013.02.03.11 to version v2013.02.04.09
    2013/02/04 20:32:05 -0500 E6410-STULOAN43 Administrator MESSAGE Stopping IP protection
    2013/02/04 20:32:06 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection stopped successfully
    2013/02/04 20:32:11 -0500 E6410-STULOAN43 Administrator MESSAGE Database refreshed successfully
    2013/02/04 20:32:11 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
    2013/02/04 20:32:22 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/04 22:23:04 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/04 22:23:04 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/04 22:23:04 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/04 22:23:28 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully



    2013/02/05 19:35:54 -0500 E6410-STULOAN43 Administrator MESSAGE Starting protection
    2013/02/05 19:35:54 -0500 E6410-STULOAN43 Administrator MESSAGE Protection started successfully
    2013/02/05 19:35:54 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
    2013/02/05 19:36:41 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/05 19:40:07 -0500 E6410-STULOAN43 Administrator MESSAGE Starting protection
    2013/02/05 19:40:07 -0500 E6410-STULOAN43 Administrator MESSAGE Protection started successfully
    2013/02/05 19:40:07 -0500 E6410-STULOAN43 Administrator MESSAGE Starting IP protection
    2013/02/05 19:40:13 -0500 E6410-STULOAN43 Administrator MESSAGE Executing scheduled update: Daily
    2013/02/05 19:40:30 -0500 E6410-STULOAN43 Administrator ERROR Scheduled update failed: Host not found failed with error code 0
    2013/02/05 19:40:46 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/05 19:45:05 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 19:45:05 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 19:45:05 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 19:45:34 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 19:47:59 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 19:47:59 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 19:47:59 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 19:48:27 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 19:53:33 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 19:53:33 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 19:53:33 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 19:53:59 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 20:08:42 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 20:08:42 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 20:08:42 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 20:09:06 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 20:10:56 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 20:10:56 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 20:10:56 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 20:11:30 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/05 20:29:56 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 20:29:57 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 20:29:57 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 20:30:25 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 20:35:38 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 20:35:38 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 20:35:38 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 20:36:00 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 20:39:17 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 20:39:17 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 20:39:17 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 20:39:45 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/05 20:50:41 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 20:50:41 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 20:50:41 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 20:51:13 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/05 20:56:01 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 20:56:01 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 20:56:01 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 20:56:22 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 20:58:41 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 20:58:41 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 20:58:41 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 20:59:13 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 21:00:30 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 21:00:30 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 21:00:30 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 21:00:54 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 21:07:59 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 21:07:59 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 21:07:59 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 21:08:20 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 21:09:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 21:09:50 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 21:09:50 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 21:10:11 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
    2013/02/05 22:17:58 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 22:17:58 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 22:17:58 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 22:18:23 -0500 E6410-STULOAN43 Administrator MESSAGE IP Protection started successfully
    2013/02/05 22:47:21 -0500 E6410-STULOAN43 (null) MESSAGE Starting protection
    2013/02/05 22:47:21 -0500 E6410-STULOAN43 (null) MESSAGE Protection started successfully
    2013/02/05 22:47:21 -0500 E6410-STULOAN43 (null) MESSAGE Starting IP protection
    2013/02/05 22:47:42 -0500 E6410-STULOAN43 (null) MESSAGE IP Protection started successfully
     
  9. adisx06x

    adisx06x Thread Starter

    Joined:
    Mar 1, 2012
    Messages:
    77
    tds killer log files:

    00:13:59.0812 5212 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
    00:13:59.0906 5212 ============================================================
    00:13:59.0906 5212 Current date / time: 2013/02/03 00:13:59.0906
    00:13:59.0906 5212 SystemInfo:
    00:13:59.0906 5212
    00:13:59.0906 5212 OS Version: 5.1.2600 ServicePack: 3.0
    00:13:59.0906 5212 Product type: Workstation
    00:13:59.0906 5212 ComputerName: E6410-STULOAN43
    00:13:59.0906 5212 UserName: Administrator
    00:13:59.0906 5212 Windows directory: C:\WINDOWS
    00:13:59.0906 5212 System windows directory: C:\WINDOWS
    00:13:59.0906 5212 Processor architecture: Intel x86
    00:13:59.0906 5212 Number of processors: 4
    00:13:59.0906 5212 Page size: 0x1000
    00:13:59.0906 5212 Boot type: Normal boot
    00:13:59.0906 5212 ============================================================
    00:14:00.0968 5212 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    00:14:00.0968 5212 Drive \Device\Harddisk1\DR4 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    00:14:00.0968 5212 ============================================================
    00:14:00.0968 5212 \Device\Harddisk0\DR0:
    00:14:00.0968 5212 MBR partitions:
    00:14:00.0968 5212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x90FC000
    00:14:01.0000 5212 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x91128BD, BlocksNum 0x3FBC04
    00:14:01.0000 5212 \Device\Harddisk1\DR4:
    00:14:01.0000 5212 MBR partitions:
    00:14:01.0000 5212 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080
    00:14:01.0000 5212 ============================================================
    00:14:01.0046 5212 C: <-> \Device\Harddisk0\DR0\Partition1
    00:14:01.0046 5212 D: <-> \Device\Harddisk0\DR0\Partition2
    00:14:01.0046 5212 ============================================================
    00:14:01.0046 5212 Initialize success
    00:14:01.0046 5212 ============================================================
    00:14:22.0984 7156 ============================================================
    00:14:22.0984 7156 Scan started
    00:14:22.0984 7156 Mode: Manual;
    00:14:22.0984 7156 ============================================================
    00:14:23.0156 7156 ================ Scan system memory ========================
    00:14:24.0281 7156 System memory - ok
    00:14:24.0281 7156 ================ Scan services =============================
    00:14:24.0390 7156 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    00:14:24.0390 7156 !SASCORE - ok
    00:14:24.0546 7156 Abiosdsk - ok
    00:14:24.0578 7156 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    00:14:24.0625 7156 abp480n5 - ok
    00:14:24.0656 7156 [ AF1F178B0218B44876E63BF0B019E96B ] Acceler C:\WINDOWS\system32\DRIVERS\Accelern.sys
    00:14:24.0671 7156 Acceler - ok
    00:14:24.0718 7156 [ D8FB7D1C3F5BFA3F53FE9CC6367E9E99 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    00:14:24.0718 7156 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: D8FB7D1C3F5BFA3F53FE9CC6367E9E99, Fake md5: 8FD99680A539792A30E97944FDAECF17
    00:14:24.0718 7156 ACPI ( Virus.Win32.Rloader.a ) - infected
    00:14:24.0718 7156 ACPI - detected Virus.Win32.Rloader.a (0)
    00:14:24.0718 7156 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    00:14:24.0734 7156 ACPIEC - ok
    00:14:24.0765 7156 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    00:14:24.0828 7156 adpu160m - ok
    00:14:24.0875 7156 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    00:14:24.0875 7156 aec - ok
    00:14:24.0906 7156 [ 822D53766D57C90C437536232ECE9023 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
    00:14:24.0937 7156 AESTAud - ok
    00:14:25.0000 7156 [ 355556D9E580915118CD7EF736653A89 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    00:14:25.0000 7156 AFD - ok
    00:14:25.0031 7156 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    00:14:25.0031 7156 agp440 - ok
    00:14:25.0093 7156 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    00:14:25.0093 7156 agpCPQ - ok
    00:14:25.0140 7156 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    00:14:25.0156 7156 Aha154x - ok
    00:14:25.0187 7156 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    00:14:25.0218 7156 aic78u2 - ok
    00:14:25.0234 7156 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    00:14:25.0265 7156 aic78xx - ok
    00:14:25.0296 7156 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    00:14:25.0296 7156 Alerter - ok
    00:14:25.0312 7156 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    00:14:25.0312 7156 ALG - ok
    00:14:25.0343 7156 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    00:14:25.0359 7156 AliIde - ok
    00:14:25.0359 7156 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    00:14:25.0375 7156 alim1541 - ok
    00:14:25.0406 7156 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    00:14:25.0421 7156 amdagp - ok
    00:14:25.0437 7156 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    00:14:25.0453 7156 amsint - ok
    00:14:25.0500 7156 [ E8A8E6072CB7E2032E85E7735DAA511F ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    00:14:25.0515 7156 ApfiltrService - ok
    00:14:25.0546 7156 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    00:14:25.0562 7156 AppMgmt - ok
    00:14:25.0625 7156 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    00:14:25.0640 7156 Arp1394 - ok
    00:14:25.0656 7156 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    00:14:25.0718 7156 asc - ok
    00:14:25.0750 7156 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    00:14:25.0812 7156 asc3350p - ok
    00:14:25.0859 7156 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    00:14:25.0921 7156 asc3550 - ok
    00:14:26.0000 7156 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    00:14:26.0046 7156 aspnet_state - ok
    00:14:26.0062 7156 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    00:14:26.0062 7156 AsyncMac - ok
    00:14:26.0093 7156 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    00:14:26.0093 7156 atapi - ok
    00:14:26.0093 7156 Atdisk - ok
    00:14:26.0125 7156 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    00:14:26.0140 7156 Atmarpc - ok
    00:14:26.0187 7156 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    00:14:26.0187 7156 AudioSrv - ok
    00:14:26.0203 7156 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    00:14:26.0203 7156 audstub - ok
    00:14:26.0218 7156 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    00:14:26.0234 7156 Beep - ok
    00:14:26.0296 7156 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    00:14:26.0375 7156 BITS - ok
    00:14:26.0406 7156 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
    00:14:26.0406 7156 Browser - ok
    00:14:26.0453 7156 [ C5A0BB83ADA38F6FC0A2338DFAC789D1 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    00:14:26.0484 7156 BTKRNL - ok
    00:14:26.0578 7156 [ 4DEAFA4D960FCA4A8A147837A41614FE ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    00:14:26.0578 7156 btwdins - ok
    00:14:26.0593 7156 [ F9B15CFAEF98D8117313C6C4215B9EAC ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
    00:14:26.0625 7156 BTWUSB - ok
    00:14:26.0734 7156 [ D9846A19208E76604E1074BB30228AC8 ] buttonsvc32 c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    00:14:26.0734 7156 buttonsvc32 - ok
    00:14:26.0765 7156 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    00:14:26.0796 7156 cbidf - ok
    00:14:26.0796 7156 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    00:14:26.0796 7156 cbidf2k - ok
    00:14:26.0828 7156 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    00:14:26.0828 7156 CCDECODE - ok
    00:14:26.0859 7156 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    00:14:26.0890 7156 cd20xrnt - ok
    00:14:26.0906 7156 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    00:14:26.0906 7156 Cdaudio - ok
    00:14:26.0921 7156 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    00:14:26.0937 7156 Cdfs - ok
    00:14:26.0953 7156 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    00:14:26.0953 7156 Cdrom - ok
    00:14:26.0953 7156 Changer - ok
    00:14:27.0015 7156 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    00:14:27.0031 7156 CiSvc - ok
    00:14:27.0046 7156 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    00:14:27.0062 7156 ClipSrv - ok
    00:14:27.0140 7156 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:14:27.0265 7156 clr_optimization_v2.0.50727_32 - ok
    00:14:27.0312 7156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    00:14:27.0359 7156 clr_optimization_v4.0.30319_32 - ok
    00:14:27.0390 7156 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    00:14:27.0406 7156 CmBatt - ok
    00:14:27.0437 7156 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    00:14:27.0437 7156 CmdIde - ok
    00:14:27.0468 7156 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    00:14:27.0468 7156 Compbatt - ok
    00:14:27.0468 7156 COMSysApp - ok
    00:14:27.0500 7156 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    00:14:27.0515 7156 Cpqarray - ok
    00:14:27.0578 7156 [ 4163C86EA091F9621017B899AD66A8BE ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    00:14:27.0593 7156 Credential Vault Host Control Service - ok
    00:14:27.0593 7156 [ AD6BA00E4F4E847151A3B4A0A2945C7C ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    00:14:27.0593 7156 Credential Vault Host Storage - ok
    00:14:27.0625 7156 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    00:14:27.0625 7156 CryptSvc - ok
    00:14:27.0671 7156 [ 0F538DF1673E5216F3BAACB6911D9D0F ] CtAudDrv C:\WINDOWS\system32\Drivers\CtAudDrv.sys
    00:14:27.0671 7156 CtAudDrv - ok
    00:14:27.0718 7156 [ AA52C0B88C46D5037809D05DD826C61E ] CtClsFlt C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
    00:14:27.0734 7156 CtClsFlt - ok
    00:14:27.0750 7156 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    00:14:27.0781 7156 CVirtA - ok
    00:14:27.0828 7156 [ D1697063E2CDB6575AA46D668FFEE825 ] cvusbdrv C:\WINDOWS\system32\Drivers\cvusbdrv.sys
    00:14:27.0843 7156 cvusbdrv - ok
    00:14:27.0875 7156 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    00:14:27.0937 7156 dac2w2k - ok
    00:14:27.0937 7156 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    00:14:27.0968 7156 dac960nt - ok
    00:14:28.0000 7156 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    00:14:28.0015 7156 DcomLaunch - ok
    00:14:28.0046 7156 [ E15C7077C7E14A910770FAFE9022689C ] dcpsysmgrsvc c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    00:14:28.0062 7156 dcpsysmgrsvc - ok
    00:14:28.0093 7156 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    00:14:28.0109 7156 Dhcp - ok
    00:14:28.0125 7156 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    00:14:28.0125 7156 Disk - ok
    00:14:28.0125 7156 dmadmin - ok
    00:14:28.0171 7156 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    00:14:28.0203 7156 dmboot - ok
    00:14:28.0218 7156 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    00:14:28.0234 7156 dmio - ok
    00:14:28.0234 7156 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    00:14:28.0250 7156 dmload - ok
    00:14:28.0265 7156 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    00:14:28.0281 7156 dmserver - ok
    00:14:28.0328 7156 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    00:14:28.0328 7156 DMusic - ok
    00:14:28.0375 7156 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    00:14:28.0375 7156 Dnscache - ok
    00:14:28.0390 7156 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    00:14:28.0390 7156 Dot3svc - ok
    00:14:28.0406 7156 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    00:14:28.0406 7156 dpti2o - ok
    00:14:28.0421 7156 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    00:14:28.0421 7156 drmkaud - ok
    00:14:28.0484 7156 [ 6368D6A6DDA2E44EECC592EB50950463 ] DVMIO D:\Program Files\Dell\Reader 2.0\dvmio.sys
    00:14:28.0484 7156 DVMIO - ok
    00:14:28.0515 7156 [ 6F0952F5A3C8D9E90DF1F88B84541145 ] DvmMDES D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
    00:14:28.0531 7156 DvmMDES - ok
    00:14:28.0562 7156 [ 9F7AE949202F0EF6B17DD3CC5C117AD3 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
    00:14:28.0578 7156 e1kexpress - ok
    00:14:28.0625 7156 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    00:14:28.0625 7156 EapHost - ok
    00:14:28.0625 7156 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    00:14:28.0625 7156 ERSvc - ok
    00:14:28.0671 7156 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    00:14:28.0671 7156 Eventlog - ok
    00:14:28.0703 7156 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    00:14:28.0703 7156 EventSystem - ok
    00:14:28.0750 7156 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    00:14:28.0750 7156 Fastfat - ok
    00:14:28.0781 7156 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    00:14:28.0796 7156 FastUserSwitchingCompatibility - ok
    00:14:28.0843 7156 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    00:14:28.0843 7156 Fax - ok
    00:14:28.0875 7156 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    00:14:28.0875 7156 Fdc - ok
    00:14:28.0890 7156 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    00:14:28.0906 7156 Fips - ok
    00:14:28.0906 7156 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    00:14:28.0921 7156 Flpydisk - ok
    00:14:28.0937 7156 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    00:14:28.0953 7156 FltMgr - ok
    00:14:29.0015 7156 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    00:14:29.0031 7156 FontCache3.0.0.0 - ok
    00:14:29.0062 7156 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    00:14:29.0062 7156 Fs_Rec - ok
    00:14:29.0078 7156 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    00:14:29.0093 7156 Ftdisk - ok
    00:14:29.0109 7156 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    00:14:29.0125 7156 Gpc - ok
    00:14:29.0140 7156 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    00:14:29.0140 7156 HDAudBus - ok
    00:14:29.0171 7156 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
    00:14:29.0312 7156 HECI - ok
    00:14:29.0421 7156 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    00:14:29.0421 7156 helpsvc - ok
    00:14:29.0437 7156 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    00:14:29.0437 7156 HidServ - ok
    00:14:29.0453 7156 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    00:14:29.0468 7156 hidusb - ok
    00:14:29.0484 7156 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    00:14:29.0500 7156 hkmsvc - ok
    00:14:29.0515 7156 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    00:14:29.0578 7156 hpn - ok
    00:14:29.0625 7156 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    00:14:29.0625 7156 HTTP - ok
    00:14:29.0656 7156 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    00:14:29.0671 7156 HTTPFilter - ok
    00:14:29.0750 7156 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    00:14:29.0750 7156 i2omgmt - ok
    00:14:29.0781 7156 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    00:14:29.0796 7156 i2omp - ok
    00:14:29.0812 7156 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    00:14:29.0828 7156 i8042prt - ok
    00:14:29.0890 7156 [ 6F98AB7933E98F49654AC5E1B9F87CF3 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    00:14:30.0203 7156 ialm - ok
    00:14:30.0234 7156 [ 39F7C9AEEE865FE8E98CF3EDD2B4BB4A ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
    00:14:30.0250 7156 iaStor - ok
    00:14:30.0359 7156 [ F627BC830EE548527966288E4968AAC0 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    00:14:30.0359 7156 IAStorDataMgrSvc - ok
    00:14:30.0437 7156 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    00:14:30.0546 7156 idsvc - ok
    00:14:30.0562 7156 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    00:14:30.0562 7156 Imapi - ok
    00:14:30.0609 7156 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    00:14:30.0625 7156 ImapiService - ok
    00:14:30.0656 7156 [ 1E8154841A0A24D6B38778F07831A82B ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys
    00:14:30.0718 7156 Impcd - ok
    00:14:30.0765 7156 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    00:14:30.0796 7156 ini910u - ok
    00:14:30.0828 7156 [ 987A2CC8EC0E86CAA2D8068B1ED7B441 ] InstallFilterService C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
    00:14:30.0828 7156 InstallFilterService - ok
    00:14:30.0875 7156 [ 6FC3B9C53F1A8E19FC1761A8022DA8EB ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
    00:14:30.0906 7156 IntcDAud - ok
    00:14:30.0921 7156 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    00:14:30.0921 7156 IntelIde - ok
    00:14:30.0968 7156 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    00:14:30.0968 7156 intelppm - ok
    00:14:30.0984 7156 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    00:14:31.0000 7156 Ip6Fw - ok
    00:14:31.0000 7156 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    00:14:31.0000 7156 IpFilterDriver - ok
    00:14:31.0000 7156 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    00:14:31.0015 7156 IpInIp - ok
    00:14:31.0031 7156 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    00:14:31.0031 7156 IpNat - ok
    00:14:31.0046 7156 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    00:14:31.0062 7156 IPSec - ok
    00:14:31.0078 7156 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    00:14:31.0078 7156 IRENUM - ok
    00:14:31.0125 7156 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    00:14:31.0140 7156 isapnp - ok
    00:14:31.0250 7156 [ A1509BA3A5FDC5366146E92B3D130EB5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    00:14:31.0250 7156 JavaQuickStarterService - ok
    00:14:31.0281 7156 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    00:14:31.0281 7156 Kbdclass - ok
    00:14:31.0296 7156 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    00:14:31.0312 7156 kbdhid - ok
    00:14:31.0328 7156 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    00:14:31.0328 7156 kmixer - ok
    00:14:31.0375 7156 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    00:14:31.0390 7156 KSecDD - ok
    00:14:31.0421 7156 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    00:14:31.0437 7156 LanmanServer - ok
    00:14:31.0468 7156 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    00:14:31.0468 7156 lanmanworkstation - ok
    00:14:31.0484 7156 lbrtfdc - ok
    00:14:31.0531 7156 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    00:14:31.0531 7156 LmHosts - ok
    00:14:31.0578 7156 [ CE97B09D1BA41802A6FAE3BBED3CC37B ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    00:14:31.0593 7156 LMS - ok
    00:14:31.0609 7156 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    00:14:31.0625 7156 MBAMProtector - ok
    00:14:31.0671 7156 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    00:14:31.0671 7156 MBAMScheduler - ok
    00:14:31.0718 7156 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    00:14:31.0718 7156 MBAMService - ok
    00:14:31.0796 7156 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    00:14:31.0796 7156 MDM - ok
    00:14:31.0828 7156 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    00:14:31.0859 7156 Messenger - ok
    00:14:31.0937 7156 Microsoft SharePoint Workspace Audit Service - ok
    00:14:31.0968 7156 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    00:14:31.0984 7156 mnmdd - ok
    00:14:32.0015 7156 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    00:14:32.0031 7156 mnmsrvc - ok
    00:14:32.0046 7156 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    00:14:32.0046 7156 Modem - ok
    00:14:32.0078 7156 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    00:14:32.0078 7156 Mouclass - ok
    00:14:32.0109 7156 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    00:14:32.0125 7156 mouhid - ok
    00:14:32.0140 7156 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    00:14:32.0156 7156 MountMgr - ok
    00:14:32.0156 7156 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    00:14:32.0203 7156 mraid35x - ok
    00:14:32.0203 7156 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    00:14:32.0203 7156 MRxDAV - ok
    00:14:32.0234 7156 [ CBCDA987C7D4FA251128CAC48EFCE5CC ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    00:14:32.0250 7156 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\mrxsmb.sys. Real md5: CBCDA987C7D4FA251128CAC48EFCE5CC, Fake md5: 7D304A5EB4344EBEEAB53A2FE3FFB9F0
    00:14:32.0250 7156 MRxSmb ( Virus.Win32.ZAccess.h ) - infected
    00:14:32.0250 7156 MRxSmb - detected Virus.Win32.ZAccess.h (0)
    00:14:32.0296 7156 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    00:14:32.0296 7156 MSDTC - ok
    00:14:32.0328 7156 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    00:14:32.0343 7156 Msfs - ok
    00:14:32.0343 7156 MSIServer - ok
    00:14:32.0359 7156 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    00:14:32.0359 7156 MSKSSRV - ok
    00:14:32.0375 7156 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    00:14:32.0390 7156 MSPCLOCK - ok
    00:14:32.0390 7156 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    00:14:32.0390 7156 MSPQM - ok
    00:14:32.0437 7156 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    00:14:32.0437 7156 mssmbios - ok
    00:14:32.0500 7156 MSSQL$SQLEXPRESS - ok
    00:14:32.0546 7156 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    00:14:32.0546 7156 MSSQLServerADHelper100 - ok
    00:14:32.0578 7156 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    00:14:32.0593 7156 MSTEE - ok
    00:14:32.0625 7156 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    00:14:32.0640 7156 Mup - ok
    00:14:32.0687 7156 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    00:14:32.0703 7156 NABTSFEC - ok
    00:14:32.0734 7156 [ CBBBBCACE1ABDA7336410DF4AB3C74D7 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
    00:14:32.0734 7156 NAL - ok
    00:14:32.0781 7156 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    00:14:32.0812 7156 napagent - ok
    00:14:32.0875 7156 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    00:14:32.0890 7156 NDIS - ok
    00:14:32.0921 7156 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    00:14:32.0921 7156 NdisIP - ok
    00:14:32.0968 7156 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    00:14:32.0968 7156 NdisTapi - ok
    00:14:32.0984 7156 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    00:14:32.0984 7156 Ndisuio - ok
    00:14:32.0984 7156 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    00:14:33.0000 7156 NdisWan - ok
    00:14:33.0046 7156 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    00:14:33.0062 7156 NDProxy - ok
    00:14:33.0093 7156 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    00:14:33.0109 7156 NetBIOS - ok
    00:14:33.0109 7156 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    00:14:33.0140 7156 NetBT - ok
    00:14:33.0187 7156 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    00:14:33.0203 7156 NetDDE - ok
    00:14:33.0203 7156 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    00:14:33.0203 7156 NetDDEdsdm - ok
    00:14:33.0250 7156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    00:14:33.0250 7156 Netlogon - ok
    00:14:33.0265 7156 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    00:14:33.0265 7156 Netman - ok
    00:14:33.0296 7156 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    00:14:33.0406 7156 NetTcpPortSharing - ok
    00:14:33.0406 7156 NETw5x32 - ok
    00:14:33.0453 7156 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    00:14:33.0453 7156 NIC1394 - ok
    00:14:33.0484 7156 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    00:14:33.0484 7156 Nla - ok
    00:14:33.0531 7156 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\NPF.sys
    00:14:33.0531 7156 NPF - ok
    00:14:33.0562 7156 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    00:14:33.0562 7156 Npfs - ok
    00:14:33.0593 7156 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    00:14:33.0625 7156 Ntfs - ok
    00:14:33.0640 7156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    00:14:33.0640 7156 NtLmSsp - ok
    00:14:33.0687 7156 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    00:14:33.0703 7156 NtmsSvc - ok
    00:14:33.0765 7156 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    00:14:33.0781 7156 Null - ok
    00:14:33.0984 7156 [ 0D3D6537671D6A31A58C654F82B77110 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    00:14:34.0203 7156 nv - ok
    00:14:34.0265 7156 [ 2D2B7B3AD297C659EFA1D02852CA9860 ] NVHDA C:\WINDOWS\system32\drivers\nvhda32.sys
    00:14:34.0281 7156 NVHDA - ok
    00:14:34.0312 7156 [ 87FF0B427C6645DFAF15CCD6AE7823B6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
    00:14:34.0328 7156 nvsvc - ok
    00:14:34.0343 7156 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    00:14:34.0390 7156 NwlnkFlt - ok
    00:14:34.0421 7156 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    00:14:34.0453 7156 NwlnkFwd - ok
    00:14:34.0484 7156 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    00:14:34.0484 7156 ohci1394 - ok
    00:14:34.0546 7156 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:14:34.0578 7156 ose - ok
    00:14:34.0718 7156 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    00:14:34.0765 7156 osppsvc - ok
    00:14:34.0796 7156 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    00:14:34.0812 7156 Parport - ok
    00:14:34.0828 7156 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    00:14:34.0843 7156 PartMgr - ok
    00:14:34.0859 7156 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    00:14:34.0875 7156 ParVdm - ok
    00:14:34.0890 7156 [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV C:\WINDOWS\system32\DRIVERS\PBADRV.sys
    00:14:34.0906 7156 PBADRV - ok
    00:14:34.0906 7156 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    00:14:34.0906 7156 PCI - ok
    00:14:34.0921 7156 PCIDump - ok
    00:14:34.0921 7156 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    00:14:34.0937 7156 PCIIde - ok
    00:14:34.0937 7156 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    00:14:34.0953 7156 Pcmcia - ok
    00:14:34.0968 7156 PDCOMP - ok
    00:14:34.0968 7156 PDFRAME - ok
    00:14:34.0968 7156 PDRELI - ok
    00:14:34.0968 7156 PDRFRAME - ok
    00:14:35.0000 7156 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    00:14:35.0031 7156 perc2 - ok
    00:14:35.0046 7156 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    00:14:35.0046 7156 perc2hib - ok
    00:14:35.0078 7156 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    00:14:35.0078 7156 PlugPlay - ok
    00:14:35.0078 7156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    00:14:35.0078 7156 PolicyAgent - ok
    00:14:35.0093 7156 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    00:14:35.0109 7156 PptpMiniport - ok
    00:14:35.0109 7156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    00:14:35.0109 7156 ProtectedStorage - ok
    00:14:35.0109 7156 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    00:14:35.0125 7156 PSched - ok
    00:14:35.0125 7156 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    00:14:35.0156 7156 Ptilink - ok
    00:14:35.0218 7156 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    00:14:35.0234 7156 PxHelp20 - ok
    00:14:35.0265 7156 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    00:14:35.0281 7156 ql1080 - ok
    00:14:35.0296 7156 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    00:14:35.0328 7156 Ql10wnt - ok
    00:14:35.0343 7156 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    00:14:35.0375 7156 ql12160 - ok
    00:14:35.0406 7156 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    00:14:35.0468 7156 ql1240 - ok
    00:14:35.0484 7156 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    00:14:35.0500 7156 ql1280 - ok
    00:14:35.0531 7156 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    00:14:35.0531 7156 RasAcd - ok
    00:14:35.0562 7156 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    00:14:35.0593 7156 RasAuto - ok
    00:14:35.0609 7156 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    00:14:35.0609 7156 Rasl2tp - ok
    00:14:35.0640 7156 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    00:14:35.0640 7156 RasMan - ok
    00:14:35.0640 7156 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    00:14:35.0656 7156 RasPppoe - ok
    00:14:35.0656 7156 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    00:14:35.0671 7156 Raspti - ok
    00:14:35.0687 7156 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    00:14:35.0703 7156 Rdbss - ok
    00:14:35.0718 7156 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    00:14:35.0750 7156 RDPCDD - ok
    00:14:35.0750 7156 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    00:14:35.0765 7156 rdpdr - ok
    00:14:35.0796 7156 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    00:14:35.0796 7156 RDPWD - ok
    00:14:35.0828 7156 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    00:14:35.0843 7156 RDSessMgr - ok
    00:14:35.0875 7156 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    00:14:35.0890 7156 redbook - ok
    00:14:35.0921 7156 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    00:14:35.0937 7156 RemoteAccess - ok
    00:14:35.0984 7156 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    00:14:35.0984 7156 RemoteRegistry - ok
    00:14:36.0015 7156 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
    00:14:36.0031 7156 RimUsb - ok
    00:14:36.0062 7156 [ 5312F15DBEB47D906DCA2E334DC4C97D ] risdpcie C:\WINDOWS\system32\DRIVERS\risdpe86.sys
    00:14:36.0062 7156 risdpcie - ok
    00:14:36.0093 7156 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    00:14:36.0093 7156 RpcLocator - ok
    00:14:36.0140 7156 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    00:14:36.0140 7156 RpcSs - ok
    00:14:36.0187 7156 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
    00:14:36.0296 7156 RsFx0103 - ok
    00:14:36.0328 7156 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    00:14:36.0343 7156 RSVP - ok
    00:14:36.0359 7156 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    00:14:36.0359 7156 SamSs - ok
    00:14:36.0390 7156 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    00:14:36.0437 7156 SASDIFSV - ok
    00:14:36.0468 7156 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    00:14:36.0515 7156 SASKUTIL - ok
    00:14:36.0593 7156 [ BD57B12FA4C21B1CE7DA3570410BF12D ] SAVAdminService C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    00:14:36.0593 7156 SAVAdminService - ok
    00:14:36.0640 7156 [ D9DF915972694B5274FACC8D00492ACD ] SAVOnAccessControl C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
    00:14:36.0687 7156 SAVOnAccessControl - ok
    00:14:36.0687 7156 [ 31B35CCA652A3553FA4FB99EA79C35BF ] SAVOnAccessFilter C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
    00:14:36.0703 7156 SAVOnAccessFilter - ok
    00:14:36.0734 7156 [ 836AEC603665F6DB83965EE57B3DCF57 ] SAVService C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    00:14:36.0734 7156 SAVService - ok
    00:14:36.0781 7156 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    00:14:36.0781 7156 SCardSvr - ok
    00:14:36.0796 7156 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    00:14:36.0796 7156 Schedule - ok
    00:14:36.0843 7156 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
    00:14:36.0859 7156 sdbus - ok
    00:14:36.0875 7156 [ A957FD57A6AE1597943E4590DE10669B ] sdcfilter C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
    00:14:36.0890 7156 sdcfilter - ok
    00:14:36.0968 7156 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    00:14:36.0968 7156 SeaPort - ok
    00:14:37.0000 7156 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    00:14:37.0015 7156 Secdrv - ok
    00:14:37.0015 7156 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    00:14:37.0031 7156 seclogon - ok
    00:14:37.0093 7156 [ F6A6DBD275EC9EF7B573E48B3FD8D3DF ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    00:14:37.0328 7156 SecureStorageService - ok
    00:14:37.0375 7156 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    00:14:37.0375 7156 SENS - ok
    00:14:37.0421 7156 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    00:14:37.0421 7156 Serenum - ok
    00:14:37.0437 7156 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    00:14:37.0453 7156 Serial - ok
    00:14:37.0468 7156 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    00:14:37.0468 7156 Sfloppy - ok
    00:14:37.0515 7156 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    00:14:37.0515 7156 SharedAccess - ok
    00:14:37.0546 7156 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    00:14:37.0546 7156 ShellHWDetection - ok
    00:14:37.0546 7156 Simbad - ok
    00:14:37.0562 7156 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    00:14:37.0578 7156 sisagp - ok
    00:14:37.0609 7156 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    00:14:37.0609 7156 SLIP - ok
    00:14:37.0671 7156 [ 85DD2D3A8E67AA75D03B74DEFFE4BC87 ] Sophos Agent C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
    00:14:37.0671 7156 Sophos Agent - ok
    00:14:37.0765 7156 [ E4A3CFFD81B4169128F187729E137417 ] Sophos AutoUpdate Service C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    00:14:37.0765 7156 Sophos AutoUpdate Service - ok
    00:14:37.0781 7156 [ FE03582DE80740D22FE428F3351ADB16 ] Sophos Message Router C:\Program Files\Sophos\Remote Management System\RouterNT.exe
    00:14:37.0796 7156 Sophos Message Router - ok
    00:14:37.0828 7156 [ 3BDF94E0827D13E44249A646F6C0EB7C ] SophosBootDriver C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
    00:14:37.0828 7156 SophosBootDriver - ok
    00:14:37.0875 7156 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    00:14:37.0890 7156 Sparrow - ok
    00:14:37.0921 7156 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    00:14:37.0921 7156 splitter - ok
    00:14:37.0953 7156 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    00:14:37.0968 7156 Spooler - ok
    00:14:38.0000 7156 [ D494597E8C665F2D515D9D24FA9616EF ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
    00:14:38.0031 7156 SQLAgent$SQLEXPRESS - ok
    00:14:38.0093 7156 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    00:14:38.0156 7156 SQLBrowser - ok
    00:14:38.0187 7156 [ 997BC62F49D0D84214FE887F09197D41 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    00:14:38.0187 7156 SQLWriter - ok
    00:14:38.0203 7156 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    00:14:38.0218 7156 sr - ok
    00:14:38.0234 7156 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    00:14:38.0234 7156 srservice - ok
    00:14:38.0250 7156 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    00:14:38.0265 7156 Srv - ok
    00:14:38.0281 7156 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    00:14:38.0281 7156 SSDPSRV - ok
    00:14:38.0343 7156 [ 90F4AB6DEDE1D075FC9656675D95C03B ] STacSV c:\drivers\audio\r255264\payload\wdm\stacsv.exe
    00:14:38.0343 7156 STacSV - ok
    00:14:38.0390 7156 [ A5B83C8050572622E5C43B5B3326A129 ] stdflt C:\WINDOWS\system32\DRIVERS\stdfltn.sys
    00:14:38.0406 7156 stdflt - ok
    00:14:38.0484 7156 [ 391D03926371E2A14775AD3005BFED3B ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
    00:14:38.0843 7156 STHDA - ok
    00:14:38.0875 7156 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    00:14:38.0875 7156 stisvc - ok
    00:14:38.0921 7156 [ E476C66713C842F58E61A95826ED1D57 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    00:14:38.0937 7156 stllssvr - ok
    00:14:38.0968 7156 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    00:14:38.0968 7156 streamip - ok
    00:14:39.0000 7156 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    00:14:39.0015 7156 swenum - ok
    00:14:39.0078 7156 [ AB22D10457BB1B8BB587C61AF03F909F ] swi_service C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    00:14:39.0078 7156 swi_service - ok
    00:14:39.0093 7156 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    00:14:39.0109 7156 swmidi - ok
    00:14:39.0109 7156 SwPrv - ok
    00:14:39.0125 7156 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    00:14:39.0156 7156 symc810 - ok
    00:14:39.0203 7156 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    00:14:39.0234 7156 symc8xx - ok
    00:14:39.0234 7156 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    00:14:39.0281 7156 sym_hi - ok
    00:14:39.0281 7156 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    00:14:39.0312 7156 sym_u3 - ok
    00:14:39.0328 7156 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    00:14:39.0328 7156 sysaudio - ok
    00:14:39.0375 7156 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    00:14:39.0390 7156 SysmonLog - ok
    00:14:39.0406 7156 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    00:14:39.0421 7156 TapiSrv - ok
    00:14:39.0453 7156 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    00:14:39.0484 7156 Tcpip - ok
    00:14:39.0562 7156 [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    00:14:39.0562 7156 tcsd_win32.exe - ok
    00:14:39.0640 7156 [ 55FF1B851D685C928807DFA84529BE9F ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    00:14:39.0640 7156 TdmService - ok
    00:14:39.0671 7156 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    00:14:39.0671 7156 TDPIPE - ok
    00:14:39.0718 7156 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    00:14:39.0718 7156 TDTCP - ok
    00:14:39.0734 7156 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    00:14:39.0750 7156 TermDD - ok
    00:14:39.0765 7156 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    00:14:39.0781 7156 TermService - ok
    00:14:39.0796 7156 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    00:14:39.0796 7156 Themes - ok
    00:14:39.0828 7156 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    00:14:39.0921 7156 TlntSvr - ok
    00:14:39.0937 7156 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    00:14:39.0953 7156 TosIde - ok
    00:14:39.0953 7156 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    00:14:39.0968 7156 TrkWks - ok
    00:14:40.0000 7156 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    00:14:40.0000 7156 Udfs - ok
    00:14:40.0015 7156 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    00:14:40.0078 7156 ultra - ok
    00:14:40.0171 7156 [ C6C3B5AB7D807C1A97B1E95FED1AB90D ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    00:14:40.0187 7156 UNS - ok
    00:14:40.0250 7156 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    00:14:40.0265 7156 Update - ok
    00:14:40.0312 7156 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    00:14:40.0343 7156 upnphost - ok
    00:14:40.0359 7156 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    00:14:40.0375 7156 UPS - ok
    00:14:40.0390 7156 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    00:14:40.0406 7156 usbccgp - ok
    00:14:40.0437 7156 [ 2825E0E294686A26506690059E1F437A ] USBCCID C:\WINDOWS\system32\DRIVERS\usbccid.sys
    00:14:40.0453 7156 USBCCID - ok
    00:14:40.0500 7156 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    00:14:40.0500 7156 usbehci - ok
    00:14:40.0515 7156 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    00:14:40.0515 7156 usbhub - ok
    00:14:40.0546 7156 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    00:14:40.0562 7156 usbscan - ok
    00:14:40.0593 7156 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    00:14:40.0593 7156 USBSTOR - ok
    00:14:40.0640 7156 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    00:14:40.0640 7156 usbuhci - ok
    00:14:40.0671 7156 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    00:14:40.0687 7156 usbvideo - ok
    00:14:40.0703 7156 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    00:14:40.0718 7156 VgaSave - ok
    00:14:40.0734 7156 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    00:14:40.0750 7156 viaagp - ok
    00:14:40.0765 7156 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    00:14:40.0765 7156 ViaIde - ok
    00:14:40.0796 7156 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    00:14:40.0812 7156 VolSnap - ok
    00:14:40.0843 7156 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    00:14:40.0875 7156 VSS - ok
    00:14:40.0906 7156 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
    00:14:40.0906 7156 w32time - ok
    00:14:40.0906 7156 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    00:14:40.0921 7156 Wanarp - ok
    00:14:40.0953 7156 [ D73243D8E1E2AC059DB249D12B1D1D8E ] WavxDMgr C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
    00:14:40.0968 7156 WavxDMgr - ok
    00:14:41.0015 7156 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    00:14:41.0031 7156 Wdf01000 - ok
    00:14:41.0031 7156 WDICA - ok
    00:14:41.0046 7156 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    00:14:41.0046 7156 wdmaud - ok
    00:14:41.0093 7156 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    00:14:41.0093 7156 WebClient - ok
    00:14:41.0187 7156 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    00:14:41.0187 7156 winmgmt - ok
    00:14:41.0250 7156 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    00:14:41.0312 7156 WinRM - ok
    00:14:41.0437 7156 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    00:14:41.0437 7156 wlidsvc - ok
    00:14:41.0484 7156 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    00:14:41.0500 7156 WmdmPmSN - ok
    00:14:41.0578 7156 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    00:14:41.0578 7156 Wmi - ok
    00:14:41.0625 7156 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    00:14:41.0625 7156 WmiAcpi - ok
    00:14:41.0656 7156 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    00:14:41.0687 7156 WmiApSrv - ok
    00:14:41.0765 7156 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    00:14:41.0843 7156 WMPNetworkSvc - ok
    00:14:41.0890 7156 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    00:14:41.0968 7156 WPFFontCache_v0400 - ok
    00:14:41.0984 7156 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    00:14:41.0984 7156 WS2IFSL - ok
    00:14:42.0015 7156 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    00:14:42.0031 7156 wscsvc - ok
    00:14:42.0031 7156 WSearch - ok
    00:14:42.0046 7156 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    00:14:42.0062 7156 WSTCODEC - ok
    00:14:42.0078 7156 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    00:14:42.0078 7156 wuauserv - ok
    00:14:42.0109 7156 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    00:14:42.0125 7156 WudfPf - ok
    00:14:42.0140 7156 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    00:14:42.0156 7156 WudfRd - ok
    00:14:42.0156 7156 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    00:14:42.0171 7156 WudfSvc - ok
    00:14:42.0203 7156 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    00:14:42.0218 7156 WZCSVC - ok
    00:14:42.0234 7156 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    00:14:42.0250 7156 xmlprov - ok
    00:14:42.0328 7156 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    00:14:42.0343 7156 YahooAUService - ok
    00:14:42.0359 7156 ================ Scan global ===============================
    00:14:42.0406 7156 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    00:14:42.0421 7156 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    00:14:42.0437 7156 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    00:14:42.0468 7156 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    00:14:42.0468 7156 [Global] - ok
    00:14:42.0468 7156 ================ Scan MBR ==================================
    00:14:42.0484 7156 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
    00:14:42.0796 7156 \Device\Harddisk0\DR0 - ok
    00:14:42.0796 7156 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR4
    00:14:42.0796 7156 \Device\Harddisk1\DR4 - ok
    00:14:42.0796 7156 ================ Scan VBR ==================================
    00:14:42.0796 7156 [ 4BA5950EBEF2D0609F42A98EEF0F466C ] \Device\Harddisk0\DR0\Partition1
    00:14:42.0796 7156 \Device\Harddisk0\DR0\Partition1 - ok
    00:14:42.0828 7156 [ EDAEE3FB0252396493D75DDA401B0368 ] \Device\Harddisk0\DR0\Partition2
    00:14:42.0828 7156 \Device\Harddisk0\DR0\Partition2 - ok
    00:14:42.0828 7156 [ 217C98F258F9135A876C4987DBA98679 ] \Device\Harddisk1\DR4\Partition1
    00:14:42.0828 7156 \Device\Harddisk1\DR4\Partition1 - ok
    00:14:42.0828 7156 ============================================================
    00:14:42.0828 7156 Scan finished
    00:14:42.0828 7156 ============================================================
    00:14:42.0843 4432 Detected object count: 2
    00:14:42.0843 4432 Actual detected object count: 2
    00:15:10.0546 4432 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
    00:15:10.0796 4432 Backup copy found, using it..
    00:15:10.0859 4432 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
    00:15:10.0859 4432 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
    00:15:10.0906 4432 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - copied to quarantine
    00:15:11.0593 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\@ - copied to quarantine
    00:15:11.0593 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\bckfg.tmp - copied to quarantine
    00:15:11.0593 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\cfg.ini - copied to quarantine
    00:15:11.0609 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\Desktop.ini - copied to quarantine
    00:15:11.0609 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\keywords - copied to quarantine
    00:15:11.0625 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\kwrd.dll - copied to quarantine
    00:15:11.0703 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\L\rohepcid - copied to quarantine
    00:15:11.0703 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\lsflt7.ver - copied to quarantine
    00:15:11.0734 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
    00:15:11.0812 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
    00:15:11.0828 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
    00:15:11.0843 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
    00:15:11.0859 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
    00:15:11.0859 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - copied to quarantine
    00:15:12.0281 4432 Backup copy found, using it..
    00:15:12.0359 4432 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\@ - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\bckfg.tmp - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\cfg.ini - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\Desktop.ini - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\keywords - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\kwrd.dll - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\lsflt7.ver - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2261470070\U\[email protected] - will be deleted on reboot
    00:15:12.0390 4432 C:\WINDOWS\$NtUninstallKB52669$\2857733078 - will be deleted on reboot
    00:15:12.0406 4432 MRxSmb ( Virus.Win32.ZAccess.h ) - User select action: Cure
    00:15:15.0453 4560 Deinitialize success






    00:18:03.0781 3024 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
    00:18:04.0875 3024 ============================================================
    00:18:04.0875 3024 Current date / time: 2013/02/03 00:18:04.0875
    00:18:04.0875 3024 SystemInfo:
    00:18:04.0875 3024
    00:18:04.0875 3024 OS Version: 5.1.2600 ServicePack: 3.0
    00:18:04.0875 3024 Product type: Workstation
    00:18:04.0875 3024 ComputerName: E6410-STULOAN43
    00:18:04.0875 3024 UserName: Administrator
    00:18:04.0875 3024 Windows directory: C:\WINDOWS
    00:18:04.0875 3024 System windows directory: C:\WINDOWS
    00:18:04.0875 3024 Processor architecture: Intel x86
    00:18:04.0875 3024 Number of processors: 4
    00:18:04.0875 3024 Page size: 0x1000
    00:18:04.0875 3024 Boot type: Normal boot
    00:18:04.0875 3024 ============================================================
    00:18:10.0765 3024 BG loaded
    00:18:15.0625 3024 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    00:18:15.0640 3024 Drive \Device\Harddisk1\DR4 - Size: 0x1DD400000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    00:18:15.0640 3024 ============================================================
    00:18:15.0640 3024 \Device\Harddisk0\DR0:
    00:18:15.0640 3024 MBR partitions:
    00:18:15.0640 3024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x90FC000
    00:18:15.0656 3024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x91128BD, BlocksNum 0x3FBC04
    00:18:15.0656 3024 \Device\Harddisk1\DR4:
    00:18:15.0656 3024 MBR partitions:
    00:18:15.0656 3024 \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE8080
    00:18:15.0656 3024 ============================================================
    00:18:15.0750 3024 C: <-> \Device\Harddisk0\DR0\Partition1
    00:18:15.0781 3024 D: <-> \Device\Harddisk0\DR0\Partition2
    00:18:15.0781 3024 ============================================================
    00:18:15.0781 3024 Initialize success
    00:18:15.0781 3024 ============================================================
    00:22:14.0531 2876 Deinitialize success
     
  10. adisx06x

    adisx06x Thread Starter

    Joined:
    Mar 1, 2012
    Messages:
    77
    PS: There is so much wrong here...The mouse started going crazy then it suddenly was good again...now some other random keys stopped working, im using the virtual keyboard for the few keys that don't work...I'm starting to think factory restore is the best way to go as I must give this laptop back to my friend soon...
    btw i haven't done anything you haven't instructed me to do...using combofix and those other tools i used before u started helping me, before i got to log in to the computer back when i couldn't log in cause of the "keys going bad"... thx for all your time really appreciated :)
     
  11. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    The system was badly infected, please read the information below. We can continue to clean the machine if you wish but there may be some file damage that could be time consuming to repair so a clean install may be the quickest solution and it will guarantee the system is clean.


    IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

    Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

    You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

    Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:



    Backdoors and What They Mean to You
     
  12. adisx06x

    adisx06x Thread Starter

    Joined:
    Mar 1, 2012
    Messages:
    77
    Yes I think it is better to do a clean install on the computer...what is the next step...I hope it has its own partition so I don't have to worry about disks
     
  13. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    First thing is to check the owner of the PC has backed up all there important data, when the system is re-installed it will delete everything on the hard drive.

    As far as I can see from the logs there is no Recovery partition, but as the OS was installed in 2010 the owner must have the OEM Recovery discs or they will have there own copy of XP unless it was purchased second hand with the OS already installed.
     
  14. adisx06x

    adisx06x Thread Starter

    Joined:
    Mar 1, 2012
    Messages:
    77
    hey Mark, I just wanted to say that I installed a Windows 7 trial on the laptop....everything seemed fine after the installation it was all fixed (except the keys that randomly stopped working on the keyboard which is weird). I believe the owner is going to invest on a copy of windows before the trial ends they just wanted things to be clean for now...There isn't much now thx a lot, couldn't have done it with out your help.
     
  15. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're most welcome, if those keys play up again they may also need a new keyboard.

    If the PC has a licence sticker on it with the product key they should be able to save a chunk of money by purchasing Recovery Discs from the manufacturer.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088098

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice