Jump to content

f6e9a

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. i already did that, i posted the log with the other logs, but here is a copy ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=24c3df31d89b6e4695906c8fe43fb8f6 # engine=13933 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-28 02:06:06 # local_time=2013-05-27 09:06:06 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=150471 # found=2 # cleaned=2 # scan_time=2760 sh=C02423884B82F50565A8AA2BE8F974E821760F18 ft=0 fh=0000000000000000 vn="Eicar test file (cleaned by deleting - quarantined)" ac=C fn="C:\ComboFix\N_\Av-test.txt" sh=C02423884B82F50565A8AA2BE8F974E821760F18 ft=0 fh=0000000000000000 vn="Eicar test file (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\Local Settings\Temp\Av-test.txt"
  2. oh and i have noticed things need to be updated, and i will do that immediately like now. thanks.
  3. ok, everything is fine now, i ran some of my own tests, and the ones you asked for here are the reports. thanks man btw a mbar log was not produced or found in the folder. system- log --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 1.995000 GHz Memory total: 2008989696, free: 1256038400 Downloaded database version: v2013.05.28.01 Downloaded database version: v2013.05.22.01 Initializing... ------------ Kernel report ------------ 05/27/2013 21:15:55 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys ACPIEC.sys \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS VolSnap.sys iaStor.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltMgr.sys sr.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\FwLnk.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\igxpmp32.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rtenicxp.sys \SystemRoot\system32\DRIVERS\NETw5x32.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\DamewareMini.sys \SystemRoot\system32\DRIVERS\dwvkbd.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\AGRSM.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\System32\Drivers\IpmSecurityAgent1.sys \SystemRoot\system32\DRIVERS\SAFsFilter.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\RTS5121.sys \SystemRoot\System32\Drivers\UVCFTR_S.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\igxpgd32.dll \SystemRoot\System32\igxprd32.dll \SystemRoot\System32\igxpdv32.DLL \SystemRoot\System32\igxpdx32.DLL \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\tdudf.sys \SystemRoot\System32\Drivers\Udfs.SYS \SystemRoot\system32\DRIVERS\trudf.sys \SystemRoot\system32\DRIVERS\AegisP.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\netdevio.sys \SystemRoot\system32\DRIVERS\s24trans.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\System32\Drivers\TDTCP.SYS \SystemRoot\System32\Drivers\RDPWD.SYS \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys \??\C:\ComboFix\mbr.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! Could not initialize database <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a4f3030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xffffffff8a4e6030 Lower Device Driver Name: \Driver\iaStor\ Error during a scan has occured. Scan can't continue. ======================================= TDSS 21:11:00.0468 1212 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34 21:11:01.0296 1212 ============================================================ 21:11:01.0296 1212 Current date / time: 2013/05/27 21:11:01.0296 21:11:01.0296 1212 SystemInfo: 21:11:01.0296 1212 21:11:01.0296 1212 OS Version: 5.1.2600 ServicePack: 3.0 21:11:01.0296 1212 Product type: Workstation 21:11:01.0296 1212 ComputerName: NHSSCI14S 21:11:01.0296 1212 UserName: Administrator 21:11:01.0296 1212 Windows directory: C:\WINDOWS 21:11:01.0296 1212 System windows directory: C:\WINDOWS 21:11:01.0296 1212 Processor architecture: Intel x86 21:11:01.0296 1212 Number of processors: 2 21:11:01.0296 1212 Page size: 0x1000 21:11:01.0296 1212 Boot type: Normal boot 21:11:01.0296 1212 ============================================================ 21:11:02.0250 1212 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:11:02.0265 1212 ============================================================ 21:11:02.0265 1212 \Device\Harddisk0\DR0: 21:11:02.0265 1212 MBR partitions: 21:11:02.0265 1212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BF36A47 21:11:02.0265 1212 ============================================================ 21:11:02.0312 1212 C: <-> \Device\Harddisk0\DR0\Partition1 21:11:02.0312 1212 ============================================================ 21:11:02.0312 1212 Initialize success 21:11:02.0312 1212 ============================================================ 21:11:04.0125 2704 ============================================================ 21:11:04.0125 2704 Scan started 21:11:04.0125 2704 Mode: Manual; 21:11:04.0125 2704 ============================================================ 21:11:05.0750 2704 ================ Scan system memory ======================== 21:11:05.0890 2704 System memory - ok 21:11:05.0890 2704 ================ Scan services ============================= 21:11:06.0015 2704 Abiosdsk - ok 21:11:06.0015 2704 abp480n5 - ok 21:11:06.0046 2704 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:11:06.0046 2704 ACPI - ok 21:11:06.0046 2704 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 21:11:06.0046 2704 ACPIEC - ok 21:11:06.0046 2704 adpu160m - ok 21:11:06.0093 2704 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 21:11:06.0093 2704 aec - ok 21:11:06.0140 2704 [ 023867B6606FBABCDD52E089C4A507DA ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys 21:11:06.0140 2704 AegisP - ok 21:11:06.0187 2704 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 21:11:06.0187 2704 AFD - ok 21:11:06.0218 2704 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe 21:11:06.0218 2704 AgereModemAudio - ok 21:11:06.0265 2704 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys 21:11:06.0281 2704 AgereSoftModem - ok 21:11:06.0281 2704 Aha154x - ok 21:11:06.0281 2704 aic78u2 - ok 21:11:06.0312 2704 aic78xx - ok 21:11:06.0359 2704 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 21:11:06.0359 2704 Alerter - ok 21:11:06.0375 2704 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 21:11:06.0375 2704 ALG - ok 21:11:06.0375 2704 AliIde - ok 21:11:06.0375 2704 amsint - ok 21:11:06.0406 2704 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 21:11:06.0406 2704 AppMgmt - ok 21:11:06.0421 2704 asc - ok 21:11:06.0421 2704 asc3350p - ok 21:11:06.0421 2704 asc3550 - ok 21:11:06.0531 2704 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:11:06.0531 2704 aspnet_state - ok 21:11:06.0546 2704 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:11:06.0546 2704 AsyncMac - ok 21:11:06.0546 2704 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 21:11:06.0546 2704 atapi - ok 21:11:06.0562 2704 Atdisk - ok 21:11:06.0562 2704 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:11:06.0562 2704 Atmarpc - ok 21:11:06.0609 2704 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 21:11:06.0609 2704 AudioSrv - ok 21:11:06.0625 2704 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 21:11:06.0625 2704 audstub - ok 21:11:06.0734 2704 [ 4BEFF67C1775D353A16A62347E727874 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.355.0\BBSvc.exe 21:11:06.0734 2704 BBSvc - ok 21:11:06.0796 2704 [ A6DAAD3EA93DBDBD07FA821BCED133F6 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe 21:11:06.0796 2704 BBUpdate - ok 21:11:06.0812 2704 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 21:11:06.0812 2704 Beep - ok 21:11:06.0859 2704 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 21:11:06.0875 2704 BITS - ok 21:11:06.0906 2704 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 21:11:06.0906 2704 Browser - ok 21:11:07.0015 2704 catchme - ok 21:11:07.0046 2704 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 21:11:07.0046 2704 cbidf2k - ok 21:11:07.0046 2704 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 21:11:07.0046 2704 CCDECODE - ok 21:11:07.0062 2704 cd20xrnt - ok 21:11:07.0093 2704 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 21:11:07.0093 2704 Cdaudio - ok 21:11:07.0109 2704 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 21:11:07.0109 2704 Cdfs - ok 21:11:07.0125 2704 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:11:07.0125 2704 Cdrom - ok 21:11:07.0203 2704 [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 21:11:07.0203 2704 CFSvcs - ok 21:11:07.0203 2704 Changer - ok 21:11:07.0234 2704 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 21:11:07.0234 2704 CiSvc - ok 21:11:07.0281 2704 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 21:11:07.0281 2704 ClipSrv - ok 21:11:07.0312 2704 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:11:07.0312 2704 clr_optimization_v2.0.50727_32 - ok 21:11:07.0343 2704 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:11:07.0359 2704 CmBatt - ok 21:11:07.0359 2704 CmdIde - ok 21:11:07.0359 2704 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:11:07.0359 2704 Compbatt - ok 21:11:07.0375 2704 COMSysApp - ok 21:11:07.0375 2704 Cpqarray - ok 21:11:07.0421 2704 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 21:11:07.0421 2704 CryptSvc - ok 21:11:07.0421 2704 dac2w2k - ok 21:11:07.0421 2704 dac960nt - ok 21:11:07.0468 2704 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 21:11:07.0484 2704 DcomLaunch - ok 21:11:07.0500 2704 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 21:11:07.0500 2704 Dhcp - ok 21:11:07.0546 2704 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 21:11:07.0546 2704 Disk - ok 21:11:07.0546 2704 dmadmin - ok 21:11:07.0578 2704 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 21:11:07.0593 2704 dmboot - ok 21:11:07.0593 2704 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 21:11:07.0593 2704 dmio - ok 21:11:07.0593 2704 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 21:11:07.0593 2704 dmload - ok 21:11:07.0625 2704 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 21:11:07.0625 2704 dmserver - ok 21:11:07.0656 2704 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 21:11:07.0656 2704 DMusic - ok 21:11:07.0703 2704 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 21:11:07.0703 2704 Dnscache - ok 21:11:07.0750 2704 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 21:11:07.0750 2704 Dot3svc - ok 21:11:07.0765 2704 dpti2o - ok 21:11:07.0781 2704 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 21:11:07.0781 2704 drmkaud - ok 21:11:07.0812 2704 [ 383182215A2C238E76B86E3B5EDE40EB ] DwMirror C:\WINDOWS\system32\DRIVERS\DamewareMini.sys 21:11:07.0828 2704 DwMirror - ok 21:11:07.0828 2704 dwmrcs - ok 21:11:07.0828 2704 [ 5A402C57F621114C99F813C6AE7BC37A ] dwvkbd C:\WINDOWS\system32\DRIVERS\dwvkbd.sys 21:11:07.0828 2704 dwvkbd - ok 21:11:07.0859 2704 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 21:11:07.0859 2704 EapHost - ok 21:11:07.0890 2704 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 21:11:07.0890 2704 ERSvc - ok 21:11:07.0921 2704 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 21:11:07.0921 2704 Eventlog - ok 21:11:07.0968 2704 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 21:11:07.0968 2704 EventSystem - ok 21:11:08.0093 2704 [ 306AC856622864C761CBDB5E816BB9D8 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 21:11:08.0109 2704 EvtEng - ok 21:11:08.0156 2704 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 21:11:08.0171 2704 Fastfat - ok 21:11:08.0203 2704 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 21:11:08.0203 2704 FastUserSwitchingCompatibility - ok 21:11:08.0218 2704 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe 21:11:08.0218 2704 Fax - ok 21:11:08.0265 2704 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 21:11:08.0265 2704 Fdc - ok 21:11:08.0296 2704 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 21:11:08.0296 2704 Fips - ok 21:11:08.0296 2704 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 21:11:08.0296 2704 Flpydisk - ok 21:11:08.0312 2704 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 21:11:08.0312 2704 FltMgr - ok 21:11:08.0437 2704 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:11:08.0437 2704 FontCache3.0.0.0 - ok 21:11:08.0515 2704 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:11:08.0515 2704 Fs_Rec - ok 21:11:08.0578 2704 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:11:08.0578 2704 Ftdisk - ok 21:11:08.0593 2704 [ 4D52C52101492C450518124C592D8925 ] FwLnk C:\WINDOWS\system32\DRIVERS\FwLnk.sys 21:11:08.0593 2704 FwLnk - ok 21:11:08.0671 2704 [ F0187E45268E86AAAA932CBD9087BEA8 ] GoogleDesktopManager-110309-193829 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 21:11:08.0671 2704 GoogleDesktopManager-110309-193829 - ok 21:11:08.0734 2704 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:11:08.0734 2704 Gpc - ok 21:11:08.0796 2704 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 21:11:08.0796 2704 gupdate - ok 21:11:08.0796 2704 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 21:11:08.0796 2704 gupdatem - ok 21:11:08.0859 2704 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 21:11:08.0859 2704 gusvc - ok 21:11:08.0906 2704 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:11:08.0906 2704 HDAudBus - ok 21:11:09.0000 2704 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:11:09.0000 2704 helpsvc - ok 21:11:09.0046 2704 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll 21:11:09.0046 2704 HidServ - ok 21:11:09.0078 2704 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:11:09.0078 2704 HidUsb - ok 21:11:09.0125 2704 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 21:11:09.0125 2704 hkmsvc - ok 21:11:09.0140 2704 hpn - ok 21:11:09.0171 2704 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 21:11:09.0187 2704 HTTP - ok 21:11:09.0218 2704 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 21:11:09.0218 2704 HTTPFilter - ok 21:11:09.0218 2704 i2omgmt - ok 21:11:09.0218 2704 i2omp - ok 21:11:09.0375 2704 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:11:09.0375 2704 i8042prt - ok 21:11:09.0750 2704 [ F592A1B020723CFBD3D2722514066449 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 21:11:09.0781 2704 ialm - ok 21:11:09.0828 2704 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys 21:11:09.0843 2704 iaStor - ok 21:11:10.0000 2704 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:11:10.0015 2704 idsvc - ok 21:11:10.0062 2704 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 21:11:10.0062 2704 Imapi - ok 21:11:10.0125 2704 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 21:11:10.0125 2704 ImapiService - ok 21:11:10.0140 2704 ini910u - ok 21:11:10.0406 2704 [ FEBB470BF0DE4DBEBBF72B79DF993C5F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 21:11:10.0437 2704 IntcAzAudAddService - ok 21:11:10.0437 2704 IntelIde - ok 21:11:10.0593 2704 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:11:10.0593 2704 intelppm - ok 21:11:10.0593 2704 IO_Memory - ok 21:11:10.0625 2704 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 21:11:10.0625 2704 Ip6Fw - ok 21:11:10.0640 2704 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:11:10.0640 2704 IpFilterDriver - ok 21:11:10.0671 2704 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:11:10.0671 2704 IpInIp - ok 21:11:10.0703 2704 [ 6746B8FD69F7D0907181208616E9CACE ] IpmSecurityAgent1 C:\WINDOWS\System32\Drivers\IpmSecurityAgent1.sys 21:11:10.0703 2704 IpmSecurityAgent1 - ok 21:11:10.0937 2704 [ 550B334B5F6093D718DF9A58DF660E6E ] IpmSecurityAgentService C:\Program Files\Lightspeed Systems\SecurityAgent\SecurityAgent.exe 21:11:10.0937 2704 IpmSecurityAgentService - ok 21:11:10.0968 2704 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:11:10.0968 2704 IpNat - ok 21:11:10.0984 2704 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:11:10.0984 2704 IPSec - ok 21:11:11.0000 2704 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 21:11:11.0000 2704 IRENUM - ok 21:11:11.0046 2704 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:11:11.0046 2704 isapnp - ok 21:11:11.0062 2704 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:11:11.0062 2704 Kbdclass - ok 21:11:11.0093 2704 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 21:11:11.0093 2704 kmixer - ok 21:11:11.0140 2704 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 21:11:11.0156 2704 KSecDD - ok 21:11:11.0203 2704 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll 21:11:11.0203 2704 LanmanServer - ok 21:11:11.0250 2704 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 21:11:11.0250 2704 lanmanworkstation - ok 21:11:11.0265 2704 lbrtfdc - ok 21:11:11.0343 2704 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 21:11:11.0343 2704 LmHosts - ok 21:11:11.0390 2704 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 21:11:11.0390 2704 Messenger - ok 21:11:11.0437 2704 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 21:11:11.0437 2704 mnmdd - ok 21:11:11.0515 2704 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 21:11:11.0515 2704 mnmsrvc - ok 21:11:11.0562 2704 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 21:11:11.0562 2704 Modem - ok 21:11:11.0562 2704 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:11:11.0578 2704 Mouclass - ok 21:11:11.0609 2704 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:11:11.0609 2704 mouhid - ok 21:11:11.0640 2704 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 21:11:11.0640 2704 MountMgr - ok 21:11:11.0640 2704 mraid35x - ok 21:11:11.0671 2704 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:11:11.0671 2704 MRxDAV - ok 21:11:11.0703 2704 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:11:11.0718 2704 MRxSmb - ok 21:11:11.0750 2704 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 21:11:11.0750 2704 MSDTC - ok 21:11:11.0765 2704 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 21:11:11.0765 2704 Msfs - ok 21:11:11.0765 2704 MSIServer - ok 21:11:11.0796 2704 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:11:11.0796 2704 MSKSSRV - ok 21:11:11.0796 2704 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:11:11.0796 2704 MSPCLOCK - ok 21:11:11.0812 2704 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 21:11:11.0812 2704 MSPQM - ok 21:11:11.0828 2704 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:11:11.0828 2704 mssmbios - ok 21:11:11.0843 2704 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 21:11:11.0843 2704 MSTEE - ok 21:11:11.0890 2704 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 21:11:11.0890 2704 Mup - ok 21:11:11.0890 2704 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 21:11:11.0890 2704 NABTSFEC - ok 21:11:11.0937 2704 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 21:11:11.0937 2704 napagent - ok 21:11:11.0968 2704 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 21:11:11.0968 2704 NDIS - ok 21:11:12.0000 2704 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 21:11:12.0000 2704 NdisIP - ok 21:11:12.0046 2704 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:11:12.0046 2704 NdisTapi - ok 21:11:12.0062 2704 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:11:12.0062 2704 Ndisuio - ok 21:11:12.0078 2704 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:11:12.0078 2704 NdisWan - ok 21:11:12.0109 2704 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 21:11:12.0109 2704 NDProxy - ok 21:11:12.0156 2704 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll 21:11:12.0156 2704 Net Driver HPZ12 - ok 21:11:12.0203 2704 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 21:11:12.0203 2704 NetBIOS - ok 21:11:12.0203 2704 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 21:11:12.0203 2704 NetBT - ok 21:11:12.0250 2704 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 21:11:12.0250 2704 NetDDE - ok 21:11:12.0250 2704 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 21:11:12.0265 2704 NetDDEdsdm - ok 21:11:12.0281 2704 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys 21:11:12.0281 2704 Netdevio - ok 21:11:12.0312 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 21:11:12.0312 2704 Netlogon - ok 21:11:12.0359 2704 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 21:11:12.0375 2704 Netman - ok 21:11:12.0421 2704 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:11:12.0421 2704 NetTcpPortSharing - ok 21:11:12.0546 2704 [ 0888844230083CE3B47395102BCA8207 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 21:11:12.0578 2704 NETw5x32 - ok 21:11:12.0609 2704 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 21:11:12.0625 2704 Nla - ok 21:11:12.0656 2704 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 21:11:12.0656 2704 Npfs - ok 21:11:12.0671 2704 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 21:11:12.0671 2704 Ntfs - ok 21:11:12.0687 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 21:11:12.0687 2704 NtLmSsp - ok 21:11:12.0734 2704 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 21:11:12.0734 2704 NtmsSvc - ok 21:11:12.0750 2704 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 21:11:12.0765 2704 Null - ok 21:11:12.0765 2704 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:11:12.0765 2704 NwlnkFlt - ok 21:11:12.0781 2704 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:11:12.0781 2704 NwlnkFwd - ok 21:11:12.0843 2704 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:11:12.0859 2704 odserv - ok 21:11:12.0890 2704 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:11:12.0890 2704 ose - ok 21:11:12.0937 2704 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys 21:11:12.0937 2704 Parport - ok 21:11:12.0953 2704 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 21:11:12.0953 2704 PartMgr - ok 21:11:12.0968 2704 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 21:11:12.0968 2704 ParVdm - ok 21:11:12.0968 2704 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 21:11:12.0968 2704 PCI - ok 21:11:12.0984 2704 PCIDump - ok 21:11:12.0984 2704 PCIIde - ok 21:11:12.0984 2704 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 21:11:12.0984 2704 Pcmcia - ok 21:11:13.0000 2704 PDCOMP - ok 21:11:13.0000 2704 PDFRAME - ok 21:11:13.0000 2704 PDRELI - ok 21:11:13.0015 2704 PDRFRAME - ok 21:11:13.0015 2704 perc2 - ok 21:11:13.0015 2704 perc2hib - ok 21:11:13.0062 2704 [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1 ] pinger C:\TOSHIBA\IVP\ISM\pinger.exe 21:11:13.0062 2704 pinger - ok 21:11:13.0078 2704 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 21:11:13.0078 2704 PlugPlay - ok 21:11:13.0109 2704 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll 21:11:13.0109 2704 Pml Driver HPZ12 - ok 21:11:13.0109 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 21:11:13.0109 2704 PolicyAgent - ok 21:11:13.0156 2704 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:11:13.0156 2704 PptpMiniport - ok 21:11:13.0156 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 21:11:13.0156 2704 ProtectedStorage - ok 21:11:13.0187 2704 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 21:11:13.0187 2704 PSched - ok 21:11:13.0187 2704 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:11:13.0187 2704 Ptilink - ok 21:11:13.0203 2704 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:11:13.0203 2704 PxHelp20 - ok 21:11:13.0203 2704 ql1080 - ok 21:11:13.0203 2704 Ql10wnt - ok 21:11:13.0218 2704 ql12160 - ok 21:11:13.0218 2704 ql1240 - ok 21:11:13.0218 2704 ql1280 - ok 21:11:13.0250 2704 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:11:13.0250 2704 RasAcd - ok 21:11:13.0281 2704 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 21:11:13.0296 2704 RasAuto - ok 21:11:13.0312 2704 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:11:13.0312 2704 Rasl2tp - ok 21:11:13.0359 2704 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 21:11:13.0359 2704 RasMan - ok 21:11:13.0359 2704 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:11:13.0359 2704 RasPppoe - ok 21:11:13.0406 2704 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 21:11:13.0406 2704 Raspti - ok 21:11:13.0421 2704 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:11:13.0421 2704 Rdbss - ok 21:11:13.0437 2704 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:11:13.0437 2704 RDPCDD - ok 21:11:13.0453 2704 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:11:13.0453 2704 rdpdr - ok 21:11:13.0515 2704 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 21:11:13.0515 2704 RDPWD - ok 21:11:13.0562 2704 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 21:11:13.0562 2704 RDSessMgr - ok 21:11:13.0593 2704 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 21:11:13.0593 2704 redbook - ok 21:11:13.0703 2704 [ B33C88DF3588ACF250B87A004526C31A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 21:11:13.0703 2704 RegSrvc - ok 21:11:13.0750 2704 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 21:11:13.0750 2704 RemoteAccess - ok 21:11:13.0796 2704 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 21:11:13.0796 2704 RemoteRegistry - ok 21:11:13.0843 2704 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe 21:11:13.0843 2704 RpcLocator - ok 21:11:13.0875 2704 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll 21:11:13.0875 2704 RpcSs - ok 21:11:13.0921 2704 [ 9145D2B7D0E45329A30AF97E6764E184 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RTS5121.sys 21:11:13.0921 2704 RSUSBSTOR - ok 21:11:13.0937 2704 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 21:11:13.0937 2704 RSVP - ok 21:11:14.0000 2704 [ 7FD98E91896CAD23169A84874F145250 ] RTL8192su C:\WINDOWS\system32\DRIVERS\RTL8192su.sys 21:11:14.0000 2704 RTL8192su - ok 21:11:14.0046 2704 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 21:11:14.0046 2704 RTLE8023xp - ok 21:11:14.0125 2704 [ 76902E80B6A31885F3135C0FBB6EE2D2 ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe 21:11:14.0140 2704 S24EventMonitor - ok 21:11:14.0156 2704 [ 2BC0B847CBCFE62A79B18CE0B440334D ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys 21:11:14.0156 2704 s24trans - ok 21:11:14.0203 2704 [ 4DB7D284EBDCF2A18FBD013C0E20E4B9 ] SAFsFilter C:\WINDOWS\system32\DRIVERS\SAFsFilter.sys 21:11:14.0203 2704 SAFsFilter - ok 21:11:14.0218 2704 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 21:11:14.0218 2704 SamSs - ok 21:11:14.0250 2704 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 21:11:14.0250 2704 SCardSvr - ok 21:11:14.0281 2704 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 21:11:14.0281 2704 Schedule - ok 21:11:14.0312 2704 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:11:14.0312 2704 Secdrv - ok 21:11:14.0343 2704 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 21:11:14.0343 2704 seclogon - ok 21:11:14.0343 2704 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 21:11:14.0343 2704 SENS - ok 21:11:14.0375 2704 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys 21:11:14.0375 2704 Serial - ok 21:11:14.0406 2704 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 21:11:14.0406 2704 Sfloppy - ok 21:11:14.0453 2704 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 21:11:14.0453 2704 SharedAccess - ok 21:11:14.0468 2704 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 21:11:14.0468 2704 ShellHWDetection - ok 21:11:14.0468 2704 Simbad - ok 21:11:14.0500 2704 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 21:11:14.0500 2704 SLIP - ok 21:11:14.0500 2704 Sparrow - ok 21:11:14.0531 2704 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 21:11:14.0531 2704 splitter - ok 21:11:14.0578 2704 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 21:11:14.0578 2704 Spooler - ok 21:11:14.0640 2704 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 21:11:14.0640 2704 sr - ok 21:11:14.0671 2704 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 21:11:14.0671 2704 srservice - ok 21:11:14.0703 2704 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 21:11:14.0703 2704 Srv - ok 21:11:14.0734 2704 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 21:11:14.0734 2704 SSDPSRV - ok 21:11:14.0781 2704 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 21:11:14.0796 2704 stisvc - ok 21:11:14.0859 2704 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 21:11:14.0859 2704 streamip - ok 21:11:14.0859 2704 SVRPEDRV - ok 21:11:14.0875 2704 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 21:11:14.0875 2704 swenum - ok 21:11:14.0890 2704 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 21:11:14.0890 2704 swmidi - ok 21:11:14.0890 2704 SwPrv - ok 21:11:14.0953 2704 [ 4A5BB3E94B31063718228187CEAB619E ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe 21:11:14.0953 2704 Swupdtmr - ok 21:11:14.0968 2704 symc810 - ok 21:11:14.0968 2704 symc8xx - ok 21:11:14.0968 2704 SymIM - ok 21:11:14.0984 2704 SymIMMP - ok 21:11:14.0984 2704 sym_hi - ok 21:11:14.0984 2704 sym_u3 - ok 21:11:15.0031 2704 [ D7B9AD3ABD0F7F9F694D71F38B5C7B72 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 21:11:15.0031 2704 SynTP - ok 21:11:15.0062 2704 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 21:11:15.0078 2704 sysaudio - ok 21:11:15.0109 2704 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 21:11:15.0109 2704 SysmonLog - ok 21:11:15.0140 2704 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 21:11:15.0140 2704 TapiSrv - ok 21:11:15.0171 2704 [ F01D70C9DCCA4C1B6ED794B0DDD1AE8F ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe 21:11:15.0171 2704 TAPPSRV - ok 21:11:15.0187 2704 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:11:15.0187 2704 Tcpip - ok 21:11:15.0234 2704 [ 2F8BFBDB5824C71F672779B4B8CF8B01 ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys 21:11:15.0234 2704 tdcmdpst - ok 21:11:15.0390 2704 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 21:11:15.0390 2704 TDPIPE - ok 21:11:15.0406 2704 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 21:11:15.0406 2704 TDTCP - ok 21:11:15.0578 2704 [ F56A9327C58FF985616C5E197472932C ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys 21:11:15.0578 2704 tdudf - ok 21:11:15.0609 2704 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 21:11:15.0625 2704 TermDD - ok 21:11:15.0671 2704 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 21:11:15.0671 2704 TermService - ok 21:11:15.0703 2704 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 21:11:15.0703 2704 Themes - ok 21:11:15.0734 2704 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 21:11:15.0734 2704 TlntSvr - ok 21:11:15.0765 2704 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe 21:11:15.0765 2704 TODDSrv - ok 21:11:15.0765 2704 TosIde - ok 21:11:15.0765 2704 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 21:11:15.0781 2704 TrkWks - ok 21:11:15.0812 2704 [ 3F9BA8878AA26D0831116733F9BC53FF ] trudf C:\WINDOWS\system32\DRIVERS\trudf.sys 21:11:15.0812 2704 trudf - ok 21:11:15.0812 2704 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 21:11:15.0812 2704 Udfs - ok 21:11:15.0828 2704 ultra - ok 21:11:15.0859 2704 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe 21:11:15.0859 2704 UMWdf - ok 21:11:15.0890 2704 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 21:11:15.0890 2704 Update - ok 21:11:15.0937 2704 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 21:11:15.0937 2704 upnphost - ok 21:11:15.0953 2704 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 21:11:15.0953 2704 UPS - ok 21:11:16.0000 2704 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:11:16.0000 2704 usbccgp - ok 21:11:16.0015 2704 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:11:16.0015 2704 usbehci - ok 21:11:16.0015 2704 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:11:16.0031 2704 usbhub - ok 21:11:16.0062 2704 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 21:11:16.0062 2704 usbprint - ok 21:11:16.0078 2704 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:11:16.0078 2704 usbscan - ok 21:11:16.0093 2704 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:11:16.0093 2704 usbstor - ok 21:11:16.0125 2704 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:11:16.0125 2704 usbuhci - ok 21:11:16.0187 2704 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys 21:11:16.0187 2704 usbvideo - ok 21:11:16.0218 2704 [ 8C5094A8AB24DE7496C7C19942F2DF04 ] UVCFTR C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS 21:11:16.0218 2704 UVCFTR - ok 21:11:16.0234 2704 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 21:11:16.0234 2704 VgaSave - ok 21:11:16.0234 2704 ViaIde - ok 21:11:16.0281 2704 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 21:11:16.0281 2704 VolSnap - ok 21:11:16.0312 2704 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 21:11:16.0328 2704 VSS - ok 21:11:16.0343 2704 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 21:11:16.0343 2704 W32Time - ok 21:11:16.0390 2704 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:11:16.0390 2704 Wanarp - ok 21:11:16.0390 2704 WDICA - ok 21:11:16.0421 2704 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 21:11:16.0421 2704 wdmaud - ok 21:11:16.0468 2704 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 21:11:16.0468 2704 WebClient - ok 21:11:16.0531 2704 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 21:11:16.0531 2704 winmgmt - ok 21:11:16.0578 2704 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 21:11:16.0578 2704 WmdmPmSN - ok 21:11:16.0625 2704 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll 21:11:16.0640 2704 Wmi - ok 21:11:16.0687 2704 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:11:16.0687 2704 WmiApSrv - ok 21:11:16.0765 2704 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:11:16.0765 2704 WS2IFSL - ok 21:11:16.0781 2704 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 21:11:16.0781 2704 wscsvc - ok 21:11:16.0781 2704 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 21:11:16.0781 2704 WSTCODEC - ok 21:11:16.0812 2704 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 21:11:16.0812 2704 wuauserv - ok 21:11:16.0843 2704 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 21:11:16.0843 2704 WZCSVC - ok 21:11:16.0875 2704 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 21:11:16.0875 2704 xmlprov - ok 21:11:16.0890 2704 ================ Scan global =============================== 21:11:16.0921 2704 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 21:11:16.0937 2704 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll 21:11:16.0953 2704 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll 21:11:16.0968 2704 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 21:11:16.0968 2704 [Global] - ok 21:11:16.0968 2704 ================ Scan MBR ================================== 21:11:17.0078 2704 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0 21:11:17.0250 2704 \Device\Harddisk0\DR0 - ok 21:11:17.0250 2704 ================ Scan VBR ================================== 21:11:17.0250 2704 [ 91FA2C0EC96AD771E3FB8F9DF886FB85 ] \Device\Harddisk0\DR0\Partition1 21:11:17.0265 2704 \Device\Harddisk0\DR0\Partition1 - ok 21:11:17.0265 2704 ============================================================ 21:11:17.0265 2704 Scan finished 21:11:17.0265 2704 ============================================================ 21:11:17.0265 2292 Detected object count: 0 21:11:17.0265 2292 Actual detected object count: 0 Combofix ComboFix 13-05-27.02 - Administrator 05/27/2013 21:31:16.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1916.1290 [GMT -5:00] Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe AV: Lightspeed Systems Security Agent 8.02.08 *Disabled/Updated* {983E71A4-EDBC-4776-A28B-07BCBC8D6457} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\ijaiw.pad c:\documents and settings\All Users\Application Data\rundll32.exe c:\windows\system32\drivers\FileIntegrity.bak1 c:\windows\system32\drivers\FileIntegrity.bak2 c:\windows\system32\URTTemp c:\windows\system32\URTTemp\exploder.exe c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\URTTemp\URTCore.cab c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 ))))))))))))))))))))))))))))))) . . 2013-05-28 02:15 . 2013-05-28 02:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-05-28 02:14 . 2013-05-28 02:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-05-28 01:14 . 2013-05-28 01:14 -------- d-----w- c:\program files\ESET 2013-05-27 18:29 . 2013-05-27 19:39 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-05-27 17:16 . 2013-05-27 17:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2013-05-24 17:02 . 2013-05-24 17:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc 2013-05-24 16:59 . 2013-05-24 16:59 -------- d-----w- c:\program files\VideoLAN 2013-05-24 15:57 . 2013-05-24 15:57 -------- d-----w- c:\program files\Xenocode 2013-05-24 15:54 . 2013-05-24 15:54 -------- d-----w- c:\program files\7-Zip 2013-05-24 15:41 . 2013-05-24 15:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2013-05-22 18:09 . 2013-05-22 18:10 -------- d-----w- c:\documents and settings\didandona 2013-05-22 16:13 . 2013-05-27 20:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\U3 2013-05-22 15:32 . 2008-04-14 05:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2013-05-22 15:32 . 2008-04-14 05:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2013-05-22 15:30 . 2013-05-22 15:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP 2013-05-22 15:10 . 2008-04-14 05:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys 2013-05-22 15:10 . 2008-04-14 05:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys 2013-05-16 18:26 . 2013-05-16 18:27 -------- d-----w- c:\documents and settings\spstocks 2013-05-15 18:56 . 2013-05-15 18:56 -------- d-sh--w- c:\documents and settings\brpacheco\PrivacIE 2013-05-15 18:56 . 2013-05-15 18:56 -------- d-sh--w- c:\documents and settings\brpacheco\IETldCache 2013-05-13 18:44 . 2013-05-13 18:44 -------- d-----w- c:\documents and settings\hahenrichson\Local Settings\Application Data\Adobe 2013-05-13 14:49 . 2013-05-13 14:50 -------- d-----w- c:\documents and settings\brtrevino 2013-05-09 18:06 . 2013-05-09 18:06 -------- d-sh--w- c:\documents and settings\hahenrichson\PrivacIE 2013-05-02 17:55 . 2013-05-02 17:56 -------- d-----w- c:\documents and settings\leperez 2013-04-30 18:11 . 2013-05-01 18:50 -------- d-----w- c:\documents and settings\liaguilar . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-19 17:06 . 2013-04-19 17:06 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2013-04-19 17:06 . 2013-04-19 17:06 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe 2013-03-08 08:36 . 2008-09-11 20:42 293376 ----a-w- c:\windows\system32\winsrv.dll 2013-03-07 01:32 . 2008-09-11 20:42 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-07 00:50 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-02 02:06 . 2008-09-11 20:42 916480 ----a-w- c:\windows\system32\wininet.dll 2013-03-02 02:06 . 2008-09-11 20:42 43520 ------w- c:\windows\system32\licmgr10.dll 2013-03-02 02:06 . 2008-09-11 20:42 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-03-02 01:25 . 2008-09-11 20:42 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-03-02 01:08 . 2008-09-11 20:42 385024 ------w- c:\windows\system32\html.iec 2013-02-27 07:56 . 2008-09-11 20:32 2067456 ----a-w- c:\windows\system32\mstscax.dll 2012-03-13 04:39 . 2012-03-13 04:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-19 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe -NoClient" [X] "NDSTray.exe"="NDSTray.exe" [bU] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-08-30 360448] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744] "RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-03 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-03 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-03 141848] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1024000] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936] "TPSMain"="TPSMain.exe" [2007-10-08 262144] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-08 30192] "SecurityAgentTray"="c:\program files\Lightspeed Systems\SecurityAgent\satray.exe" [2013-02-15 183096] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] "DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2011-05-13 276864] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ regmonstd.lnk - c:\windows\system32\rundll32.exe [2008-9-11 33280] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ INTELLINET Wireless Utility.lnk - c:\program files\INTELLINET\11n USB Wireless LAN Utility\RtWLan.exe [2013-4-19 991232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MRCNotify] 2011-05-13 20:06 53632 ----a-w- c:\windows\dwrcs\DWRCWXL.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-1288\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-1288\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-1288\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-4945\Scripts\Logon\0\0] "Script"=\\nisdds\TechTools\Scripts\NHSYB.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-4948\Scripts\Logon\0\0] "Script"=\\nhsds\scripts\WebMastering.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-4969\Scripts\Logon\0\0] "Script"=\\nisdds\TechTools\Scripts\NHSYB.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-4994\Scripts\Logon\0\0] "Script"=\\nisdds\TechTools\Scripts\NHSYB.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-4996\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-4996\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-4996\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-6729\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-6729\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-6729\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-6874\Scripts\Logon\0\0] "Script"=\\nhsds\scripts\NHSYB.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7069\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7069\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7069\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7076\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7076\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7076\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7082\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7082\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7082\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7087\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7087\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7087\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7099\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7099\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7099\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7102\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7102\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7102\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7119\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7119\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7119\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8246\Scripts\Logon\0\0] "Script"=\\nhsds\scripts\WebMastering.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8273\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8273\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8273\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8471\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8471\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8471\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8656\Scripts\Logon\0\0] "Script"=\\nisdds\TechTools\Scripts\NHSYB.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8661\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8661\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8661\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8665\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8665\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8665\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8668\Scripts\Logon\0\0] "Script"=\\nisdds\TechDocs\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8678\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8678\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8678\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8686\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8686\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8686\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8688\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8688\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8688\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8691\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8691\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8691\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8697\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8697\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8697\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8698\Scripts\Logon\0\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8698\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8698\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-9269\Scripts\Logon\0\0] "Script"=\\nisdds\TechTools\Scripts\NHSYB.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-9496\Scripts\Logon\0\0] "Script"=\\nhsds\scripts\NHSYB.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-9496\Scripts\Logon\1\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-9496\Scripts\Logon\2\0] "Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-9496\Scripts\Logon\3\0] "Script"=\\Nisdds\TechTools\Scripts\firewall.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1305:TCP"= 1305:TCP:Lightspeed Security Agent (TCP) "1304:TCP"= 1304:TCP:Lightspeed Security Agent (TCP1304) "1305:UDP"= 1305:UDP:Lightspeed Security Agent (UDP) "6129:TCP"= 6129:TCP:DameWare Mini Remote Control Service "6129:UDP"= 6129:UDP:DameWare Mini Remote Control Service . R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [3/13/2008 26624] R1 IpmSecurityAgent1;Security Agent Filter Driver;c:\windows\system32\drivers\IpmSecurityAgent1.sys [10/28/2011 10:53 AM 40512] R1 SAFsFilter;SAFsFilter;c:\windows\system32\drivers\SAFsFilter.sys [10/28/2011 10:53 AM 183872] R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.355.0\BBSvc.EXE [1/25/2012 3:23 PM 192792] R2 IpmSecurityAgentService;Security Agent Service;c:\program files\Lightspeed Systems\SecurityAgent\SecurityAgent.exe [6/9/2011 10:50 AM 689464] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 2:22 PM 105856] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 2:15 PM 134016] R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [3/14/2008 2:00 AM 3712] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [9/11/2008 4:10 PM 5888] R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [9/11/2008 4:06 PM 154624] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE [1/25/2012 3:23 PM 240408] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/12/2008 4:40 PM 30192] S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?] S3 RTL8192su;INTELLINET 300Mbps Wireless 802.11n USB Adapter;c:\windows\system32\drivers\RTL8192su.sys [4/19/2013 12:02 PM 606056] S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\UP_date\PEDrv.sys --> c:\sysprep\UP_date\PEDrv.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-24 15:58 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-22 c:\windows\Tasks\At1.job - c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2012-10-17 09:15] . 2013-05-22 c:\windows\Tasks\At2.job - c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2012-10-17 09:15] . 2013-05-22 c:\windows\Tasks\At3.job - c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2012-10-17 09:15] . 2013-05-22 c:\windows\Tasks\At4.job - c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2012-10-17 09:15] . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 14:47] . 2013-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 14:47] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.toshibadirect.com/dpdstart IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nfjuvng2.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-05-27 14:23; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nfjuvng2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-27 22:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2613391608-432973890-1740122293-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,9e,a1,5c,ad,a7,a4,43,8e,2f,79,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,9e,a1,5c,ad,a7,a4,43,8e,2f,79,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(952) c:\windows\dwrcs\DWRCWXL.dll . - - - - - - - > 'explorer.exe'(2476) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\windows\system32\agrsmsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\dwrcs\DWRCS.EXE c:\program files\Intel\WiFi\bin\EvtEng.exe c:\toshiba\IVP\ISM\pinger.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\windows\system32\TODDSrv.exe c:\windows\system32\wdfmgr.exe c:\program files\Lightspeed Systems\SecurityAgent\SAAlert.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\windows\system32\TPSMain.exe c:\program files\TOSHIBA\ConfigFree\CFSServ.exe c:\windows\system32\TPSBattM.exe c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe c:\windows\system32\wbem\unsecapp.exe . ************************************************************************** . Completion time: 2013-05-27 22:17:31 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-28 03:17 . Pre-Run: 215,430,840,320 bytes free Post-Run: 217,871,458,304 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 00C5B0D09C4E7B78B2D9DCD308043569 Check up Results of screen317's Security Check version 0.99.64 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! Please wait while WMIC is being installed.d i s p l a y N a m e ECHO is off. L i g h t s p e d ECHO is off. S y s t e m s ECHO is off. S e c u r i t y ECHO is off. A g e n t ECHO is off. 8 . 0 2 . 0 8 ECHO is off. Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 6 Java version out of Date! Adobe Flash Player 9 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (en-US). Firefox out of Date! Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` ESET NOD Online scanner ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=24c3df31d89b6e4695906c8fe43fb8f6 # engine=13933 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-28 02:06:06 # local_time=2013-05-27 09:06:06 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=150471 # found=2 # cleaned=2 # scan_time=2760 sh=C02423884B82F50565A8AA2BE8F974E821760F18 ft=0 fh=0000000000000000 vn="Eicar test file (cleaned by deleting - quarantined)" ac=C fn="C:\ComboFix\N_\Av-test.txt" sh=C02423884B82F50565A8AA2BE8F974E821760F18 ft=0 fh=0000000000000000 vn="Eicar test file (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Administrator\Local Settings\Temp\Av-test.txt"
  4. ok, i ran the software and it cleared the malware. i will now run some additional programs such as malware bytes and combofix to be sure my computer is rid of the infection. thanks a ton !
  5. hello, i am infected with FBI computer crime and intellectual property section ransomware. i am unable to boot into safe mode of any kind. i Am running windows xp and i have two laptops an infected one and a clean one. i have tried hitman pro kickstart but it wont pop up. please help, f6e9a
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.