Jump to content

grogger

Honorary Members
 View Profile  See their activity

  • Posts

    23

  • Joined

  • Last visited

 Content Type 

Everything posted by grogger

  1. grogger
    Still here. I don't have a restore point on this computer from before this started happening. Not sure why, but I don't.
  2. grogger
    OK. So it ran, an asked for the CD. I put one in and it finished running. Rebooted, and still having the same problem.
  3. grogger
    Here it is. Keep in mind I ran this under safe mode as that is the only way to get it to run. Also keep in mind that I don't have a problem deleting and renaming files while in Safe Mode. Here is the latest ComboFix Log file. ComboFix_log.txt
  4. grogger
    So I got the SeaTools for DOS ISO downloaded on another compuiter and was able to boot off that ISO and run off that. SeaTools showed the hard drive as passed all tests.
  5. grogger
    I'm still here with you. I have been very busy away from this. However, I am having problems downloading the Seagate tools and installing them. The drop down boxes on the Seagate website don't work with IE right, and the Google Chrome won't download the file. It keeps saying interrupted. I will keep trying. Let me know if you have any other ideas in the meantime.
  6. grogger
    I looked up the model number that appears in Device Manager, and it appears to be a Seagate (ST980813ASG). The computer is a Dell Latitude D630 laptop.
  7. grogger
    Yes. I checked the actual file properties and security settings. They are not set to read-only, and the actual file permissions are set to Full Control.
  8. grogger
    Any type of file. All the files that you have had me save to my desktop, I can't delete. That means Office Docs, text files, .exe files. ANy file that gets created anywhere on the machine, I can't rename or delete them unless I am working in Safe Mode. In Safe Mode there does not appear to be any problems working with files. However, if I open a command prompt, and use command line, I can delete files, but I still can't rename them. The user is a local administrator (You can see that from the SystemLook output also). I checked file level security permissions, and the permissions on the files are Full-Control. The error I get is Access Denied: The file is not currently in use, and the disk is not full. I assume this means we haven't found any malware, and we are now wondering what the problem is. Thanks again for all your help!
  9. grogger
    SystemLook.txt: SystemLook 30.07.11 by jpshortstuff Log created at 23:05 on 31/05/2012 by Nancy Administrator - Elevation successful ========== regfind ========== Searching for "20D04FE0-3AEA-1069-A2D8-08002B30309D" [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{20D04FE0-3AEA-1069-A2D8-08002B30309D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\17] "ShellExecute"="::{20D04FE0-3AEA-1069-A2D8-08002B30309D}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Policy\{20D04FE0-3AEA-1069-A2D8-08002B30309D}] [HKEY_USERS\S-1-5-21-3611719831-1192953567-205520213-1005\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{20D04FE0-3AEA-1069-A2D8-08002B30309D}] -= EOF =-
  10. grogger
    Here is the RogueKiller log: RogueKiller V7.5.2 [05/30/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Normal mode User: Nancy [Admin rights] Mode: Scan -- Date: 05/31/2012 20:15:27 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 1 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST980813ASG +++++ --- User --- [MBR] 0d20519f4697fe02675d1961fb932b3e [bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76245 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  11. grogger
    Still nothing. DO you think this sounds like malware or just something else wrong with the computer? Here is the log from the ESET Scanner: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=b6c3c05e36e5b3419d25c9cd19b0d8c9 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-31 12:26:09 # local_time=2012-05-31 08:26:09 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=770 16774141 100 95 0 114250223 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=55151 # found=0 # cleaned=0 # scan_time=1618
  12. grogger
    Here is the log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.30.07 Windows XP Service Pack 2 x86 NTFS Internet Explorer 7.0.5730.13 Nancy :: JACK [administrator] 5/30/2012 11:50:32 PM mbam-log-2012-05-30 (23-50-32).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 251147 Time elapsed: 1 hour(s), 14 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. grogger
    Just found one other interesting bit of information. If I open a command prompt, I can delete and rename files through Command line.
  14. grogger
    Here is the log file. AVPT.zip
  15. grogger
    Not having a whole lot of luck. Didn't really find anything. I'm assuming this is some kind of malware. I can create files without problems, but I still can not delete or rename a file unless I reboot into safe mode. I am having to do all these scans and runs in safe-mode, because they are not working otherwise. Not sure if that is causing it not to find anything. The file is too big, so I need to .zip it. BUt I have to reboot in safe mode to be able to create the zip file. WIll upload shortly.
  16. grogger
    Re-downloaded combo fix again and re-ran. Still looks the same. Any ideas? ComboFix.txt
  17. grogger
    Ran again, but appears to be the same result. I had to run it in Safe Mode as that is the only way it still runs at all. ComboFix.txt
  18. grogger
    unfortunately...That was all that was in the log the second time I ran it. Let me run it again.
  19. grogger
    Console installed. . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(664) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . - - - - - - - > 'explorer.exe'(1144) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2012-05-30 11:35:34 ComboFix-quarantined-files.txt 2012-05-30 15:35 ComboFix2.txt 2012-05-30 03:24 . Pre-Run: 51,183,951,872 bytes free Post-Run: 51,173,834,752 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 7550DBBBFDF72101EABD3C2054FAFB48
  20. grogger
    Only way ComboFix would run was under Safe Mode: Resulting Log: ComboFix 12-05-29.01 - Nancy 05/29/2012 23:07:11.1.2 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.818 [GMT -4:00] Running from: c:\documents and settings\Nancy\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\SET2C.tmp c:\windows\system32\SET30.tmp c:\windows\system32\SET38.tmp c:\windows\system32\SET41.tmp c:\windows\system32\SET42.tmp c:\windows\system32\SET43.tmp c:\windows\system32\SET46.tmp c:\windows\system32\test . . ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 ))))))))))))))))))))))))))))))) . . 2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\documents and settings\Nancy\Application Data\Malwarebytes 2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-29 02:23 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-12 02:36 . 2012-05-12 02:36 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\Identities . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-30 03:21 . 2008-03-06 02:15 0 ----a-w- c:\documents and settings\Nancy\Local Settings\Application Data\WavXMapDrive.bat 2012-03-06 23:15 . 2010-11-29 13:49 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:15 . 2008-03-06 03:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-06 23:03 . 2011-06-17 20:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-06 23:03 . 2009-03-04 01:51 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-06 23:02 . 2008-03-06 03:15 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-06 23:01 . 2008-03-06 03:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-06 23:01 . 2008-03-06 03:15 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-03-06 23:01 . 2008-03-06 03:15 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-03-06 23:01 . 2009-03-04 01:51 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-06 22:58 . 2008-03-06 03:15 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-26 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848] "WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160] "SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992] "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2008-10-15 45936] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-05 30192] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920] "Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-25 50688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe] 2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/17/2011 4:20 PM 612184] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/3/2009 9:51 PM 337880] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2009 9:51 PM 20696] R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120] R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:31 PM 135664] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/25/2008 11:27 PM 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:31 PM 135664] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . 2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:31] . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080226 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-29 23:21 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(804) c:\windows\system32\wvauth.dll c:\windows\system32\biolsp.dll . - - - - - - - > 'explorer.exe'(3400) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\System32\SCardSvr.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Dell\QuickSet\NICCONFIGSVC.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\system32\StacSV.exe c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\system32\msdtc.exe c:\windows\system32\igfxsrvc.exe c:\program files\Apoint\ApMsgFwd.exe c:\program files\Apoint\HidFind.exe c:\program files\Apoint\Apntex.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************** . Completion time: 2012-05-29 23:24:58 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-30 03:24 . Pre-Run: 47,439,638,528 bytes free Post-Run: 50,159,915,008 bytes free . - - End Of File - - 1B2438080F31E7F061E98FA0CC02A746
  21. grogger
    ComboFix did not run successfully. A command window opened, witha message the "c.bat is not recognized as an internal or external command, operable program or batch file." The only file in the C:\ComboFix Directory is a file CF10655.3XE Security Check checkup.txt: Results of screen317's Security Check version 0.99.41 Windows XP Service Pack 2 x86 Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Please wait while WMIC is being installed.d i s p l a y N a m e ECHO is off. a v a s t ! ECHO is off. A n t i v i r u s ECHO is off. Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Adobe Flash Player 10 Flash Player out of date! Google Chrome 18.0.1025.168 Google Chrome 19.0.1084.52 ````````Process Check: objlist.exe by Laurent```````` Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! ````````````````````End of Log``````````````````````
  22. grogger
    TDSKiller didn't find anything. Working on the next steps. Here is teh TDSKiller log: 22:42:25.0062 1504 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31 22:42:25.0734 1504 ============================================================ 22:42:25.0734 1504 Current date / time: 2012/05/29 22:42:25.0734 22:42:25.0734 1504 SystemInfo: 22:42:25.0734 1504 22:42:25.0734 1504 OS Version: 5.1.2600 ServicePack: 2.0 22:42:25.0734 1504 Product type: Workstation 22:42:25.0734 1504 ComputerName: JACK 22:42:25.0734 1504 UserName: Nancy 22:42:25.0734 1504 Windows directory: C:\WINDOWS 22:42:25.0734 1504 System windows directory: C:\WINDOWS 22:42:25.0734 1504 Processor architecture: Intel x86 22:42:25.0734 1504 Number of processors: 2 22:42:25.0734 1504 Page size: 0x1000 22:42:25.0734 1504 Boot type: Normal boot 22:42:25.0734 1504 ============================================================ 22:42:28.0015 1504 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 22:42:28.0031 1504 ============================================================ 22:42:28.0031 1504 \Device\Harddisk0\DR0: 22:42:28.0031 1504 MBR partitions: 22:42:28.0031 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x94EAFF8 22:42:28.0031 1504 ============================================================ 22:42:28.0093 1504 C: <-> \Device\Harddisk0\DR0\Partition0 22:42:28.0093 1504 ============================================================ 22:42:28.0093 1504 Initialize success 22:42:28.0093 1504 ============================================================ 22:42:46.0546 4064 ============================================================ 22:42:46.0546 4064 Scan started 22:42:46.0546 4064 Mode: Manual; 22:42:46.0546 4064 ============================================================ 22:42:47.0546 4064 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys 22:42:47.0562 4064 Aavmker4 - ok 22:42:47.0562 4064 Abiosdsk - ok 22:42:47.0609 4064 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 22:42:47.0609 4064 abp480n5 - ok 22:42:47.0640 4064 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:42:47.0640 4064 ACPI - ok 22:42:47.0671 4064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:42:47.0671 4064 ACPIEC - ok 22:42:47.0687 4064 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 22:42:47.0687 4064 adpu160m - ok 22:42:47.0734 4064 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 22:42:47.0750 4064 aec - ok 22:42:47.0781 4064 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys 22:42:47.0781 4064 AegisP - ok 22:42:47.0843 4064 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 22:42:47.0843 4064 AFD - ok 22:42:47.0875 4064 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys 22:42:47.0875 4064 agp440 - ok 22:42:47.0906 4064 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 22:42:47.0906 4064 agpCPQ - ok 22:42:47.0921 4064 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 22:42:47.0921 4064 Aha154x - ok 22:42:47.0937 4064 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 22:42:47.0953 4064 aic78u2 - ok 22:42:47.0968 4064 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 22:42:47.0968 4064 aic78xx - ok 22:42:48.0000 4064 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll 22:42:48.0000 4064 Alerter - ok 22:42:48.0031 4064 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe 22:42:48.0031 4064 ALG - ok 22:42:48.0062 4064 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 22:42:48.0062 4064 AliIde - ok 22:42:48.0078 4064 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys 22:42:48.0078 4064 alim1541 - ok 22:42:48.0109 4064 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys 22:42:48.0109 4064 amdagp - ok 22:42:48.0125 4064 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 22:42:48.0125 4064 amsint - ok 22:42:48.0156 4064 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 22:42:48.0171 4064 ApfiltrService - ok 22:42:48.0203 4064 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 22:42:48.0203 4064 APPDRV - ok 22:42:48.0406 4064 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:42:48.0406 4064 Apple Mobile Device - ok 22:42:48.0453 4064 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll 22:42:48.0453 4064 AppMgmt - ok 22:42:48.0500 4064 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 22:42:48.0500 4064 Arp1394 - ok 22:42:48.0593 4064 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 22:42:48.0609 4064 asc - ok 22:42:48.0640 4064 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 22:42:48.0640 4064 asc3350p - ok 22:42:48.0671 4064 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 22:42:48.0671 4064 asc3550 - ok 22:42:48.0718 4064 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe 22:42:48.0718 4064 ASFIPmon - ok 22:42:48.0828 4064 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 22:42:48.0828 4064 aspnet_state - ok 22:42:48.0859 4064 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys 22:42:48.0859 4064 aswFsBlk - ok 22:42:48.0890 4064 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys 22:42:48.0890 4064 aswMon2 - ok 22:42:48.0921 4064 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys 22:42:48.0921 4064 aswRdr - ok 22:42:48.0968 4064 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys 22:42:49.0000 4064 aswSnx - ok 22:42:49.0015 4064 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys 22:42:49.0031 4064 aswSP - ok 22:42:49.0046 4064 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys 22:42:49.0062 4064 aswTdi - ok 22:42:49.0078 4064 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:42:49.0078 4064 AsyncMac - ok 22:42:49.0093 4064 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:42:49.0093 4064 atapi - ok 22:42:49.0093 4064 Atdisk - ok 22:42:49.0125 4064 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:42:49.0125 4064 Atmarpc - ok 22:42:49.0156 4064 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll 22:42:49.0156 4064 AudioSrv - ok 22:42:49.0187 4064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:42:49.0203 4064 audstub - ok 22:42:49.0312 4064 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 22:42:49.0328 4064 avast! Antivirus - ok 22:42:49.0375 4064 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 22:42:49.0375 4064 b57w2k - ok 22:42:49.0406 4064 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys 22:42:49.0406 4064 BASFND - ok 22:42:49.0437 4064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:42:49.0437 4064 Beep - ok 22:42:49.0500 4064 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll 22:42:49.0562 4064 BITS - ok 22:42:49.0671 4064 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 22:42:49.0703 4064 Bonjour Service - ok 22:42:49.0734 4064 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll 22:42:49.0750 4064 Browser - ok 22:42:49.0781 4064 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 22:42:49.0781 4064 cbidf - ok 22:42:49.0781 4064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:42:49.0781 4064 cbidf2k - ok 22:42:49.0828 4064 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 22:42:49.0828 4064 cd20xrnt - ok 22:42:49.0843 4064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:42:49.0859 4064 Cdaudio - ok 22:42:49.0859 4064 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 22:42:49.0859 4064 Cdfs - ok 22:42:49.0875 4064 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:42:49.0875 4064 Cdrom - ok 22:42:49.0890 4064 Changer - ok 22:42:49.0921 4064 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe 22:42:49.0921 4064 CiSvc - ok 22:42:49.0921 4064 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe 22:42:49.0921 4064 ClipSrv - ok 22:42:50.0015 4064 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:42:50.0015 4064 clr_optimization_v2.0.50727_32 - ok 22:42:50.0015 4064 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 22:42:50.0015 4064 CmBatt - ok 22:42:50.0046 4064 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 22:42:50.0046 4064 CmdIde - ok 22:42:50.0046 4064 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys 22:42:50.0046 4064 Compbatt - ok 22:42:50.0062 4064 COMSysApp - ok 22:42:50.0078 4064 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 22:42:50.0078 4064 Cpqarray - ok 22:42:50.0109 4064 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll 22:42:50.0125 4064 CryptSvc - ok 22:42:50.0156 4064 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 22:42:50.0171 4064 dac2w2k - ok 22:42:50.0187 4064 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 22:42:50.0187 4064 dac960nt - ok 22:42:50.0250 4064 DcomLaunch (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll 22:42:50.0281 4064 DcomLaunch - ok 22:42:50.0312 4064 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll 22:42:50.0328 4064 Dhcp - ok 22:42:50.0375 4064 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 22:42:50.0375 4064 Disk - ok 22:42:50.0375 4064 dmadmin - ok 22:42:50.0468 4064 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 22:42:50.0515 4064 dmboot - ok 22:42:50.0531 4064 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 22:42:50.0546 4064 dmio - ok 22:42:50.0562 4064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:42:50.0578 4064 dmload - ok 22:42:50.0609 4064 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll 22:42:50.0609 4064 dmserver - ok 22:42:50.0671 4064 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 22:42:50.0671 4064 DMusic - ok 22:42:50.0703 4064 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll 22:42:50.0718 4064 Dnscache - ok 22:42:50.0734 4064 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 22:42:50.0734 4064 dpti2o - ok 22:42:50.0765 4064 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 22:42:50.0765 4064 drmkaud - ok 22:42:50.0781 4064 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys 22:42:50.0796 4064 DXEC01 - ok 22:42:50.0828 4064 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 22:42:50.0843 4064 E100B - ok 22:42:50.0875 4064 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll 22:42:50.0890 4064 ERSvc - ok 22:42:50.0921 4064 Eventlog (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe 22:42:50.0953 4064 Eventlog - ok 22:42:51.0000 4064 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll 22:42:51.0015 4064 EventSystem - ok 22:42:51.0125 4064 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 22:42:51.0156 4064 EvtEng - ok 22:42:51.0203 4064 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 22:42:51.0218 4064 Fastfat - ok 22:42:51.0265 4064 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll 22:42:51.0296 4064 FastUserSwitchingCompatibility - ok 22:42:51.0359 4064 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe 22:42:51.0390 4064 Fax - ok 22:42:51.0406 4064 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:42:51.0421 4064 Fdc - ok 22:42:51.0453 4064 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 22:42:51.0453 4064 Fips - ok 22:42:51.0562 4064 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 22:42:51.0625 4064 FLEXnet Licensing Service - ok 22:42:51.0640 4064 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:42:51.0656 4064 Flpydisk - ok 22:42:51.0687 4064 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 22:42:51.0703 4064 FltMgr - ok 22:42:51.0781 4064 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 22:42:51.0781 4064 FontCache3.0.0.0 - ok 22:42:51.0828 4064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:42:51.0828 4064 Fs_Rec - ok 22:42:51.0875 4064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:42:51.0890 4064 Ftdisk - ok 22:42:51.0921 4064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 22:42:51.0921 4064 GEARAspiWDM - ok 22:42:51.0984 4064 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 22:42:51.0984 4064 GoogleDesktopManager-051210-111108 - ok 22:42:52.0000 4064 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:42:52.0000 4064 Gpc - ok 22:42:52.0015 4064 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys 22:42:52.0031 4064 guardian2 - ok 22:42:52.0078 4064 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 22:42:52.0093 4064 gupdate - ok 22:42:52.0109 4064 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 22:42:52.0109 4064 gupdatem - ok 22:42:52.0156 4064 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 22:42:52.0171 4064 gusvc - ok 22:42:52.0203 4064 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 22:42:52.0218 4064 HDAudBus - ok 22:42:52.0265 4064 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 22:42:52.0265 4064 helpsvc - ok 22:42:52.0281 4064 HidServ - ok 22:42:52.0312 4064 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:42:52.0328 4064 HidUsb - ok 22:42:52.0343 4064 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 22:42:52.0343 4064 hpn - ok 22:42:52.0390 4064 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 22:42:52.0421 4064 HSFHWAZL - ok 22:42:52.0515 4064 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 22:42:52.0562 4064 HSF_DPV - ok 22:42:52.0625 4064 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 22:42:52.0640 4064 HTTP - ok 22:42:52.0671 4064 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll 22:42:52.0687 4064 HTTPFilter - ok 22:42:52.0734 4064 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys 22:42:52.0734 4064 i2omgmt - ok 22:42:52.0750 4064 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys 22:42:52.0765 4064 i2omp - ok 22:42:52.0796 4064 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:42:52.0796 4064 i8042prt - ok 22:42:53.0156 4064 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 22:42:53.0359 4064 ialm - ok 22:42:53.0531 4064 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:42:53.0578 4064 idsvc - ok 22:42:53.0656 4064 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:42:53.0656 4064 Imapi - ok 22:42:53.0703 4064 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe 22:42:53.0718 4064 ImapiService - ok 22:42:53.0750 4064 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 22:42:53.0750 4064 ini910u - ok 22:42:53.0750 4064 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 22:42:53.0750 4064 IntelIde - ok 22:42:53.0781 4064 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 22:42:53.0781 4064 intelppm - ok 22:42:53.0796 4064 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 22:42:53.0796 4064 Ip6Fw - ok 22:42:53.0812 4064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:42:53.0812 4064 IpFilterDriver - ok 22:42:53.0812 4064 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:42:53.0828 4064 IpInIp - ok 22:42:53.0859 4064 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:42:53.0859 4064 IpNat - ok 22:42:54.0015 4064 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe 22:42:54.0046 4064 iPod Service - ok 22:42:54.0093 4064 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:42:54.0093 4064 IPSec - ok 22:42:54.0109 4064 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:42:54.0109 4064 IRENUM - ok 22:42:54.0140 4064 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:42:54.0140 4064 isapnp - ok 22:42:54.0171 4064 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:42:54.0171 4064 Kbdclass - ok 22:42:54.0218 4064 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 22:42:54.0234 4064 kmixer - ok 22:42:54.0265 4064 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys 22:42:54.0281 4064 KSecDD - ok 22:42:54.0296 4064 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll 22:42:54.0343 4064 lanmanserver - ok 22:42:54.0390 4064 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll 22:42:54.0437 4064 lanmanworkstation - ok 22:42:54.0437 4064 lbrtfdc - ok 22:42:54.0484 4064 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll 22:42:54.0500 4064 LmHosts - ok 22:42:54.0546 4064 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 22:42:54.0546 4064 mdmxsdk - ok 22:42:54.0562 4064 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll 22:42:54.0578 4064 Messenger - ok 22:42:54.0625 4064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:42:54.0625 4064 mnmdd - ok 22:42:54.0656 4064 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe 22:42:54.0671 4064 mnmsrvc - ok 22:42:54.0671 4064 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 22:42:54.0687 4064 Modem - ok 22:42:54.0734 4064 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:42:54.0734 4064 Mouclass - ok 22:42:54.0781 4064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:42:54.0781 4064 mouhid - ok 22:42:54.0796 4064 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 22:42:54.0796 4064 MountMgr - ok 22:42:54.0828 4064 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 22:42:54.0828 4064 mraid35x - ok 22:42:54.0859 4064 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:42:54.0890 4064 MRxDAV - ok 22:42:54.0937 4064 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:42:54.0953 4064 MRxSmb - ok 22:42:54.0984 4064 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe 22:42:55.0015 4064 MSDTC - ok 22:42:55.0031 4064 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 22:42:55.0046 4064 Msfs - ok 22:42:55.0046 4064 MSIServer - ok 22:42:55.0078 4064 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:42:55.0093 4064 MSKSSRV - ok 22:42:55.0109 4064 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:42:55.0109 4064 MSPCLOCK - ok 22:42:55.0109 4064 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 22:42:55.0125 4064 MSPQM - ok 22:42:55.0140 4064 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:42:55.0156 4064 mssmbios - ok 22:42:55.0156 4064 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 22:42:55.0171 4064 Mup - ok 22:42:55.0203 4064 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 22:42:55.0218 4064 NDIS - ok 22:42:55.0218 4064 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:42:55.0234 4064 NdisTapi - ok 22:42:55.0234 4064 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:42:55.0250 4064 Ndisuio - ok 22:42:55.0250 4064 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:42:55.0265 4064 NdisWan - ok 22:42:55.0281 4064 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 22:42:55.0281 4064 NDProxy - ok 22:42:55.0296 4064 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:42:55.0296 4064 NetBIOS - ok 22:42:55.0328 4064 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:42:55.0328 4064 NetBT - ok 22:42:55.0375 4064 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe 22:42:55.0406 4064 NetDDE - ok 22:42:55.0421 4064 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe 22:42:55.0437 4064 NetDDEdsdm - ok 22:42:55.0468 4064 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 22:42:55.0468 4064 Netlogon - ok 22:42:55.0515 4064 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll 22:42:55.0578 4064 Netman - ok 22:42:55.0687 4064 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:42:55.0703 4064 NetTcpPortSharing - ok 22:42:55.0875 4064 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 22:42:55.0984 4064 NETw4x32 - ok 22:42:56.0046 4064 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 22:42:56.0062 4064 NIC1394 - ok 22:42:56.0203 4064 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe 22:42:56.0218 4064 NICCONFIGSVC - ok 22:42:56.0265 4064 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll 22:42:56.0296 4064 Nla - ok 22:42:56.0343 4064 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 22:42:56.0343 4064 Npfs - ok 22:42:56.0406 4064 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 22:42:56.0421 4064 Ntfs - ok 22:42:56.0453 4064 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 22:42:56.0468 4064 NtLmSsp - ok 22:42:56.0531 4064 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll 22:42:56.0578 4064 NtmsSvc - ok 22:42:56.0609 4064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:42:56.0609 4064 Null - ok 22:42:56.0765 4064 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 22:42:56.0875 4064 nv - ok 22:42:56.0953 4064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:42:56.0953 4064 NwlnkFlt - ok 22:42:56.0968 4064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:42:56.0968 4064 NwlnkFwd - ok 22:42:57.0125 4064 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:42:57.0171 4064 odserv - ok 22:42:57.0218 4064 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 22:42:57.0218 4064 ohci1394 - ok 22:42:57.0250 4064 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:42:57.0265 4064 ose - ok 22:42:57.0281 4064 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 22:42:57.0296 4064 Parport - ok 22:42:57.0296 4064 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 22:42:57.0296 4064 PartMgr - ok 22:42:57.0312 4064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 22:42:57.0328 4064 ParVdm - ok 22:42:57.0343 4064 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys 22:42:57.0343 4064 PBADRV - ok 22:42:57.0343 4064 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 22:42:57.0343 4064 PCI - ok 22:42:57.0343 4064 PCIDump - ok 22:42:57.0359 4064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 22:42:57.0359 4064 PCIIde - ok 22:42:57.0359 4064 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 22:42:57.0375 4064 Pcmcia - ok 22:42:57.0375 4064 PDCOMP - ok 22:42:57.0375 4064 PDFRAME - ok 22:42:57.0390 4064 PDRELI - ok 22:42:57.0390 4064 PDRFRAME - ok 22:42:57.0421 4064 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 22:42:57.0421 4064 perc2 - ok 22:42:57.0437 4064 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 22:42:57.0437 4064 perc2hib - ok 22:42:57.0515 4064 PlugPlay (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe 22:42:57.0531 4064 PlugPlay - ok 22:42:57.0578 4064 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 22:42:57.0578 4064 PolicyAgent - ok 22:42:57.0625 4064 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:42:57.0625 4064 PptpMiniport - ok 22:42:57.0625 4064 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 22:42:57.0625 4064 ProtectedStorage - ok 22:42:57.0640 4064 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 22:42:57.0640 4064 PSched - ok 22:42:57.0640 4064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:42:57.0640 4064 Ptilink - ok 22:42:57.0656 4064 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 22:42:57.0656 4064 ql1080 - ok 22:42:57.0656 4064 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 22:42:57.0656 4064 Ql10wnt - ok 22:42:57.0671 4064 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 22:42:57.0671 4064 ql12160 - ok 22:42:57.0671 4064 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 22:42:57.0687 4064 ql1240 - ok 22:42:57.0703 4064 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 22:42:57.0703 4064 ql1280 - ok 22:42:57.0718 4064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:42:57.0718 4064 RasAcd - ok 22:42:57.0750 4064 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll 22:42:57.0765 4064 RasAuto - ok 22:42:57.0796 4064 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:42:57.0796 4064 Rasl2tp - ok 22:42:57.0828 4064 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll 22:42:57.0843 4064 RasMan - ok 22:42:57.0843 4064 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:42:57.0859 4064 RasPppoe - ok 22:42:57.0859 4064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:42:57.0859 4064 Raspti - ok 22:42:57.0906 4064 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:42:57.0921 4064 Rdbss - ok 22:42:57.0921 4064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:42:57.0921 4064 RDPCDD - ok 22:42:57.0953 4064 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 22:42:57.0968 4064 rdpdr - ok 22:42:58.0000 4064 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 22:42:58.0000 4064 RDPWD - ok 22:42:58.0046 4064 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe 22:42:58.0093 4064 RDSessMgr - ok 22:42:58.0125 4064 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:42:58.0125 4064 redbook - ok 22:42:58.0218 4064 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 22:42:58.0234 4064 RegSrvc - ok 22:42:58.0265 4064 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll 22:42:58.0281 4064 RemoteAccess - ok 22:42:58.0312 4064 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll 22:42:58.0343 4064 RemoteRegistry - ok 22:42:58.0375 4064 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe 22:42:58.0390 4064 RpcLocator - ok 22:42:58.0437 4064 RpcSs (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll 22:42:58.0453 4064 RpcSs - ok 22:42:58.0484 4064 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 22:42:58.0531 4064 RSVP - ok 22:42:58.0593 4064 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 22:42:58.0625 4064 S24EventMonitor - ok 22:42:58.0671 4064 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys 22:42:58.0671 4064 s24trans - ok 22:42:58.0703 4064 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe 22:42:58.0718 4064 SamSs - ok 22:42:58.0750 4064 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe 22:42:58.0765 4064 SCardSvr - ok 22:42:58.0796 4064 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll 22:42:58.0812 4064 Schedule - ok 22:42:58.0859 4064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:42:58.0859 4064 Secdrv - ok 22:42:58.0890 4064 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll 22:42:58.0906 4064 seclogon - ok 22:42:59.0015 4064 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe 22:42:59.0046 4064 SecureStorageService - ok 22:42:59.0046 4064 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll 22:42:59.0062 4064 SENS - ok 22:42:59.0078 4064 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:42:59.0078 4064 serenum - ok 22:42:59.0093 4064 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 22:42:59.0109 4064 Serial - ok 22:42:59.0140 4064 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:42:59.0140 4064 Sfloppy - ok 22:42:59.0187 4064 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll 22:42:59.0250 4064 SharedAccess - ok 22:42:59.0281 4064 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll 22:42:59.0296 4064 ShellHWDetection - ok 22:42:59.0296 4064 Simbad - ok 22:42:59.0343 4064 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys 22:42:59.0343 4064 sisagp - ok 22:42:59.0359 4064 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 22:42:59.0359 4064 Sparrow - ok 22:42:59.0390 4064 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 22:42:59.0406 4064 splitter - ok 22:42:59.0437 4064 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe 22:42:59.0453 4064 Spooler - ok 22:42:59.0468 4064 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 22:42:59.0484 4064 sr - ok 22:42:59.0531 4064 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll 22:42:59.0578 4064 srservice - ok 22:42:59.0625 4064 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 22:42:59.0640 4064 Srv - ok 22:42:59.0687 4064 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll 22:42:59.0703 4064 SSDPSRV - ok 22:42:59.0750 4064 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe 22:42:59.0796 4064 STacSV - ok 22:42:59.0921 4064 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys 22:42:59.0984 4064 STHDA - ok 22:43:00.0031 4064 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll 22:43:00.0093 4064 stisvc - ok 22:43:00.0156 4064 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:43:00.0171 4064 swenum - ok 22:43:00.0218 4064 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 22:43:00.0218 4064 swmidi - ok 22:43:00.0234 4064 SwPrv - ok 22:43:00.0250 4064 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 22:43:00.0250 4064 symc810 - ok 22:43:00.0281 4064 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 22:43:00.0281 4064 symc8xx - ok 22:43:00.0312 4064 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 22:43:00.0312 4064 sym_hi - ok 22:43:00.0312 4064 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 22:43:00.0328 4064 sym_u3 - ok 22:43:00.0359 4064 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 22:43:00.0359 4064 sysaudio - ok 22:43:00.0406 4064 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe 22:43:00.0437 4064 SysmonLog - ok 22:43:00.0484 4064 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll 22:43:00.0625 4064 TapiSrv - ok 22:43:00.0968 4064 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:43:01.0140 4064 Tcpip - ok 22:43:01.0640 4064 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe 22:43:01.0703 4064 tcsd_win32.exe - ok 22:43:01.0859 4064 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe 22:43:01.0921 4064 TdmService - ok 22:43:02.0031 4064 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:43:02.0031 4064 TDPIPE - ok 22:43:02.0046 4064 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 22:43:02.0046 4064 TDTCP - ok 22:43:02.0078 4064 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:43:02.0093 4064 TermDD - ok 22:43:02.0156 4064 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll 22:43:02.0359 4064 TermService - ok 22:43:02.0453 4064 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll 22:43:02.0468 4064 Themes - ok 22:43:02.0515 4064 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe 22:43:02.0546 4064 TlntSvr - ok 22:43:02.0593 4064 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 22:43:02.0609 4064 TosIde - ok 22:43:02.0640 4064 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll 22:43:02.0734 4064 TrkWks - ok 22:43:02.0875 4064 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 22:43:02.0890 4064 Udfs - ok 22:43:02.0921 4064 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 22:43:02.0921 4064 ultra - ok 22:43:02.0968 4064 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 22:43:02.0984 4064 Update - ok 22:43:03.0031 4064 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll 22:43:03.0078 4064 upnphost - ok 22:43:03.0109 4064 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe 22:43:03.0125 4064 UPS - ok 22:43:03.0156 4064 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 22:43:03.0156 4064 USBAAPL - ok 22:43:03.0187 4064 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:43:03.0203 4064 usbehci - ok 22:43:03.0218 4064 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:43:03.0218 4064 usbhub - ok 22:43:03.0250 4064 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:43:03.0265 4064 usbscan - ok 22:43:03.0296 4064 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:43:03.0296 4064 USBSTOR - ok 22:43:03.0312 4064 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 22:43:03.0328 4064 usbuhci - ok 22:43:03.0375 4064 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 22:43:03.0375 4064 VgaSave - ok 22:43:03.0406 4064 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys 22:43:03.0406 4064 viaagp - ok 22:43:03.0421 4064 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 22:43:03.0437 4064 ViaIde - ok 22:43:03.0468 4064 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 22:43:03.0468 4064 VolSnap - ok 22:43:03.0515 4064 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe 22:43:03.0562 4064 VSS - ok 22:43:03.0609 4064 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll 22:43:03.0671 4064 w32time - ok 22:43:03.0703 4064 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:43:03.0718 4064 Wanarp - ok 22:43:03.0718 4064 Wave UCSPlus - ok 22:43:03.0859 4064 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe 22:43:03.0875 4064 WaveEnrollmentService - ok 22:43:03.0906 4064 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys 22:43:03.0906 4064 WaveFDE - ok 22:43:03.0937 4064 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 22:43:03.0953 4064 WavxDMgr - ok 22:43:03.0953 4064 WDICA - ok 22:43:04.0015 4064 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 22:43:04.0015 4064 wdmaud - ok 22:43:04.0062 4064 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll 22:43:04.0062 4064 WebClient - ok 22:43:04.0140 4064 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 22:43:04.0187 4064 winachsf - ok 22:43:04.0281 4064 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll 22:43:04.0296 4064 winmgmt - ok 22:43:04.0453 4064 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe 22:43:04.0578 4064 WLANKEEPER - ok 22:43:04.0671 4064 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 22:43:04.0703 4064 WmdmPmSN - ok 22:43:04.0828 4064 Wmi (e8e57b0f9eb03d1aabec28d550c75116) C:\WINDOWS\System32\advapi32.dll 22:43:04.0875 4064 Wmi - ok 22:43:04.0921 4064 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 22:43:04.0937 4064 WmiAcpi - ok 22:43:04.0984 4064 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 22:43:05.0000 4064 WmiApSrv - ok 22:43:05.0093 4064 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 22:43:05.0125 4064 WMPNetworkSvc - ok 22:43:05.0171 4064 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll 22:43:05.0171 4064 wscsvc - ok 22:43:05.0218 4064 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll 22:43:05.0218 4064 wuauserv - ok 22:43:05.0250 4064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:43:05.0265 4064 WudfPf - ok 22:43:05.0296 4064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 22:43:05.0296 4064 WudfRd - ok 22:43:05.0312 4064 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 22:43:05.0328 4064 WudfSvc - ok 22:43:05.0375 4064 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll 22:43:05.0421 4064 WZCSVC - ok 22:43:05.0437 4064 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll 22:43:05.0453 4064 xmlprov - ok 22:43:05.0484 4064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 22:43:05.0953 4064 \Device\Harddisk0\DR0 - ok 22:43:05.0953 4064 Boot (0x1200) (855b4d7c371f409c106be498d5ac2525) \Device\Harddisk0\DR0\Partition0 22:43:05.0968 4064 \Device\Harddisk0\DR0\Partition0 - ok 22:43:05.0968 4064 ============================================================ 22:43:05.0968 4064 Scan finished 22:43:05.0968 4064 ============================================================ 22:43:05.0968 0164 Detected object count: 0 22:43:05.0968 0164 Actual detected object count: 0
  23. grogger
    So my Mother in law got something on her computer. We can create a new file, but we cannot change (ie: rename) or delete these files no matter where we create them. If I boot into Safe Mode, then I can delete the files no problem. I was unable to install MalwareBytes until I went into Safe Mode and installed it. MalwareBytes did not find anything. Concerned this may be a root kit of some kind. Helpo is appreciated. MalwareBytes Quick scan did not find anything. Ran the DDS swcript and have attached the results. Thanks again! -Grogger attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.