grogger
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by grogger
-
-
OK. So it ran, an asked for the CD. I put one in and it finished running. Rebooted, and still having the same problem.
-
Here it is. Keep in mind I ran this under safe mode as that is the only way to get it to run. Also keep in mind that I don't have a problem deleting and renaming files while in Safe Mode. Here is the latest ComboFix Log file.
-
So I got the SeaTools for DOS ISO downloaded on another compuiter and was able to boot off that ISO and run off that. SeaTools showed the hard drive as passed all tests.
-
I'm still here with you. I have been very busy away from this. However, I am having problems downloading the Seagate tools and installing them. The drop down boxes on the Seagate website don't work with IE right, and the Google Chrome won't download the file. It keeps saying interrupted. I will keep trying. Let me know if you have any other ideas in the meantime.
-
I looked up the model number that appears in Device Manager, and it appears to be a Seagate (ST980813ASG). The computer is a Dell Latitude D630 laptop.
-
Yes. I checked the actual file properties and security settings. They are not set to read-only, and the actual file permissions are set to Full Control.
-
Any type of file. All the files that you have had me save to my desktop, I can't delete. That means Office Docs, text files, .exe files. ANy file that gets created anywhere on the machine, I can't rename or delete them unless I am working in Safe Mode. In Safe Mode there does not appear to be any problems working with files. However, if I open a command prompt, and use command line, I can delete files, but I still can't rename them.
The user is a local administrator (You can see that from the SystemLook output also). I checked file level security permissions, and the permissions on the files are Full-Control. The error I get is Access Denied:
The file is not currently in use, and the disk is not full.
I assume this means we haven't found any malware, and we are now wondering what the problem is.
Thanks again for all your help!
-
SystemLook.txt:
SystemLook 30.07.11 by jpshortstuff
Log created at 23:05 on 31/05/2012 by Nancy
Administrator - Elevation successful
========== regfind ==========
Searching for "20D04FE0-3AEA-1069-A2D8-08002B30309D"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\17]
"ShellExecute"="::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Policy\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
[HKEY_USERS\S-1-5-21-3611719831-1192953567-205520213-1005\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
-= EOF =-
-
Here is the RogueKiller log:
RogueKiller V7.5.2 [05/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: Nancy [Admin rights]
Mode: Scan -- Date: 05/31/2012 20:15:27
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST980813ASG +++++
--- User ---
[MBR] 0d20519f4697fe02675d1961fb932b3e
[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76245 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Still nothing. DO you think this sounds like malware or just something else wrong with the computer? Here is the log from the ESET Scanner:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b6c3c05e36e5b3419d25c9cd19b0d8c9
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-31 12:26:09
# local_time=2012-05-31 08:26:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=770 16774141 100 95 0 114250223 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=55151
# found=0
# cleaned=0
# scan_time=1618
-
Here is the log:
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.05.30.07
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Nancy :: JACK [administrator]
5/30/2012 11:50:32 PM
mbam-log-2012-05-30 (23-50-32).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 251147
Time elapsed: 1 hour(s), 14 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Just found one other interesting bit of information. If I open a command prompt, I can delete and rename files through Command line.
-
Here is the log file.
-
Not having a whole lot of luck. Didn't really find anything. I'm assuming this is some kind of malware. I can create files without problems, but I still can not delete or rename a file unless I reboot into safe mode. I am having to do all these scans and runs in safe-mode, because they are not working otherwise. Not sure if that is causing it not to find anything.
The file is too big, so I need to .zip it. BUt I have to reboot in safe mode to be able to create the zip file. WIll upload shortly.
-
Re-downloaded combo fix again and re-ran. Still looks the same. Any ideas?
-
Ran again, but appears to be the same result. I had to run it in Safe Mode as that is the only way it still runs at all.
-
unfortunately...That was all that was in the log the second time I ran it. Let me run it again.
-
Console installed.
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(1144)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-05-30 11:35:34
ComboFix-quarantined-files.txt 2012-05-30 15:35
ComboFix2.txt 2012-05-30 03:24
.
Pre-Run: 51,183,951,872 bytes free
Post-Run: 51,173,834,752 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7550DBBBFDF72101EABD3C2054FAFB48
-
Only way ComboFix would run was under Safe Mode:
Resulting Log:
ComboFix 12-05-29.01 - Nancy 05/29/2012 23:07:11.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.818 [GMT -4:00]
Running from: c:\documents and settings\Nancy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\test
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\documents and settings\Nancy\Application Data\Malwarebytes
2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-29 02:23 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 02:36 . 2012-05-12 02:36 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 03:21 . 2008-03-06 02:15 0 ----a-w- c:\documents and settings\Nancy\Local Settings\Application Data\WavXMapDrive.bat
2012-03-06 23:15 . 2010-11-29 13:49 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2008-03-06 03:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-17 20:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2009-03-04 01:51 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2008-03-06 03:15 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2008-03-06 03:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2008-03-06 03:15 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2008-03-06 03:15 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2009-03-04 01:51 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2008-03-06 03:15 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-26 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2008-10-15 45936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-05 30192]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-25 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/17/2011 4:20 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/3/2009 9:51 PM 337880]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2009 9:51 PM 20696]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:31 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/25/2008 11:27 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:31 PM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:31]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080226
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-29 23:21
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(3400)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\StacSV.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2012-05-29 23:24:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 03:24
.
Pre-Run: 47,439,638,528 bytes free
Post-Run: 50,159,915,008 bytes free
.
- - End Of File - - 1B2438080F31E7F061E98FA0CC02A746
-
ComboFix did not run successfully. A command window opened, witha message the "c.bat is not recognized as an internal or external command, operable program or batch file."
The only file in the C:\ComboFix Directory is a file CF10655.3XE
Security Check checkup.txt:
Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 2 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
a
v
a
s
t
!
ECHO is off.
A
n
t
i
v
i
r
u
s
ECHO is off.
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Flash Player 10 Flash Player out of date!
Google Chrome 18.0.1025.168
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 26% Defragment your hard drive soon!
````````````````````End of Log``````````````````````
-
TDSKiller didn't find anything. Working on the next steps. Here is teh TDSKiller log:
22:42:25.0062 1504 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
22:42:25.0734 1504 ============================================================
22:42:25.0734 1504 Current date / time: 2012/05/29 22:42:25.0734
22:42:25.0734 1504 SystemInfo:
22:42:25.0734 1504
22:42:25.0734 1504 OS Version: 5.1.2600 ServicePack: 2.0
22:42:25.0734 1504 Product type: Workstation
22:42:25.0734 1504 ComputerName: JACK
22:42:25.0734 1504 UserName: Nancy
22:42:25.0734 1504 Windows directory: C:\WINDOWS
22:42:25.0734 1504 System windows directory: C:\WINDOWS
22:42:25.0734 1504 Processor architecture: Intel x86
22:42:25.0734 1504 Number of processors: 2
22:42:25.0734 1504 Page size: 0x1000
22:42:25.0734 1504 Boot type: Normal boot
22:42:25.0734 1504 ============================================================
22:42:28.0015 1504 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:42:28.0031 1504 ============================================================
22:42:28.0031 1504 \Device\Harddisk0\DR0:
22:42:28.0031 1504 MBR partitions:
22:42:28.0031 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x94EAFF8
22:42:28.0031 1504 ============================================================
22:42:28.0093 1504 C: <-> \Device\Harddisk0\DR0\Partition0
22:42:28.0093 1504 ============================================================
22:42:28.0093 1504 Initialize success
22:42:28.0093 1504 ============================================================
22:42:46.0546 4064 ============================================================
22:42:46.0546 4064 Scan started
22:42:46.0546 4064 Mode: Manual;
22:42:46.0546 4064 ============================================================
22:42:47.0546 4064 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
22:42:47.0562 4064 Aavmker4 - ok
22:42:47.0562 4064 Abiosdsk - ok
22:42:47.0609 4064 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:42:47.0609 4064 abp480n5 - ok
22:42:47.0640 4064 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:42:47.0640 4064 ACPI - ok
22:42:47.0671 4064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:42:47.0671 4064 ACPIEC - ok
22:42:47.0687 4064 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:42:47.0687 4064 adpu160m - ok
22:42:47.0734 4064 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
22:42:47.0750 4064 aec - ok
22:42:47.0781 4064 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:42:47.0781 4064 AegisP - ok
22:42:47.0843 4064 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
22:42:47.0843 4064 AFD - ok
22:42:47.0875 4064 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
22:42:47.0875 4064 agp440 - ok
22:42:47.0906 4064 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:42:47.0906 4064 agpCPQ - ok
22:42:47.0921 4064 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:42:47.0921 4064 Aha154x - ok
22:42:47.0937 4064 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:42:47.0953 4064 aic78u2 - ok
22:42:47.0968 4064 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:42:47.0968 4064 aic78xx - ok
22:42:48.0000 4064 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll
22:42:48.0000 4064 Alerter - ok
22:42:48.0031 4064 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe
22:42:48.0031 4064 ALG - ok
22:42:48.0062 4064 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:42:48.0062 4064 AliIde - ok
22:42:48.0078 4064 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:42:48.0078 4064 alim1541 - ok
22:42:48.0109 4064 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:42:48.0109 4064 amdagp - ok
22:42:48.0125 4064 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
22:42:48.0125 4064 amsint - ok
22:42:48.0156 4064 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:42:48.0171 4064 ApfiltrService - ok
22:42:48.0203 4064 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
22:42:48.0203 4064 APPDRV - ok
22:42:48.0406 4064 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:42:48.0406 4064 Apple Mobile Device - ok
22:42:48.0453 4064 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll
22:42:48.0453 4064 AppMgmt - ok
22:42:48.0500 4064 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:42:48.0500 4064 Arp1394 - ok
22:42:48.0593 4064 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
22:42:48.0609 4064 asc - ok
22:42:48.0640 4064 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:42:48.0640 4064 asc3350p - ok
22:42:48.0671 4064 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:42:48.0671 4064 asc3550 - ok
22:42:48.0718 4064 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
22:42:48.0718 4064 ASFIPmon - ok
22:42:48.0828 4064 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:42:48.0828 4064 aspnet_state - ok
22:42:48.0859 4064 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:42:48.0859 4064 aswFsBlk - ok
22:42:48.0890 4064 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
22:42:48.0890 4064 aswMon2 - ok
22:42:48.0921 4064 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys
22:42:48.0921 4064 aswRdr - ok
22:42:48.0968 4064 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
22:42:49.0000 4064 aswSnx - ok
22:42:49.0015 4064 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
22:42:49.0031 4064 aswSP - ok
22:42:49.0046 4064 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
22:42:49.0062 4064 aswTdi - ok
22:42:49.0078 4064 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:42:49.0078 4064 AsyncMac - ok
22:42:49.0093 4064 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:42:49.0093 4064 atapi - ok
22:42:49.0093 4064 Atdisk - ok
22:42:49.0125 4064 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:42:49.0125 4064 Atmarpc - ok
22:42:49.0156 4064 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll
22:42:49.0156 4064 AudioSrv - ok
22:42:49.0187 4064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:42:49.0203 4064 audstub - ok
22:42:49.0312 4064 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:42:49.0328 4064 avast! Antivirus - ok
22:42:49.0375 4064 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:42:49.0375 4064 b57w2k - ok
22:42:49.0406 4064 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
22:42:49.0406 4064 BASFND - ok
22:42:49.0437 4064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:42:49.0437 4064 Beep - ok
22:42:49.0500 4064 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll
22:42:49.0562 4064 BITS - ok
22:42:49.0671 4064 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:42:49.0703 4064 Bonjour Service - ok
22:42:49.0734 4064 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll
22:42:49.0750 4064 Browser - ok
22:42:49.0781 4064 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:42:49.0781 4064 cbidf - ok
22:42:49.0781 4064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:42:49.0781 4064 cbidf2k - ok
22:42:49.0828 4064 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:42:49.0828 4064 cd20xrnt - ok
22:42:49.0843 4064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:42:49.0859 4064 Cdaudio - ok
22:42:49.0859 4064 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
22:42:49.0859 4064 Cdfs - ok
22:42:49.0875 4064 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:42:49.0875 4064 Cdrom - ok
22:42:49.0890 4064 Changer - ok
22:42:49.0921 4064 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe
22:42:49.0921 4064 CiSvc - ok
22:42:49.0921 4064 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe
22:42:49.0921 4064 ClipSrv - ok
22:42:50.0015 4064 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:42:50.0015 4064 clr_optimization_v2.0.50727_32 - ok
22:42:50.0015 4064 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:42:50.0015 4064 CmBatt - ok
22:42:50.0046 4064 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:42:50.0046 4064 CmdIde - ok
22:42:50.0046 4064 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:42:50.0046 4064 Compbatt - ok
22:42:50.0062 4064 COMSysApp - ok
22:42:50.0078 4064 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:42:50.0078 4064 Cpqarray - ok
22:42:50.0109 4064 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll
22:42:50.0125 4064 CryptSvc - ok
22:42:50.0156 4064 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:42:50.0171 4064 dac2w2k - ok
22:42:50.0187 4064 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:42:50.0187 4064 dac960nt - ok
22:42:50.0250 4064 DcomLaunch (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll
22:42:50.0281 4064 DcomLaunch - ok
22:42:50.0312 4064 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll
22:42:50.0328 4064 Dhcp - ok
22:42:50.0375 4064 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
22:42:50.0375 4064 Disk - ok
22:42:50.0375 4064 dmadmin - ok
22:42:50.0468 4064 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
22:42:50.0515 4064 dmboot - ok
22:42:50.0531 4064 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
22:42:50.0546 4064 dmio - ok
22:42:50.0562 4064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:42:50.0578 4064 dmload - ok
22:42:50.0609 4064 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll
22:42:50.0609 4064 dmserver - ok
22:42:50.0671 4064 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
22:42:50.0671 4064 DMusic - ok
22:42:50.0703 4064 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll
22:42:50.0718 4064 Dnscache - ok
22:42:50.0734 4064 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:42:50.0734 4064 dpti2o - ok
22:42:50.0765 4064 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
22:42:50.0765 4064 drmkaud - ok
22:42:50.0781 4064 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
22:42:50.0796 4064 DXEC01 - ok
22:42:50.0828 4064 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:42:50.0843 4064 E100B - ok
22:42:50.0875 4064 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll
22:42:50.0890 4064 ERSvc - ok
22:42:50.0921 4064 Eventlog (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe
22:42:50.0953 4064 Eventlog - ok
22:42:51.0000 4064 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll
22:42:51.0015 4064 EventSystem - ok
22:42:51.0125 4064 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
22:42:51.0156 4064 EvtEng - ok
22:42:51.0203 4064 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
22:42:51.0218 4064 Fastfat - ok
22:42:51.0265 4064 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
22:42:51.0296 4064 FastUserSwitchingCompatibility - ok
22:42:51.0359 4064 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe
22:42:51.0390 4064 Fax - ok
22:42:51.0406 4064 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:42:51.0421 4064 Fdc - ok
22:42:51.0453 4064 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
22:42:51.0453 4064 Fips - ok
22:42:51.0562 4064 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:42:51.0625 4064 FLEXnet Licensing Service - ok
22:42:51.0640 4064 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:42:51.0656 4064 Flpydisk - ok
22:42:51.0687 4064 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:42:51.0703 4064 FltMgr - ok
22:42:51.0781 4064 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:42:51.0781 4064 FontCache3.0.0.0 - ok
22:42:51.0828 4064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:42:51.0828 4064 Fs_Rec - ok
22:42:51.0875 4064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:42:51.0890 4064 Ftdisk - ok
22:42:51.0921 4064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:42:51.0921 4064 GEARAspiWDM - ok
22:42:51.0984 4064 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:42:51.0984 4064 GoogleDesktopManager-051210-111108 - ok
22:42:52.0000 4064 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:42:52.0000 4064 Gpc - ok
22:42:52.0015 4064 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
22:42:52.0031 4064 guardian2 - ok
22:42:52.0078 4064 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:42:52.0093 4064 gupdate - ok
22:42:52.0109 4064 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:42:52.0109 4064 gupdatem - ok
22:42:52.0156 4064 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:42:52.0171 4064 gusvc - ok
22:42:52.0203 4064 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:42:52.0218 4064 HDAudBus - ok
22:42:52.0265 4064 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:42:52.0265 4064 helpsvc - ok
22:42:52.0281 4064 HidServ - ok
22:42:52.0312 4064 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:42:52.0328 4064 HidUsb - ok
22:42:52.0343 4064 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
22:42:52.0343 4064 hpn - ok
22:42:52.0390 4064 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:42:52.0421 4064 HSFHWAZL - ok
22:42:52.0515 4064 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:42:52.0562 4064 HSF_DPV - ok
22:42:52.0625 4064 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
22:42:52.0640 4064 HTTP - ok
22:42:52.0671 4064 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll
22:42:52.0687 4064 HTTPFilter - ok
22:42:52.0734 4064 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
22:42:52.0734 4064 i2omgmt - ok
22:42:52.0750 4064 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:42:52.0765 4064 i2omp - ok
22:42:52.0796 4064 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:42:52.0796 4064 i8042prt - ok
22:42:53.0156 4064 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:42:53.0359 4064 ialm - ok
22:42:53.0531 4064 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:42:53.0578 4064 idsvc - ok
22:42:53.0656 4064 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:42:53.0656 4064 Imapi - ok
22:42:53.0703 4064 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe
22:42:53.0718 4064 ImapiService - ok
22:42:53.0750 4064 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:42:53.0750 4064 ini910u - ok
22:42:53.0750 4064 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:42:53.0750 4064 IntelIde - ok
22:42:53.0781 4064 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:42:53.0781 4064 intelppm - ok
22:42:53.0796 4064 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:42:53.0796 4064 Ip6Fw - ok
22:42:53.0812 4064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:42:53.0812 4064 IpFilterDriver - ok
22:42:53.0812 4064 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:42:53.0828 4064 IpInIp - ok
22:42:53.0859 4064 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:42:53.0859 4064 IpNat - ok
22:42:54.0015 4064 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
22:42:54.0046 4064 iPod Service - ok
22:42:54.0093 4064 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:42:54.0093 4064 IPSec - ok
22:42:54.0109 4064 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:42:54.0109 4064 IRENUM - ok
22:42:54.0140 4064 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:42:54.0140 4064 isapnp - ok
22:42:54.0171 4064 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:42:54.0171 4064 Kbdclass - ok
22:42:54.0218 4064 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
22:42:54.0234 4064 kmixer - ok
22:42:54.0265 4064 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
22:42:54.0281 4064 KSecDD - ok
22:42:54.0296 4064 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll
22:42:54.0343 4064 lanmanserver - ok
22:42:54.0390 4064 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll
22:42:54.0437 4064 lanmanworkstation - ok
22:42:54.0437 4064 lbrtfdc - ok
22:42:54.0484 4064 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll
22:42:54.0500 4064 LmHosts - ok
22:42:54.0546 4064 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:42:54.0546 4064 mdmxsdk - ok
22:42:54.0562 4064 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll
22:42:54.0578 4064 Messenger - ok
22:42:54.0625 4064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:42:54.0625 4064 mnmdd - ok
22:42:54.0656 4064 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe
22:42:54.0671 4064 mnmsrvc - ok
22:42:54.0671 4064 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
22:42:54.0687 4064 Modem - ok
22:42:54.0734 4064 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:42:54.0734 4064 Mouclass - ok
22:42:54.0781 4064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:42:54.0781 4064 mouhid - ok
22:42:54.0796 4064 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
22:42:54.0796 4064 MountMgr - ok
22:42:54.0828 4064 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:42:54.0828 4064 mraid35x - ok
22:42:54.0859 4064 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:42:54.0890 4064 MRxDAV - ok
22:42:54.0937 4064 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:42:54.0953 4064 MRxSmb - ok
22:42:54.0984 4064 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe
22:42:55.0015 4064 MSDTC - ok
22:42:55.0031 4064 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
22:42:55.0046 4064 Msfs - ok
22:42:55.0046 4064 MSIServer - ok
22:42:55.0078 4064 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:42:55.0093 4064 MSKSSRV - ok
22:42:55.0109 4064 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:42:55.0109 4064 MSPCLOCK - ok
22:42:55.0109 4064 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
22:42:55.0125 4064 MSPQM - ok
22:42:55.0140 4064 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:42:55.0156 4064 mssmbios - ok
22:42:55.0156 4064 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
22:42:55.0171 4064 Mup - ok
22:42:55.0203 4064 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
22:42:55.0218 4064 NDIS - ok
22:42:55.0218 4064 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:42:55.0234 4064 NdisTapi - ok
22:42:55.0234 4064 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:42:55.0250 4064 Ndisuio - ok
22:42:55.0250 4064 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:42:55.0265 4064 NdisWan - ok
22:42:55.0281 4064 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
22:42:55.0281 4064 NDProxy - ok
22:42:55.0296 4064 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:42:55.0296 4064 NetBIOS - ok
22:42:55.0328 4064 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:42:55.0328 4064 NetBT - ok
22:42:55.0375 4064 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
22:42:55.0406 4064 NetDDE - ok
22:42:55.0421 4064 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe
22:42:55.0437 4064 NetDDEdsdm - ok
22:42:55.0468 4064 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:42:55.0468 4064 Netlogon - ok
22:42:55.0515 4064 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll
22:42:55.0578 4064 Netman - ok
22:42:55.0687 4064 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:42:55.0703 4064 NetTcpPortSharing - ok
22:42:55.0875 4064 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
22:42:55.0984 4064 NETw4x32 - ok
22:42:56.0046 4064 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:42:56.0062 4064 NIC1394 - ok
22:42:56.0203 4064 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
22:42:56.0218 4064 NICCONFIGSVC - ok
22:42:56.0265 4064 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll
22:42:56.0296 4064 Nla - ok
22:42:56.0343 4064 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
22:42:56.0343 4064 Npfs - ok
22:42:56.0406 4064 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
22:42:56.0421 4064 Ntfs - ok
22:42:56.0453 4064 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:42:56.0468 4064 NtLmSsp - ok
22:42:56.0531 4064 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll
22:42:56.0578 4064 NtmsSvc - ok
22:42:56.0609 4064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:42:56.0609 4064 Null - ok
22:42:56.0765 4064 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:42:56.0875 4064 nv - ok
22:42:56.0953 4064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:42:56.0953 4064 NwlnkFlt - ok
22:42:56.0968 4064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:42:56.0968 4064 NwlnkFwd - ok
22:42:57.0125 4064 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:42:57.0171 4064 odserv - ok
22:42:57.0218 4064 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:42:57.0218 4064 ohci1394 - ok
22:42:57.0250 4064 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:42:57.0265 4064 ose - ok
22:42:57.0281 4064 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
22:42:57.0296 4064 Parport - ok
22:42:57.0296 4064 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
22:42:57.0296 4064 PartMgr - ok
22:42:57.0312 4064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:42:57.0328 4064 ParVdm - ok
22:42:57.0343 4064 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
22:42:57.0343 4064 PBADRV - ok
22:42:57.0343 4064 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
22:42:57.0343 4064 PCI - ok
22:42:57.0343 4064 PCIDump - ok
22:42:57.0359 4064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:42:57.0359 4064 PCIIde - ok
22:42:57.0359 4064 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:42:57.0375 4064 Pcmcia - ok
22:42:57.0375 4064 PDCOMP - ok
22:42:57.0375 4064 PDFRAME - ok
22:42:57.0390 4064 PDRELI - ok
22:42:57.0390 4064 PDRFRAME - ok
22:42:57.0421 4064 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
22:42:57.0421 4064 perc2 - ok
22:42:57.0437 4064 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:42:57.0437 4064 perc2hib - ok
22:42:57.0515 4064 PlugPlay (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe
22:42:57.0531 4064 PlugPlay - ok
22:42:57.0578 4064 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:42:57.0578 4064 PolicyAgent - ok
22:42:57.0625 4064 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:42:57.0625 4064 PptpMiniport - ok
22:42:57.0625 4064 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:42:57.0625 4064 ProtectedStorage - ok
22:42:57.0640 4064 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
22:42:57.0640 4064 PSched - ok
22:42:57.0640 4064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:42:57.0640 4064 Ptilink - ok
22:42:57.0656 4064 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:42:57.0656 4064 ql1080 - ok
22:42:57.0656 4064 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:42:57.0656 4064 Ql10wnt - ok
22:42:57.0671 4064 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:42:57.0671 4064 ql12160 - ok
22:42:57.0671 4064 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:42:57.0687 4064 ql1240 - ok
22:42:57.0703 4064 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:42:57.0703 4064 ql1280 - ok
22:42:57.0718 4064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:42:57.0718 4064 RasAcd - ok
22:42:57.0750 4064 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll
22:42:57.0765 4064 RasAuto - ok
22:42:57.0796 4064 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:42:57.0796 4064 Rasl2tp - ok
22:42:57.0828 4064 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll
22:42:57.0843 4064 RasMan - ok
22:42:57.0843 4064 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:42:57.0859 4064 RasPppoe - ok
22:42:57.0859 4064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:42:57.0859 4064 Raspti - ok
22:42:57.0906 4064 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:42:57.0921 4064 Rdbss - ok
22:42:57.0921 4064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:42:57.0921 4064 RDPCDD - ok
22:42:57.0953 4064 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:42:57.0968 4064 rdpdr - ok
22:42:58.0000 4064 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
22:42:58.0000 4064 RDPWD - ok
22:42:58.0046 4064 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe
22:42:58.0093 4064 RDSessMgr - ok
22:42:58.0125 4064 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:42:58.0125 4064 redbook - ok
22:42:58.0218 4064 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
22:42:58.0234 4064 RegSrvc - ok
22:42:58.0265 4064 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll
22:42:58.0281 4064 RemoteAccess - ok
22:42:58.0312 4064 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll
22:42:58.0343 4064 RemoteRegistry - ok
22:42:58.0375 4064 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe
22:42:58.0390 4064 RpcLocator - ok
22:42:58.0437 4064 RpcSs (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll
22:42:58.0453 4064 RpcSs - ok
22:42:58.0484 4064 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:42:58.0531 4064 RSVP - ok
22:42:58.0593 4064 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
22:42:58.0625 4064 S24EventMonitor - ok
22:42:58.0671 4064 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:42:58.0671 4064 s24trans - ok
22:42:58.0703 4064 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe
22:42:58.0718 4064 SamSs - ok
22:42:58.0750 4064 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe
22:42:58.0765 4064 SCardSvr - ok
22:42:58.0796 4064 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll
22:42:58.0812 4064 Schedule - ok
22:42:58.0859 4064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:42:58.0859 4064 Secdrv - ok
22:42:58.0890 4064 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll
22:42:58.0906 4064 seclogon - ok
22:42:59.0015 4064 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
22:42:59.0046 4064 SecureStorageService - ok
22:42:59.0046 4064 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll
22:42:59.0062 4064 SENS - ok
22:42:59.0078 4064 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:42:59.0078 4064 serenum - ok
22:42:59.0093 4064 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
22:42:59.0109 4064 Serial - ok
22:42:59.0140 4064 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:42:59.0140 4064 Sfloppy - ok
22:42:59.0187 4064 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll
22:42:59.0250 4064 SharedAccess - ok
22:42:59.0281 4064 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
22:42:59.0296 4064 ShellHWDetection - ok
22:42:59.0296 4064 Simbad - ok
22:42:59.0343 4064 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:42:59.0343 4064 sisagp - ok
22:42:59.0359 4064 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:42:59.0359 4064 Sparrow - ok
22:42:59.0390 4064 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
22:42:59.0406 4064 splitter - ok
22:42:59.0437 4064 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
22:42:59.0453 4064 Spooler - ok
22:42:59.0468 4064 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
22:42:59.0484 4064 sr - ok
22:42:59.0531 4064 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll
22:42:59.0578 4064 srservice - ok
22:42:59.0625 4064 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
22:42:59.0640 4064 Srv - ok
22:42:59.0687 4064 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll
22:42:59.0703 4064 SSDPSRV - ok
22:42:59.0750 4064 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe
22:42:59.0796 4064 STacSV - ok
22:42:59.0921 4064 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
22:42:59.0984 4064 STHDA - ok
22:43:00.0031 4064 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll
22:43:00.0093 4064 stisvc - ok
22:43:00.0156 4064 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:43:00.0171 4064 swenum - ok
22:43:00.0218 4064 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
22:43:00.0218 4064 swmidi - ok
22:43:00.0234 4064 SwPrv - ok
22:43:00.0250 4064 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
22:43:00.0250 4064 symc810 - ok
22:43:00.0281 4064 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:43:00.0281 4064 symc8xx - ok
22:43:00.0312 4064 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:43:00.0312 4064 sym_hi - ok
22:43:00.0312 4064 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:43:00.0328 4064 sym_u3 - ok
22:43:00.0359 4064 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
22:43:00.0359 4064 sysaudio - ok
22:43:00.0406 4064 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe
22:43:00.0437 4064 SysmonLog - ok
22:43:00.0484 4064 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll
22:43:00.0625 4064 TapiSrv - ok
22:43:00.0968 4064 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:43:01.0140 4064 Tcpip - ok
22:43:01.0640 4064 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
22:43:01.0703 4064 tcsd_win32.exe - ok
22:43:01.0859 4064 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
22:43:01.0921 4064 TdmService - ok
22:43:02.0031 4064 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:43:02.0031 4064 TDPIPE - ok
22:43:02.0046 4064 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
22:43:02.0046 4064 TDTCP - ok
22:43:02.0078 4064 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:43:02.0093 4064 TermDD - ok
22:43:02.0156 4064 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll
22:43:02.0359 4064 TermService - ok
22:43:02.0453 4064 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll
22:43:02.0468 4064 Themes - ok
22:43:02.0515 4064 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe
22:43:02.0546 4064 TlntSvr - ok
22:43:02.0593 4064 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
22:43:02.0609 4064 TosIde - ok
22:43:02.0640 4064 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll
22:43:02.0734 4064 TrkWks - ok
22:43:02.0875 4064 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
22:43:02.0890 4064 Udfs - ok
22:43:02.0921 4064 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
22:43:02.0921 4064 ultra - ok
22:43:02.0968 4064 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
22:43:02.0984 4064 Update - ok
22:43:03.0031 4064 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll
22:43:03.0078 4064 upnphost - ok
22:43:03.0109 4064 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe
22:43:03.0125 4064 UPS - ok
22:43:03.0156 4064 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:43:03.0156 4064 USBAAPL - ok
22:43:03.0187 4064 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:43:03.0203 4064 usbehci - ok
22:43:03.0218 4064 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:43:03.0218 4064 usbhub - ok
22:43:03.0250 4064 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:43:03.0265 4064 usbscan - ok
22:43:03.0296 4064 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:43:03.0296 4064 USBSTOR - ok
22:43:03.0312 4064 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:43:03.0328 4064 usbuhci - ok
22:43:03.0375 4064 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
22:43:03.0375 4064 VgaSave - ok
22:43:03.0406 4064 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:43:03.0406 4064 viaagp - ok
22:43:03.0421 4064 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:43:03.0437 4064 ViaIde - ok
22:43:03.0468 4064 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
22:43:03.0468 4064 VolSnap - ok
22:43:03.0515 4064 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe
22:43:03.0562 4064 VSS - ok
22:43:03.0609 4064 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll
22:43:03.0671 4064 w32time - ok
22:43:03.0703 4064 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:43:03.0718 4064 Wanarp - ok
22:43:03.0718 4064 Wave UCSPlus - ok
22:43:03.0859 4064 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
22:43:03.0875 4064 WaveEnrollmentService - ok
22:43:03.0906 4064 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
22:43:03.0906 4064 WaveFDE - ok
22:43:03.0937 4064 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
22:43:03.0953 4064 WavxDMgr - ok
22:43:03.0953 4064 WDICA - ok
22:43:04.0015 4064 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
22:43:04.0015 4064 wdmaud - ok
22:43:04.0062 4064 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll
22:43:04.0062 4064 WebClient - ok
22:43:04.0140 4064 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:43:04.0187 4064 winachsf - ok
22:43:04.0281 4064 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:43:04.0296 4064 winmgmt - ok
22:43:04.0453 4064 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
22:43:04.0578 4064 WLANKEEPER - ok
22:43:04.0671 4064 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:43:04.0703 4064 WmdmPmSN - ok
22:43:04.0828 4064 Wmi (e8e57b0f9eb03d1aabec28d550c75116) C:\WINDOWS\System32\advapi32.dll
22:43:04.0875 4064 Wmi - ok
22:43:04.0921 4064 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:43:04.0937 4064 WmiAcpi - ok
22:43:04.0984 4064 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:43:05.0000 4064 WmiApSrv - ok
22:43:05.0093 4064 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:43:05.0125 4064 WMPNetworkSvc - ok
22:43:05.0171 4064 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll
22:43:05.0171 4064 wscsvc - ok
22:43:05.0218 4064 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll
22:43:05.0218 4064 wuauserv - ok
22:43:05.0250 4064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:43:05.0265 4064 WudfPf - ok
22:43:05.0296 4064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:43:05.0296 4064 WudfRd - ok
22:43:05.0312 4064 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
22:43:05.0328 4064 WudfSvc - ok
22:43:05.0375 4064 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll
22:43:05.0421 4064 WZCSVC - ok
22:43:05.0437 4064 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll
22:43:05.0453 4064 xmlprov - ok
22:43:05.0484 4064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:43:05.0953 4064 \Device\Harddisk0\DR0 - ok
22:43:05.0953 4064 Boot (0x1200) (855b4d7c371f409c106be498d5ac2525) \Device\Harddisk0\DR0\Partition0
22:43:05.0968 4064 \Device\Harddisk0\DR0\Partition0 - ok
22:43:05.0968 4064 ============================================================
22:43:05.0968 4064 Scan finished
22:43:05.0968 4064 ============================================================
22:43:05.0968 0164 Detected object count: 0
22:43:05.0968 0164 Actual detected object count: 0
-
So my Mother in law got something on her computer.
We can create a new file, but we cannot change (ie: rename) or delete these files no matter where we create them. If I boot into Safe Mode, then I can delete the files no problem.
I was unable to install MalwareBytes until I went into Safe Mode and installed it. MalwareBytes did not find anything. Concerned this may be a root kit of some kind. Helpo is appreciated.
MalwareBytes Quick scan did not find anything. Ran the DDS swcript and have attached the results. Thanks again!
-Grogger
Need Help
in Resolved Malware Removal Logs
Posted
Still here. I don't have a restore point on this computer from before this started happening. Not sure why, but I don't.