grogger Posted May 29, 2012 ID:555662 Share Posted May 29, 2012 So my Mother in law got something on her computer.We can create a new file, but we cannot change (ie: rename) or delete these files no matter where we create them. If I boot into Safe Mode, then I can delete the files no problem.I was unable to install MalwareBytes until I went into Safe Mode and installed it. MalwareBytes did not find anything. Concerned this may be a root kit of some kind. Helpo is appreciated.MalwareBytes Quick scan did not find anything. Ran the DDS swcript and have attached the results. Thanks again!-Groggerattach.txtdds.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 30, 2012 ID:555890 Share Posted May 30, 2012 Hello grogger and welcome to Malwarebytes! I am D-FRED-BROWN and I will be helping you. Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.-------------Please download to your Desktop:TDSSKiller.zip from here and extract it (right click on it => "Extract here").>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue If a suspicious file is detected, the default action will be Skip, click on Continue If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.In your next reply, please include the following (you may need to use two posts to get it all in):TDSSKiller_log.txthow the PC is running now?-------------Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingc...to-use-combofix***IMPORTANT: save ComboFix to your Desktop**** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please go here to see a list of programs that should be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall** Please include the C:\ComboFix.txt in your next reply for further review.Also, please let me know if any problems still remain.-------------Please download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-------------In your next reply, please include:TDSSKiller logfileC:\ComboFix.txtSecurity Check checkup.txtHow is your computer running now? Link to post Share on other sites More sharing options...
grogger Posted May 30, 2012 Author ID:555912 Share Posted May 30, 2012 TDSKiller didn't find anything. Working on the next steps. Here is teh TDSKiller log:22:42:25.0062 1504 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:3122:42:25.0734 1504 ============================================================22:42:25.0734 1504 Current date / time: 2012/05/29 22:42:25.073422:42:25.0734 1504 SystemInfo:22:42:25.0734 1504 22:42:25.0734 1504 OS Version: 5.1.2600 ServicePack: 2.022:42:25.0734 1504 Product type: Workstation22:42:25.0734 1504 ComputerName: JACK22:42:25.0734 1504 UserName: Nancy22:42:25.0734 1504 Windows directory: C:\WINDOWS22:42:25.0734 1504 System windows directory: C:\WINDOWS22:42:25.0734 1504 Processor architecture: Intel x8622:42:25.0734 1504 Number of processors: 222:42:25.0734 1504 Page size: 0x100022:42:25.0734 1504 Boot type: Normal boot22:42:25.0734 1504 ============================================================22:42:28.0015 1504 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005422:42:28.0031 1504 ============================================================22:42:28.0031 1504 \Device\Harddisk0\DR0:22:42:28.0031 1504 MBR partitions:22:42:28.0031 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x94EAFF822:42:28.0031 1504 ============================================================22:42:28.0093 1504 C: <-> \Device\Harddisk0\DR0\Partition022:42:28.0093 1504 ============================================================22:42:28.0093 1504 Initialize success22:42:28.0093 1504 ============================================================22:42:46.0546 4064 ============================================================22:42:46.0546 4064 Scan started22:42:46.0546 4064 Mode: Manual;22:42:46.0546 4064 ============================================================22:42:47.0546 4064 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys22:42:47.0562 4064 Aavmker4 - ok22:42:47.0562 4064 Abiosdsk - ok22:42:47.0609 4064 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS22:42:47.0609 4064 abp480n5 - ok22:42:47.0640 4064 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys22:42:47.0640 4064 ACPI - ok22:42:47.0671 4064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys22:42:47.0671 4064 ACPIEC - ok22:42:47.0687 4064 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys22:42:47.0687 4064 adpu160m - ok22:42:47.0734 4064 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys22:42:47.0750 4064 aec - ok22:42:47.0781 4064 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys22:42:47.0781 4064 AegisP - ok22:42:47.0843 4064 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys22:42:47.0843 4064 AFD - ok22:42:47.0875 4064 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys22:42:47.0875 4064 agp440 - ok22:42:47.0906 4064 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys22:42:47.0906 4064 agpCPQ - ok22:42:47.0921 4064 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys22:42:47.0921 4064 Aha154x - ok22:42:47.0937 4064 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys22:42:47.0953 4064 aic78u2 - ok22:42:47.0968 4064 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys22:42:47.0968 4064 aic78xx - ok22:42:48.0000 4064 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll22:42:48.0000 4064 Alerter - ok22:42:48.0031 4064 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe22:42:48.0031 4064 ALG - ok22:42:48.0062 4064 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys22:42:48.0062 4064 AliIde - ok22:42:48.0078 4064 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys22:42:48.0078 4064 alim1541 - ok22:42:48.0109 4064 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys22:42:48.0109 4064 amdagp - ok22:42:48.0125 4064 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys22:42:48.0125 4064 amsint - ok22:42:48.0156 4064 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys22:42:48.0171 4064 ApfiltrService - ok22:42:48.0203 4064 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS22:42:48.0203 4064 APPDRV - ok22:42:48.0406 4064 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe22:42:48.0406 4064 Apple Mobile Device - ok22:42:48.0453 4064 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll22:42:48.0453 4064 AppMgmt - ok22:42:48.0500 4064 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys22:42:48.0500 4064 Arp1394 - ok22:42:48.0593 4064 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys22:42:48.0609 4064 asc - ok22:42:48.0640 4064 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys22:42:48.0640 4064 asc3350p - ok22:42:48.0671 4064 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys22:42:48.0671 4064 asc3550 - ok22:42:48.0718 4064 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe22:42:48.0718 4064 ASFIPmon - ok22:42:48.0828 4064 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe22:42:48.0828 4064 aspnet_state - ok22:42:48.0859 4064 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys22:42:48.0859 4064 aswFsBlk - ok22:42:48.0890 4064 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys22:42:48.0890 4064 aswMon2 - ok22:42:48.0921 4064 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys22:42:48.0921 4064 aswRdr - ok22:42:48.0968 4064 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys22:42:49.0000 4064 aswSnx - ok22:42:49.0015 4064 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys22:42:49.0031 4064 aswSP - ok22:42:49.0046 4064 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys22:42:49.0062 4064 aswTdi - ok22:42:49.0078 4064 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys22:42:49.0078 4064 AsyncMac - ok22:42:49.0093 4064 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys22:42:49.0093 4064 atapi - ok22:42:49.0093 4064 Atdisk - ok22:42:49.0125 4064 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys22:42:49.0125 4064 Atmarpc - ok22:42:49.0156 4064 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll22:42:49.0156 4064 AudioSrv - ok22:42:49.0187 4064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys22:42:49.0203 4064 audstub - ok22:42:49.0312 4064 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe22:42:49.0328 4064 avast! Antivirus - ok22:42:49.0375 4064 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys22:42:49.0375 4064 b57w2k - ok22:42:49.0406 4064 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys22:42:49.0406 4064 BASFND - ok22:42:49.0437 4064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys22:42:49.0437 4064 Beep - ok22:42:49.0500 4064 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll22:42:49.0562 4064 BITS - ok22:42:49.0671 4064 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe22:42:49.0703 4064 Bonjour Service - ok22:42:49.0734 4064 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll22:42:49.0750 4064 Browser - ok22:42:49.0781 4064 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys22:42:49.0781 4064 cbidf - ok22:42:49.0781 4064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys22:42:49.0781 4064 cbidf2k - ok22:42:49.0828 4064 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys22:42:49.0828 4064 cd20xrnt - ok22:42:49.0843 4064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys22:42:49.0859 4064 Cdaudio - ok22:42:49.0859 4064 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys22:42:49.0859 4064 Cdfs - ok22:42:49.0875 4064 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys22:42:49.0875 4064 Cdrom - ok22:42:49.0890 4064 Changer - ok22:42:49.0921 4064 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe22:42:49.0921 4064 CiSvc - ok22:42:49.0921 4064 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe22:42:49.0921 4064 ClipSrv - ok22:42:50.0015 4064 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe22:42:50.0015 4064 clr_optimization_v2.0.50727_32 - ok22:42:50.0015 4064 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys22:42:50.0015 4064 CmBatt - ok22:42:50.0046 4064 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys22:42:50.0046 4064 CmdIde - ok22:42:50.0046 4064 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys22:42:50.0046 4064 Compbatt - ok22:42:50.0062 4064 COMSysApp - ok22:42:50.0078 4064 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys22:42:50.0078 4064 Cpqarray - ok22:42:50.0109 4064 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll22:42:50.0125 4064 CryptSvc - ok22:42:50.0156 4064 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys22:42:50.0171 4064 dac2w2k - ok22:42:50.0187 4064 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys22:42:50.0187 4064 dac960nt - ok22:42:50.0250 4064 DcomLaunch (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll22:42:50.0281 4064 DcomLaunch - ok22:42:50.0312 4064 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll22:42:50.0328 4064 Dhcp - ok22:42:50.0375 4064 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys22:42:50.0375 4064 Disk - ok22:42:50.0375 4064 dmadmin - ok22:42:50.0468 4064 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys22:42:50.0515 4064 dmboot - ok22:42:50.0531 4064 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys22:42:50.0546 4064 dmio - ok22:42:50.0562 4064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys22:42:50.0578 4064 dmload - ok22:42:50.0609 4064 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll22:42:50.0609 4064 dmserver - ok22:42:50.0671 4064 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys22:42:50.0671 4064 DMusic - ok22:42:50.0703 4064 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll22:42:50.0718 4064 Dnscache - ok22:42:50.0734 4064 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys22:42:50.0734 4064 dpti2o - ok22:42:50.0765 4064 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys22:42:50.0765 4064 drmkaud - ok22:42:50.0781 4064 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys22:42:50.0796 4064 DXEC01 - ok22:42:50.0828 4064 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys22:42:50.0843 4064 E100B - ok22:42:50.0875 4064 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll22:42:50.0890 4064 ERSvc - ok22:42:50.0921 4064 Eventlog (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe22:42:50.0953 4064 Eventlog - ok22:42:51.0000 4064 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll22:42:51.0015 4064 EventSystem - ok22:42:51.0125 4064 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe22:42:51.0156 4064 EvtEng - ok22:42:51.0203 4064 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys22:42:51.0218 4064 Fastfat - ok22:42:51.0265 4064 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll22:42:51.0296 4064 FastUserSwitchingCompatibility - ok22:42:51.0359 4064 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe22:42:51.0390 4064 Fax - ok22:42:51.0406 4064 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys22:42:51.0421 4064 Fdc - ok22:42:51.0453 4064 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys22:42:51.0453 4064 Fips - ok22:42:51.0562 4064 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe22:42:51.0625 4064 FLEXnet Licensing Service - ok22:42:51.0640 4064 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys22:42:51.0656 4064 Flpydisk - ok22:42:51.0687 4064 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys22:42:51.0703 4064 FltMgr - ok22:42:51.0781 4064 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe22:42:51.0781 4064 FontCache3.0.0.0 - ok22:42:51.0828 4064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys22:42:51.0828 4064 Fs_Rec - ok22:42:51.0875 4064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys22:42:51.0890 4064 Ftdisk - ok22:42:51.0921 4064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys22:42:51.0921 4064 GEARAspiWDM - ok22:42:51.0984 4064 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe22:42:51.0984 4064 GoogleDesktopManager-051210-111108 - ok22:42:52.0000 4064 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys22:42:52.0000 4064 Gpc - ok22:42:52.0015 4064 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys22:42:52.0031 4064 guardian2 - ok22:42:52.0078 4064 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe22:42:52.0093 4064 gupdate - ok22:42:52.0109 4064 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe22:42:52.0109 4064 gupdatem - ok22:42:52.0156 4064 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe22:42:52.0171 4064 gusvc - ok22:42:52.0203 4064 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys22:42:52.0218 4064 HDAudBus - ok22:42:52.0265 4064 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll22:42:52.0265 4064 helpsvc - ok22:42:52.0281 4064 HidServ - ok22:42:52.0312 4064 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys22:42:52.0328 4064 HidUsb - ok22:42:52.0343 4064 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys22:42:52.0343 4064 hpn - ok22:42:52.0390 4064 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys22:42:52.0421 4064 HSFHWAZL - ok22:42:52.0515 4064 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys22:42:52.0562 4064 HSF_DPV - ok22:42:52.0625 4064 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys22:42:52.0640 4064 HTTP - ok22:42:52.0671 4064 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll22:42:52.0687 4064 HTTPFilter - ok22:42:52.0734 4064 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys22:42:52.0734 4064 i2omgmt - ok22:42:52.0750 4064 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys22:42:52.0765 4064 i2omp - ok22:42:52.0796 4064 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys22:42:52.0796 4064 i8042prt - ok22:42:53.0156 4064 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys22:42:53.0359 4064 ialm - ok22:42:53.0531 4064 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe22:42:53.0578 4064 idsvc - ok22:42:53.0656 4064 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys22:42:53.0656 4064 Imapi - ok22:42:53.0703 4064 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe22:42:53.0718 4064 ImapiService - ok22:42:53.0750 4064 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys22:42:53.0750 4064 ini910u - ok22:42:53.0750 4064 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys22:42:53.0750 4064 IntelIde - ok22:42:53.0781 4064 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys22:42:53.0781 4064 intelppm - ok22:42:53.0796 4064 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys22:42:53.0796 4064 Ip6Fw - ok22:42:53.0812 4064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys22:42:53.0812 4064 IpFilterDriver - ok22:42:53.0812 4064 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys22:42:53.0828 4064 IpInIp - ok22:42:53.0859 4064 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys22:42:53.0859 4064 IpNat - ok22:42:54.0015 4064 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe22:42:54.0046 4064 iPod Service - ok22:42:54.0093 4064 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys22:42:54.0093 4064 IPSec - ok22:42:54.0109 4064 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys22:42:54.0109 4064 IRENUM - ok22:42:54.0140 4064 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys22:42:54.0140 4064 isapnp - ok22:42:54.0171 4064 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys22:42:54.0171 4064 Kbdclass - ok22:42:54.0218 4064 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys22:42:54.0234 4064 kmixer - ok22:42:54.0265 4064 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys22:42:54.0281 4064 KSecDD - ok22:42:54.0296 4064 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll22:42:54.0343 4064 lanmanserver - ok22:42:54.0390 4064 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll22:42:54.0437 4064 lanmanworkstation - ok22:42:54.0437 4064 lbrtfdc - ok22:42:54.0484 4064 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll22:42:54.0500 4064 LmHosts - ok22:42:54.0546 4064 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys22:42:54.0546 4064 mdmxsdk - ok22:42:54.0562 4064 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll22:42:54.0578 4064 Messenger - ok22:42:54.0625 4064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys22:42:54.0625 4064 mnmdd - ok22:42:54.0656 4064 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe22:42:54.0671 4064 mnmsrvc - ok22:42:54.0671 4064 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys22:42:54.0687 4064 Modem - ok22:42:54.0734 4064 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys22:42:54.0734 4064 Mouclass - ok22:42:54.0781 4064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys22:42:54.0781 4064 mouhid - ok22:42:54.0796 4064 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys22:42:54.0796 4064 MountMgr - ok22:42:54.0828 4064 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys22:42:54.0828 4064 mraid35x - ok22:42:54.0859 4064 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys22:42:54.0890 4064 MRxDAV - ok22:42:54.0937 4064 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys22:42:54.0953 4064 MRxSmb - ok22:42:54.0984 4064 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe22:42:55.0015 4064 MSDTC - ok22:42:55.0031 4064 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys22:42:55.0046 4064 Msfs - ok22:42:55.0046 4064 MSIServer - ok22:42:55.0078 4064 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys22:42:55.0093 4064 MSKSSRV - ok22:42:55.0109 4064 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys22:42:55.0109 4064 MSPCLOCK - ok22:42:55.0109 4064 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys22:42:55.0125 4064 MSPQM - ok22:42:55.0140 4064 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys22:42:55.0156 4064 mssmbios - ok22:42:55.0156 4064 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys22:42:55.0171 4064 Mup - ok22:42:55.0203 4064 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys22:42:55.0218 4064 NDIS - ok22:42:55.0218 4064 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys22:42:55.0234 4064 NdisTapi - ok22:42:55.0234 4064 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys22:42:55.0250 4064 Ndisuio - ok22:42:55.0250 4064 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys22:42:55.0265 4064 NdisWan - ok22:42:55.0281 4064 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys22:42:55.0281 4064 NDProxy - ok22:42:55.0296 4064 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys22:42:55.0296 4064 NetBIOS - ok22:42:55.0328 4064 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys22:42:55.0328 4064 NetBT - ok22:42:55.0375 4064 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe22:42:55.0406 4064 NetDDE - ok22:42:55.0421 4064 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe22:42:55.0437 4064 NetDDEdsdm - ok22:42:55.0468 4064 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe22:42:55.0468 4064 Netlogon - ok22:42:55.0515 4064 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll22:42:55.0578 4064 Netman - ok22:42:55.0687 4064 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe22:42:55.0703 4064 NetTcpPortSharing - ok22:42:55.0875 4064 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys22:42:55.0984 4064 NETw4x32 - ok22:42:56.0046 4064 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys22:42:56.0062 4064 NIC1394 - ok22:42:56.0203 4064 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe22:42:56.0218 4064 NICCONFIGSVC - ok22:42:56.0265 4064 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll22:42:56.0296 4064 Nla - ok22:42:56.0343 4064 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys22:42:56.0343 4064 Npfs - ok22:42:56.0406 4064 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys22:42:56.0421 4064 Ntfs - ok22:42:56.0453 4064 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe22:42:56.0468 4064 NtLmSsp - ok22:42:56.0531 4064 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll22:42:56.0578 4064 NtmsSvc - ok22:42:56.0609 4064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys22:42:56.0609 4064 Null - ok22:42:56.0765 4064 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys22:42:56.0875 4064 nv - ok22:42:56.0953 4064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys22:42:56.0953 4064 NwlnkFlt - ok22:42:56.0968 4064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys22:42:56.0968 4064 NwlnkFwd - ok22:42:57.0125 4064 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE22:42:57.0171 4064 odserv - ok22:42:57.0218 4064 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys22:42:57.0218 4064 ohci1394 - ok22:42:57.0250 4064 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE22:42:57.0265 4064 ose - ok22:42:57.0281 4064 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys22:42:57.0296 4064 Parport - ok22:42:57.0296 4064 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys22:42:57.0296 4064 PartMgr - ok22:42:57.0312 4064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys22:42:57.0328 4064 ParVdm - ok22:42:57.0343 4064 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys22:42:57.0343 4064 PBADRV - ok22:42:57.0343 4064 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys22:42:57.0343 4064 PCI - ok22:42:57.0343 4064 PCIDump - ok22:42:57.0359 4064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys22:42:57.0359 4064 PCIIde - ok22:42:57.0359 4064 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys22:42:57.0375 4064 Pcmcia - ok22:42:57.0375 4064 PDCOMP - ok22:42:57.0375 4064 PDFRAME - ok22:42:57.0390 4064 PDRELI - ok22:42:57.0390 4064 PDRFRAME - ok22:42:57.0421 4064 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys22:42:57.0421 4064 perc2 - ok22:42:57.0437 4064 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys22:42:57.0437 4064 perc2hib - ok22:42:57.0515 4064 PlugPlay (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe22:42:57.0531 4064 PlugPlay - ok22:42:57.0578 4064 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe22:42:57.0578 4064 PolicyAgent - ok22:42:57.0625 4064 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys22:42:57.0625 4064 PptpMiniport - ok22:42:57.0625 4064 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe22:42:57.0625 4064 ProtectedStorage - ok22:42:57.0640 4064 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys22:42:57.0640 4064 PSched - ok22:42:57.0640 4064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys22:42:57.0640 4064 Ptilink - ok22:42:57.0656 4064 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys22:42:57.0656 4064 ql1080 - ok22:42:57.0656 4064 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys22:42:57.0656 4064 Ql10wnt - ok22:42:57.0671 4064 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys22:42:57.0671 4064 ql12160 - ok22:42:57.0671 4064 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys22:42:57.0687 4064 ql1240 - ok22:42:57.0703 4064 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys22:42:57.0703 4064 ql1280 - ok22:42:57.0718 4064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys22:42:57.0718 4064 RasAcd - ok22:42:57.0750 4064 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll22:42:57.0765 4064 RasAuto - ok22:42:57.0796 4064 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys22:42:57.0796 4064 Rasl2tp - ok22:42:57.0828 4064 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll22:42:57.0843 4064 RasMan - ok22:42:57.0843 4064 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys22:42:57.0859 4064 RasPppoe - ok22:42:57.0859 4064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys22:42:57.0859 4064 Raspti - ok22:42:57.0906 4064 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys22:42:57.0921 4064 Rdbss - ok22:42:57.0921 4064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys22:42:57.0921 4064 RDPCDD - ok22:42:57.0953 4064 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys22:42:57.0968 4064 rdpdr - ok22:42:58.0000 4064 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys22:42:58.0000 4064 RDPWD - ok22:42:58.0046 4064 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe22:42:58.0093 4064 RDSessMgr - ok22:42:58.0125 4064 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys22:42:58.0125 4064 redbook - ok22:42:58.0218 4064 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe22:42:58.0234 4064 RegSrvc - ok22:42:58.0265 4064 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll22:42:58.0281 4064 RemoteAccess - ok22:42:58.0312 4064 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll22:42:58.0343 4064 RemoteRegistry - ok22:42:58.0375 4064 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe22:42:58.0390 4064 RpcLocator - ok22:42:58.0437 4064 RpcSs (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll22:42:58.0453 4064 RpcSs - ok22:42:58.0484 4064 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe22:42:58.0531 4064 RSVP - ok22:42:58.0593 4064 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe22:42:58.0625 4064 S24EventMonitor - ok22:42:58.0671 4064 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys22:42:58.0671 4064 s24trans - ok22:42:58.0703 4064 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe22:42:58.0718 4064 SamSs - ok22:42:58.0750 4064 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe22:42:58.0765 4064 SCardSvr - ok22:42:58.0796 4064 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll22:42:58.0812 4064 Schedule - ok22:42:58.0859 4064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys22:42:58.0859 4064 Secdrv - ok22:42:58.0890 4064 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll22:42:58.0906 4064 seclogon - ok22:42:59.0015 4064 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe22:42:59.0046 4064 SecureStorageService - ok22:42:59.0046 4064 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll22:42:59.0062 4064 SENS - ok22:42:59.0078 4064 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys22:42:59.0078 4064 serenum - ok22:42:59.0093 4064 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys22:42:59.0109 4064 Serial - ok22:42:59.0140 4064 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys22:42:59.0140 4064 Sfloppy - ok22:42:59.0187 4064 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll22:42:59.0250 4064 SharedAccess - ok22:42:59.0281 4064 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll22:42:59.0296 4064 ShellHWDetection - ok22:42:59.0296 4064 Simbad - ok22:42:59.0343 4064 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys22:42:59.0343 4064 sisagp - ok22:42:59.0359 4064 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys22:42:59.0359 4064 Sparrow - ok22:42:59.0390 4064 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys22:42:59.0406 4064 splitter - ok22:42:59.0437 4064 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe22:42:59.0453 4064 Spooler - ok22:42:59.0468 4064 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys22:42:59.0484 4064 sr - ok22:42:59.0531 4064 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll22:42:59.0578 4064 srservice - ok22:42:59.0625 4064 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys22:42:59.0640 4064 Srv - ok22:42:59.0687 4064 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll22:42:59.0703 4064 SSDPSRV - ok22:42:59.0750 4064 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe22:42:59.0796 4064 STacSV - ok22:42:59.0921 4064 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys22:42:59.0984 4064 STHDA - ok22:43:00.0031 4064 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll22:43:00.0093 4064 stisvc - ok22:43:00.0156 4064 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys22:43:00.0171 4064 swenum - ok22:43:00.0218 4064 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys22:43:00.0218 4064 swmidi - ok22:43:00.0234 4064 SwPrv - ok22:43:00.0250 4064 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys22:43:00.0250 4064 symc810 - ok22:43:00.0281 4064 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys22:43:00.0281 4064 symc8xx - ok22:43:00.0312 4064 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys22:43:00.0312 4064 sym_hi - ok22:43:00.0312 4064 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys22:43:00.0328 4064 sym_u3 - ok22:43:00.0359 4064 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys22:43:00.0359 4064 sysaudio - ok22:43:00.0406 4064 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe22:43:00.0437 4064 SysmonLog - ok22:43:00.0484 4064 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll22:43:00.0625 4064 TapiSrv - ok22:43:00.0968 4064 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys22:43:01.0140 4064 Tcpip - ok22:43:01.0640 4064 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe22:43:01.0703 4064 tcsd_win32.exe - ok22:43:01.0859 4064 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe22:43:01.0921 4064 TdmService - ok22:43:02.0031 4064 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys22:43:02.0031 4064 TDPIPE - ok22:43:02.0046 4064 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys22:43:02.0046 4064 TDTCP - ok22:43:02.0078 4064 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys22:43:02.0093 4064 TermDD - ok22:43:02.0156 4064 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll22:43:02.0359 4064 TermService - ok22:43:02.0453 4064 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll22:43:02.0468 4064 Themes - ok22:43:02.0515 4064 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe22:43:02.0546 4064 TlntSvr - ok22:43:02.0593 4064 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys22:43:02.0609 4064 TosIde - ok22:43:02.0640 4064 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll22:43:02.0734 4064 TrkWks - ok22:43:02.0875 4064 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys22:43:02.0890 4064 Udfs - ok22:43:02.0921 4064 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys22:43:02.0921 4064 ultra - ok22:43:02.0968 4064 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys22:43:02.0984 4064 Update - ok22:43:03.0031 4064 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll22:43:03.0078 4064 upnphost - ok22:43:03.0109 4064 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe22:43:03.0125 4064 UPS - ok22:43:03.0156 4064 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys22:43:03.0156 4064 USBAAPL - ok22:43:03.0187 4064 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys22:43:03.0203 4064 usbehci - ok22:43:03.0218 4064 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys22:43:03.0218 4064 usbhub - ok22:43:03.0250 4064 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys22:43:03.0265 4064 usbscan - ok22:43:03.0296 4064 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS22:43:03.0296 4064 USBSTOR - ok22:43:03.0312 4064 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys22:43:03.0328 4064 usbuhci - ok22:43:03.0375 4064 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys22:43:03.0375 4064 VgaSave - ok22:43:03.0406 4064 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys22:43:03.0406 4064 viaagp - ok22:43:03.0421 4064 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys22:43:03.0437 4064 ViaIde - ok22:43:03.0468 4064 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys22:43:03.0468 4064 VolSnap - ok22:43:03.0515 4064 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe22:43:03.0562 4064 VSS - ok22:43:03.0609 4064 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll22:43:03.0671 4064 w32time - ok22:43:03.0703 4064 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys22:43:03.0718 4064 Wanarp - ok22:43:03.0718 4064 Wave UCSPlus - ok22:43:03.0859 4064 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe22:43:03.0875 4064 WaveEnrollmentService - ok22:43:03.0906 4064 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys22:43:03.0906 4064 WaveFDE - ok22:43:03.0937 4064 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys22:43:03.0953 4064 WavxDMgr - ok22:43:03.0953 4064 WDICA - ok22:43:04.0015 4064 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys22:43:04.0015 4064 wdmaud - ok22:43:04.0062 4064 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll22:43:04.0062 4064 WebClient - ok22:43:04.0140 4064 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys22:43:04.0187 4064 winachsf - ok22:43:04.0281 4064 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll22:43:04.0296 4064 winmgmt - ok22:43:04.0453 4064 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe22:43:04.0578 4064 WLANKEEPER - ok22:43:04.0671 4064 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll22:43:04.0703 4064 WmdmPmSN - ok22:43:04.0828 4064 Wmi (e8e57b0f9eb03d1aabec28d550c75116) C:\WINDOWS\System32\advapi32.dll22:43:04.0875 4064 Wmi - ok22:43:04.0921 4064 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys22:43:04.0937 4064 WmiAcpi - ok22:43:04.0984 4064 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe22:43:05.0000 4064 WmiApSrv - ok22:43:05.0093 4064 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe22:43:05.0125 4064 WMPNetworkSvc - ok22:43:05.0171 4064 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll22:43:05.0171 4064 wscsvc - ok22:43:05.0218 4064 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll22:43:05.0218 4064 wuauserv - ok22:43:05.0250 4064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys22:43:05.0265 4064 WudfPf - ok22:43:05.0296 4064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys22:43:05.0296 4064 WudfRd - ok22:43:05.0312 4064 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll22:43:05.0328 4064 WudfSvc - ok22:43:05.0375 4064 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll22:43:05.0421 4064 WZCSVC - ok22:43:05.0437 4064 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll22:43:05.0453 4064 xmlprov - ok22:43:05.0484 4064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR022:43:05.0953 4064 \Device\Harddisk0\DR0 - ok22:43:05.0953 4064 Boot (0x1200) (855b4d7c371f409c106be498d5ac2525) \Device\Harddisk0\DR0\Partition022:43:05.0968 4064 \Device\Harddisk0\DR0\Partition0 - ok22:43:05.0968 4064 ============================================================22:43:05.0968 4064 Scan finished22:43:05.0968 4064 ============================================================22:43:05.0968 0164 Detected object count: 022:43:05.0968 0164 Actual detected object count: 0 Link to post Share on other sites More sharing options...
grogger Posted May 30, 2012 Author ID:555914 Share Posted May 30, 2012 ComboFix did not run successfully. A command window opened, witha message the "c.bat is not recognized as an internal or external command, operable program or batch file."The only file in the C:\ComboFix Directory is a file CF10655.3XESecurity Check checkup.txt: Results of screen317's Security Check version 0.99.41 Windows XP Service Pack 2 x86 Out of date service pack!! Internet Explorer 7 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Please wait while WMIC is being installed.displayNameECHO is off.avast!ECHO is off.AntivirusECHO is off. Antivirus up to date! (On Access scanning disabled!)`````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Adobe Flash Player 10 Flash Player out of date! Google Chrome 18.0.1025.168 Google Chrome 19.0.1084.52 ````````Process Check: objlist.exe by Laurent```````` Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 avastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 26% Defragment your hard drive soon!````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
grogger Posted May 30, 2012 Author ID:555922 Share Posted May 30, 2012 Only way ComboFix would run was under Safe Mode:Resulting Log:ComboFix 12-05-29.01 - Nancy 05/29/2012 23:07:11.1.2 - x86 MINIMALMicrosoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.818 [GMT -4:00]Running from: c:\documents and settings\Nancy\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}.WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\system32\SET2C.tmpc:\windows\system32\SET30.tmpc:\windows\system32\SET38.tmpc:\windows\system32\SET41.tmpc:\windows\system32\SET42.tmpc:\windows\system32\SET43.tmpc:\windows\system32\SET46.tmpc:\windows\system32\test..((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))..2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\documents and settings\Nancy\Application Data\Malwarebytes2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-05-29 02:23 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-12 02:36 . 2012-05-12 02:36 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\Identities...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-05-30 03:21 . 2008-03-06 02:15 0 ----a-w- c:\documents and settings\Nancy\Local Settings\Application Data\WavXMapDrive.bat2012-03-06 23:15 . 2010-11-29 13:49 41184 ----a-w- c:\windows\avastSS.scr2012-03-06 23:15 . 2008-03-06 03:15 201352 ----a-w- c:\windows\system32\aswBoot.exe2012-03-06 23:03 . 2011-06-17 20:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys2012-03-06 23:03 . 2009-03-04 01:51 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys2012-03-06 23:02 . 2008-03-06 03:15 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys2012-03-06 23:01 . 2008-03-06 03:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys2012-03-06 23:01 . 2008-03-06 03:15 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys2012-03-06 23:01 . 2008-03-06 03:15 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys2012-03-06 23:01 . 2009-03-04 01:51 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2012-03-06 22:58 . 2008-03-06 03:15 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-26 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2008-10-15 45936]"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-05 30192]"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736].c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-25 50688].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 wvauth.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=.R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/17/2011 4:20 PM 612184]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/3/2009 9:51 PM 337880]R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2009 9:51 PM 20696]R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120]R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:31 PM 135664]S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/25/2008 11:27 PM 30192]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:31 PM 135664].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57].2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:31].2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mSearch Bar = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080226uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-05-29 23:21Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(804)c:\windows\system32\wvauth.dllc:\windows\system32\biolsp.dll.- - - - - - - > 'explorer.exe'(3400)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Intel\Wireless\Bin\S24EvMon.exec:\program files\Alwil Software\Avast5\AvastSvc.exec:\windows\System32\SCardSvr.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Dell\QuickSet\NICCONFIGSVC.exec:\program files\Intel\Wireless\Bin\RegSrvc.exec:\windows\system32\StacSV.exec:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exec:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exec:\program files\Intel\Wireless\Bin\WLKeeper.exec:\windows\system32\msdtc.exec:\windows\system32\igfxsrvc.exec:\program files\Apoint\ApMsgFwd.exec:\program files\Apoint\HidFind.exec:\program files\Apoint\Apntex.exec:\program files\Intel\Wireless\Bin\Dot1XCfg.exec:\program files\iPod\bin\iPodService.exec:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe.**************************************************************************.Completion time: 2012-05-29 23:24:58 - machine was rebootedComboFix-quarantined-files.txt 2012-05-30 03:24.Pre-Run: 47,439,638,528 bytes freePost-Run: 50,159,915,008 bytes free.- - End Of File - - 1B2438080F31E7F061E98FA0CC02A746 Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 30, 2012 ID:555942 Share Posted May 30, 2012 I see you have chosen to not install the Windows Recovery Console. This is a crucial feature that provides us with a necesssary safety net in case something bad happens while we attempt to fix your machine. Please re-run ComboFix.exe, and choose to install the Recovery Console this time. Please post the newly-created C:\ComboFix.txt.If you need any help in installing the Recovery Console, don't hesitate to ask. Link to post Share on other sites More sharing options...
grogger Posted May 30, 2012 Author ID:556050 Share Posted May 30, 2012 Console installed..**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'lsass.exe'(664)c:\windows\system32\wvauth.dllc:\windows\system32\biolsp.dll.- - - - - - - > 'explorer.exe'(1144)c:\windows\system32\WININET.dllc:\windows\system32\ieframe.dll.Completion time: 2012-05-30 11:35:34ComboFix-quarantined-files.txt 2012-05-30 15:35ComboFix2.txt 2012-05-30 03:24.Pre-Run: 51,183,951,872 bytes freePost-Run: 51,173,834,752 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 7550DBBBFDF72101EABD3C2054FAFB48 Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 30, 2012 ID:556088 Share Posted May 30, 2012 I'm afraid that's only a portion of the log. Please post the entire newly-created C:\ComboFix.txt here for me to see. You can also attach it if you have difficulty posting it. Link to post Share on other sites More sharing options...
grogger Posted May 30, 2012 Author ID:556098 Share Posted May 30, 2012 unfortunately...That was all that was in the log the second time I ran it. Let me run it again. Link to post Share on other sites More sharing options...
grogger Posted May 30, 2012 Author ID:556107 Share Posted May 30, 2012 Ran again, but appears to be the same result. I had to run it in Safe Mode as that is the only way it still runs at all.ComboFix.txt Link to post Share on other sites More sharing options...
grogger Posted May 30, 2012 Author ID:556110 Share Posted May 30, 2012 Re-downloaded combo fix again and re-ran. Still looks the same. Any ideas?ComboFix.txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 30, 2012 ID:556117 Share Posted May 30, 2012 Yeah, that's the right log. In your post after instalilng the Recovery Console, the log was truncated. We got what we need now. Let's take a deeper look at what might be troubling your system:Download the latest version of Kaspersky Virus Removal ToolClose all other applications and double-click and run the installer.When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats. Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK. Select all the scanable items except for CD-ROM drives and click the Start scan button.If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all buttonIn the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.In the Scan window click the Reports button and select Save to file.Name the report AVPT.txt, and save it to the Desktop.Close AVPTool.You will be prompted if you want to uninstall the program; click Yes.You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.Copy and paste the first part of the report (Detected) that you saved in your next reply. Link to post Share on other sites More sharing options...
grogger Posted May 31, 2012 Author ID:556242 Share Posted May 31, 2012 Not having a whole lot of luck. Didn't really find anything. I'm assuming this is some kind of malware. I can create files without problems, but I still can not delete or rename a file unless I reboot into safe mode. I am having to do all these scans and runs in safe-mode, because they are not working otherwise. Not sure if that is causing it not to find anything.The file is too big, so I need to .zip it. BUt I have to reboot in safe mode to be able to create the zip file. WIll upload shortly. Link to post Share on other sites More sharing options...
grogger Posted May 31, 2012 Author ID:556247 Share Posted May 31, 2012 Here is the log file.AVPT.zip Link to post Share on other sites More sharing options...
grogger Posted May 31, 2012 Author ID:556250 Share Posted May 31, 2012 Just found one other interesting bit of information. If I open a command prompt, I can delete and rename files through Command line. Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 31, 2012 ID:556256 Share Posted May 31, 2012 Please Launch Malwarebytes' Anti-Malware.Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.Once the program has loaded, select Perform full scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results.Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to a location you will remember. Copy and Paste that log into your next reply.Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK for either of the prompts and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately. Link to post Share on other sites More sharing options...
grogger Posted May 31, 2012 Author ID:556279 Share Posted May 31, 2012 Here is the log:Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.30.07Windows XP Service Pack 2 x86 NTFSInternet Explorer 7.0.5730.13Nancy :: JACK [administrator]5/30/2012 11:50:32 PMmbam-log-2012-05-30 (23-50-32).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 251147Time elapsed: 1 hour(s), 14 minute(s), 48 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 31, 2012 ID:556287 Share Posted May 31, 2012 I recommend you leave this running overnight:Please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topic Link to post Share on other sites More sharing options...
grogger Posted May 31, 2012 Author ID:556332 Share Posted May 31, 2012 Still nothing. DO you think this sounds like malware or just something else wrong with the computer? Here is the log from the ESET Scanner:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)# OnlineScanner.ocx=1.0.0.6583# api_version=3.0.2# EOSSerial=b6c3c05e36e5b3419d25c9cd19b0d8c9# end=finished# remove_checked=false# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2012-05-31 12:26:09# local_time=2012-05-31 08:26:09 (-0500, Eastern Daylight Time)# country="United States"# lang=1033# osver=5.1.2600 NT Service Pack 2# compatibility_mode=770 16774141 100 95 0 114250223 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=55151# found=0# cleaned=0# scan_time=1618 Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted May 31, 2012 ID:556409 Share Posted May 31, 2012 It might very well just be a simple Registry issue, but I'd like to completely be sure it isn't malware-related before we explore that.Please download to the Desktop RogueKiller (by tigzy).Please quit all programs.Start RogueKiller.exe.Wait until Prescan has finished.Click on Scan. Click on Report and copy/paste the contents of the report in your next reply. Link to post Share on other sites More sharing options...
grogger Posted June 1, 2012 Author ID:556490 Share Posted June 1, 2012 Here is the RogueKiller log:RogueKiller V7.5.2 [05/30/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows XP (5.1.2600 Service Pack 2) 32 bits versionStarted in : Normal modeUser: Nancy [Admin rights]Mode: Scan -- Date: 05/31/2012 20:15:27¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 1 ¤¤¤[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST980813ASG +++++--- User ---[MBR] 0d20519f4697fe02675d1961fb932b3e[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76245 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 1, 2012 ID:556530 Share Posted June 1, 2012 Please download SystemLook from one of the links below and save it to your Desktop.Download Mirror #1Download Mirror #2Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield::regfind 20D04FE0-3AEA-1069-A2D8-08002B30309DClick the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found at on your Desktop entitled SystemLook.txt Link to post Share on other sites More sharing options...
grogger Posted June 1, 2012 Author ID:556537 Share Posted June 1, 2012 SystemLook.txt:SystemLook 30.07.11 by jpshortstuffLog created at 23:05 on 31/05/2012 by NancyAdministrator - Elevation successful========== regfind ==========Searching for "20D04FE0-3AEA-1069-A2D8-08002B30309D"[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{20D04FE0-3AEA-1069-A2D8-08002B30309D}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\17]"ShellExecute"="::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Policy\{20D04FE0-3AEA-1069-A2D8-08002B30309D}][HKEY_USERS\S-1-5-21-3611719831-1192953567-205520213-1005\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]-= EOF =- Link to post Share on other sites More sharing options...
D-FRED-BROWN Posted June 1, 2012 ID:556590 Share Posted June 1, 2012 When you say you can create new files, what file types are you referring to?Do you receive any messages when unsuccessfully attempting to rename/delete files?Are you attempting to rename/delete files from an Administrator account?Please let me know. Link to post Share on other sites More sharing options...
grogger Posted June 1, 2012 Author ID:556651 Share Posted June 1, 2012 Any type of file. All the files that you have had me save to my desktop, I can't delete. That means Office Docs, text files, .exe files. ANy file that gets created anywhere on the machine, I can't rename or delete them unless I am working in Safe Mode. In Safe Mode there does not appear to be any problems working with files. However, if I open a command prompt, and use command line, I can delete files, but I still can't rename them.The user is a local administrator (You can see that from the SystemLook output also). I checked file level security permissions, and the permissions on the files are Full-Control. The error I get is Access Denied:The file is not currently in use, and the disk is not full.I assume this means we haven't found any malware, and we are now wondering what the problem is.Thanks again for all your help! Link to post Share on other sites More sharing options...
Recommended Posts