Jump to content

Need Help


Recommended Posts

So my Mother in law got something on her computer.

We can create a new file, but we cannot change (ie: rename) or delete these files no matter where we create them. If I boot into Safe Mode, then I can delete the files no problem.

I was unable to install MalwareBytes until I went into Safe Mode and installed it. MalwareBytes did not find anything. Concerned this may be a root kit of some kind. Helpo is appreciated.

MalwareBytes Quick scan did not find anything. Ran the DDS swcript and have attached the results. Thanks again!

-Grogger

attach.txt

dds.txt

Link to post
Share on other sites

Hello grogger and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

TDSKiller didn't find anything. Working on the next steps. Here is teh TDSKiller log:

22:42:25.0062 1504 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31

22:42:25.0734 1504 ============================================================

22:42:25.0734 1504 Current date / time: 2012/05/29 22:42:25.0734

22:42:25.0734 1504 SystemInfo:

22:42:25.0734 1504

22:42:25.0734 1504 OS Version: 5.1.2600 ServicePack: 2.0

22:42:25.0734 1504 Product type: Workstation

22:42:25.0734 1504 ComputerName: JACK

22:42:25.0734 1504 UserName: Nancy

22:42:25.0734 1504 Windows directory: C:\WINDOWS

22:42:25.0734 1504 System windows directory: C:\WINDOWS

22:42:25.0734 1504 Processor architecture: Intel x86

22:42:25.0734 1504 Number of processors: 2

22:42:25.0734 1504 Page size: 0x1000

22:42:25.0734 1504 Boot type: Normal boot

22:42:25.0734 1504 ============================================================

22:42:28.0015 1504 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

22:42:28.0031 1504 ============================================================

22:42:28.0031 1504 \Device\Harddisk0\DR0:

22:42:28.0031 1504 MBR partitions:

22:42:28.0031 1504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x234C9, BlocksNum 0x94EAFF8

22:42:28.0031 1504 ============================================================

22:42:28.0093 1504 C: <-> \Device\Harddisk0\DR0\Partition0

22:42:28.0093 1504 ============================================================

22:42:28.0093 1504 Initialize success

22:42:28.0093 1504 ============================================================

22:42:46.0546 4064 ============================================================

22:42:46.0546 4064 Scan started

22:42:46.0546 4064 Mode: Manual;

22:42:46.0546 4064 ============================================================

22:42:47.0546 4064 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys

22:42:47.0562 4064 Aavmker4 - ok

22:42:47.0562 4064 Abiosdsk - ok

22:42:47.0609 4064 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

22:42:47.0609 4064 abp480n5 - ok

22:42:47.0640 4064 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

22:42:47.0640 4064 ACPI - ok

22:42:47.0671 4064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

22:42:47.0671 4064 ACPIEC - ok

22:42:47.0687 4064 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

22:42:47.0687 4064 adpu160m - ok

22:42:47.0734 4064 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

22:42:47.0750 4064 aec - ok

22:42:47.0781 4064 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys

22:42:47.0781 4064 AegisP - ok

22:42:47.0843 4064 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

22:42:47.0843 4064 AFD - ok

22:42:47.0875 4064 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

22:42:47.0875 4064 agp440 - ok

22:42:47.0906 4064 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

22:42:47.0906 4064 agpCPQ - ok

22:42:47.0921 4064 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

22:42:47.0921 4064 Aha154x - ok

22:42:47.0937 4064 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

22:42:47.0953 4064 aic78u2 - ok

22:42:47.0968 4064 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

22:42:47.0968 4064 aic78xx - ok

22:42:48.0000 4064 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS\system32\alrsvc.dll

22:42:48.0000 4064 Alerter - ok

22:42:48.0031 4064 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS\System32\alg.exe

22:42:48.0031 4064 ALG - ok

22:42:48.0062 4064 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

22:42:48.0062 4064 AliIde - ok

22:42:48.0078 4064 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys

22:42:48.0078 4064 alim1541 - ok

22:42:48.0109 4064 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys

22:42:48.0109 4064 amdagp - ok

22:42:48.0125 4064 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

22:42:48.0125 4064 amsint - ok

22:42:48.0156 4064 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

22:42:48.0171 4064 ApfiltrService - ok

22:42:48.0203 4064 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

22:42:48.0203 4064 APPDRV - ok

22:42:48.0406 4064 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:42:48.0406 4064 Apple Mobile Device - ok

22:42:48.0453 4064 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS\System32\appmgmts.dll

22:42:48.0453 4064 AppMgmt - ok

22:42:48.0500 4064 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

22:42:48.0500 4064 Arp1394 - ok

22:42:48.0593 4064 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

22:42:48.0609 4064 asc - ok

22:42:48.0640 4064 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

22:42:48.0640 4064 asc3350p - ok

22:42:48.0671 4064 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

22:42:48.0671 4064 asc3550 - ok

22:42:48.0718 4064 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

22:42:48.0718 4064 ASFIPmon - ok

22:42:48.0828 4064 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

22:42:48.0828 4064 aspnet_state - ok

22:42:48.0859 4064 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys

22:42:48.0859 4064 aswFsBlk - ok

22:42:48.0890 4064 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys

22:42:48.0890 4064 aswMon2 - ok

22:42:48.0921 4064 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys

22:42:48.0921 4064 aswRdr - ok

22:42:48.0968 4064 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys

22:42:49.0000 4064 aswSnx - ok

22:42:49.0015 4064 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys

22:42:49.0031 4064 aswSP - ok

22:42:49.0046 4064 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys

22:42:49.0062 4064 aswTdi - ok

22:42:49.0078 4064 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

22:42:49.0078 4064 AsyncMac - ok

22:42:49.0093 4064 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

22:42:49.0093 4064 atapi - ok

22:42:49.0093 4064 Atdisk - ok

22:42:49.0125 4064 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

22:42:49.0125 4064 Atmarpc - ok

22:42:49.0156 4064 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS\System32\audiosrv.dll

22:42:49.0156 4064 AudioSrv - ok

22:42:49.0187 4064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

22:42:49.0203 4064 audstub - ok

22:42:49.0312 4064 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

22:42:49.0328 4064 avast! Antivirus - ok

22:42:49.0375 4064 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

22:42:49.0375 4064 b57w2k - ok

22:42:49.0406 4064 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

22:42:49.0406 4064 BASFND - ok

22:42:49.0437 4064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

22:42:49.0437 4064 Beep - ok

22:42:49.0500 4064 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS\system32\qmgr.dll

22:42:49.0562 4064 BITS - ok

22:42:49.0671 4064 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

22:42:49.0703 4064 Bonjour Service - ok

22:42:49.0734 4064 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS\System32\browser.dll

22:42:49.0750 4064 Browser - ok

22:42:49.0781 4064 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

22:42:49.0781 4064 cbidf - ok

22:42:49.0781 4064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

22:42:49.0781 4064 cbidf2k - ok

22:42:49.0828 4064 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

22:42:49.0828 4064 cd20xrnt - ok

22:42:49.0843 4064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

22:42:49.0859 4064 Cdaudio - ok

22:42:49.0859 4064 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

22:42:49.0859 4064 Cdfs - ok

22:42:49.0875 4064 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

22:42:49.0875 4064 Cdrom - ok

22:42:49.0890 4064 Changer - ok

22:42:49.0921 4064 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS\system32\cisvc.exe

22:42:49.0921 4064 CiSvc - ok

22:42:49.0921 4064 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS\system32\clipsrv.exe

22:42:49.0921 4064 ClipSrv - ok

22:42:50.0015 4064 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:42:50.0015 4064 clr_optimization_v2.0.50727_32 - ok

22:42:50.0015 4064 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

22:42:50.0015 4064 CmBatt - ok

22:42:50.0046 4064 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

22:42:50.0046 4064 CmdIde - ok

22:42:50.0046 4064 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

22:42:50.0046 4064 Compbatt - ok

22:42:50.0062 4064 COMSysApp - ok

22:42:50.0078 4064 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

22:42:50.0078 4064 Cpqarray - ok

22:42:50.0109 4064 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS\System32\cryptsvc.dll

22:42:50.0125 4064 CryptSvc - ok

22:42:50.0156 4064 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

22:42:50.0171 4064 dac2w2k - ok

22:42:50.0187 4064 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

22:42:50.0187 4064 dac960nt - ok

22:42:50.0250 4064 DcomLaunch (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll

22:42:50.0281 4064 DcomLaunch - ok

22:42:50.0312 4064 Dhcp (ef545e1a4b043da4c84e230dd471c55f) C:\WINDOWS\System32\dhcpcsvc.dll

22:42:50.0328 4064 Dhcp - ok

22:42:50.0375 4064 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

22:42:50.0375 4064 Disk - ok

22:42:50.0375 4064 dmadmin - ok

22:42:50.0468 4064 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

22:42:50.0515 4064 dmboot - ok

22:42:50.0531 4064 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

22:42:50.0546 4064 dmio - ok

22:42:50.0562 4064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

22:42:50.0578 4064 dmload - ok

22:42:50.0609 4064 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS\System32\dmserver.dll

22:42:50.0609 4064 dmserver - ok

22:42:50.0671 4064 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

22:42:50.0671 4064 DMusic - ok

22:42:50.0703 4064 Dnscache (aac8ffbfd61e784fa3bac851d4a0bd5f) C:\WINDOWS\System32\dnsrslvr.dll

22:42:50.0718 4064 Dnscache - ok

22:42:50.0734 4064 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

22:42:50.0734 4064 dpti2o - ok

22:42:50.0765 4064 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

22:42:50.0765 4064 drmkaud - ok

22:42:50.0781 4064 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys

22:42:50.0796 4064 DXEC01 - ok

22:42:50.0828 4064 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

22:42:50.0843 4064 E100B - ok

22:42:50.0875 4064 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS\System32\ersvc.dll

22:42:50.0890 4064 ERSvc - ok

22:42:50.0921 4064 Eventlog (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe

22:42:50.0953 4064 Eventlog - ok

22:42:51.0000 4064 EventSystem (60d1a6342238378bfb7545c81ee3606c) C:\WINDOWS\system32\es.dll

22:42:51.0015 4064 EventSystem - ok

22:42:51.0125 4064 EvtEng (e71b03ff6b819ae1a286aa27e956d523) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

22:42:51.0156 4064 EvtEng - ok

22:42:51.0203 4064 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

22:42:51.0218 4064 Fastfat - ok

22:42:51.0265 4064 FastUserSwitchingCompatibility (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

22:42:51.0296 4064 FastUserSwitchingCompatibility - ok

22:42:51.0359 4064 Fax (fcbd571fa0ee8dc238944ae5fab74461) C:\WINDOWS\system32\fxssvc.exe

22:42:51.0390 4064 Fax - ok

22:42:51.0406 4064 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

22:42:51.0421 4064 Fdc - ok

22:42:51.0453 4064 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

22:42:51.0453 4064 Fips - ok

22:42:51.0562 4064 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

22:42:51.0625 4064 FLEXnet Licensing Service - ok

22:42:51.0640 4064 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

22:42:51.0656 4064 Flpydisk - ok

22:42:51.0687 4064 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

22:42:51.0703 4064 FltMgr - ok

22:42:51.0781 4064 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

22:42:51.0781 4064 FontCache3.0.0.0 - ok

22:42:51.0828 4064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

22:42:51.0828 4064 Fs_Rec - ok

22:42:51.0875 4064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

22:42:51.0890 4064 Ftdisk - ok

22:42:51.0921 4064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

22:42:51.0921 4064 GEARAspiWDM - ok

22:42:51.0984 4064 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

22:42:51.0984 4064 GoogleDesktopManager-051210-111108 - ok

22:42:52.0000 4064 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

22:42:52.0000 4064 Gpc - ok

22:42:52.0015 4064 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys

22:42:52.0031 4064 guardian2 - ok

22:42:52.0078 4064 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

22:42:52.0093 4064 gupdate - ok

22:42:52.0109 4064 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

22:42:52.0109 4064 gupdatem - ok

22:42:52.0156 4064 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

22:42:52.0171 4064 gusvc - ok

22:42:52.0203 4064 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

22:42:52.0218 4064 HDAudBus - ok

22:42:52.0265 4064 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

22:42:52.0265 4064 helpsvc - ok

22:42:52.0281 4064 HidServ - ok

22:42:52.0312 4064 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

22:42:52.0328 4064 HidUsb - ok

22:42:52.0343 4064 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

22:42:52.0343 4064 hpn - ok

22:42:52.0390 4064 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

22:42:52.0421 4064 HSFHWAZL - ok

22:42:52.0515 4064 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

22:42:52.0562 4064 HSF_DPV - ok

22:42:52.0625 4064 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

22:42:52.0640 4064 HTTP - ok

22:42:52.0671 4064 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS\System32\w3ssl.dll

22:42:52.0687 4064 HTTPFilter - ok

22:42:52.0734 4064 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys

22:42:52.0734 4064 i2omgmt - ok

22:42:52.0750 4064 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys

22:42:52.0765 4064 i2omp - ok

22:42:52.0796 4064 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

22:42:52.0796 4064 i8042prt - ok

22:42:53.0156 4064 ialm (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

22:42:53.0359 4064 ialm - ok

22:42:53.0531 4064 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:42:53.0578 4064 idsvc - ok

22:42:53.0656 4064 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

22:42:53.0656 4064 Imapi - ok

22:42:53.0703 4064 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS\system32\imapi.exe

22:42:53.0718 4064 ImapiService - ok

22:42:53.0750 4064 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

22:42:53.0750 4064 ini910u - ok

22:42:53.0750 4064 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

22:42:53.0750 4064 IntelIde - ok

22:42:53.0781 4064 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

22:42:53.0781 4064 intelppm - ok

22:42:53.0796 4064 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

22:42:53.0796 4064 Ip6Fw - ok

22:42:53.0812 4064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

22:42:53.0812 4064 IpFilterDriver - ok

22:42:53.0812 4064 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

22:42:53.0828 4064 IpInIp - ok

22:42:53.0859 4064 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

22:42:53.0859 4064 IpNat - ok

22:42:54.0015 4064 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe

22:42:54.0046 4064 iPod Service - ok

22:42:54.0093 4064 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

22:42:54.0093 4064 IPSec - ok

22:42:54.0109 4064 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

22:42:54.0109 4064 IRENUM - ok

22:42:54.0140 4064 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

22:42:54.0140 4064 isapnp - ok

22:42:54.0171 4064 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

22:42:54.0171 4064 Kbdclass - ok

22:42:54.0218 4064 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

22:42:54.0234 4064 kmixer - ok

22:42:54.0265 4064 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

22:42:54.0281 4064 KSecDD - ok

22:42:54.0296 4064 lanmanserver (0cb3af149a0bac0836022ca307c7a0f8) C:\WINDOWS\System32\srvsvc.dll

22:42:54.0343 4064 lanmanserver - ok

22:42:54.0390 4064 lanmanworkstation (e1f27cfcd114ec9f1e1f44674b2ff9f0) C:\WINDOWS\System32\wkssvc.dll

22:42:54.0437 4064 lanmanworkstation - ok

22:42:54.0437 4064 lbrtfdc - ok

22:42:54.0484 4064 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS\System32\lmhsvc.dll

22:42:54.0500 4064 LmHosts - ok

22:42:54.0546 4064 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

22:42:54.0546 4064 mdmxsdk - ok

22:42:54.0562 4064 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS\System32\msgsvc.dll

22:42:54.0578 4064 Messenger - ok

22:42:54.0625 4064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

22:42:54.0625 4064 mnmdd - ok

22:42:54.0656 4064 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS\system32\mnmsrvc.exe

22:42:54.0671 4064 mnmsrvc - ok

22:42:54.0671 4064 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

22:42:54.0687 4064 Modem - ok

22:42:54.0734 4064 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

22:42:54.0734 4064 Mouclass - ok

22:42:54.0781 4064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

22:42:54.0781 4064 mouhid - ok

22:42:54.0796 4064 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

22:42:54.0796 4064 MountMgr - ok

22:42:54.0828 4064 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

22:42:54.0828 4064 mraid35x - ok

22:42:54.0859 4064 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

22:42:54.0890 4064 MRxDAV - ok

22:42:54.0937 4064 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

22:42:54.0953 4064 MRxSmb - ok

22:42:54.0984 4064 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS\system32\msdtc.exe

22:42:55.0015 4064 MSDTC - ok

22:42:55.0031 4064 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

22:42:55.0046 4064 Msfs - ok

22:42:55.0046 4064 MSIServer - ok

22:42:55.0078 4064 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

22:42:55.0093 4064 MSKSSRV - ok

22:42:55.0109 4064 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

22:42:55.0109 4064 MSPCLOCK - ok

22:42:55.0109 4064 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

22:42:55.0125 4064 MSPQM - ok

22:42:55.0140 4064 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

22:42:55.0156 4064 mssmbios - ok

22:42:55.0156 4064 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

22:42:55.0171 4064 Mup - ok

22:42:55.0203 4064 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

22:42:55.0218 4064 NDIS - ok

22:42:55.0218 4064 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

22:42:55.0234 4064 NdisTapi - ok

22:42:55.0234 4064 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

22:42:55.0250 4064 Ndisuio - ok

22:42:55.0250 4064 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

22:42:55.0265 4064 NdisWan - ok

22:42:55.0281 4064 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

22:42:55.0281 4064 NDProxy - ok

22:42:55.0296 4064 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

22:42:55.0296 4064 NetBIOS - ok

22:42:55.0328 4064 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

22:42:55.0328 4064 NetBT - ok

22:42:55.0375 4064 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe

22:42:55.0406 4064 NetDDE - ok

22:42:55.0421 4064 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS\system32\netdde.exe

22:42:55.0437 4064 NetDDEdsdm - ok

22:42:55.0468 4064 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

22:42:55.0468 4064 Netlogon - ok

22:42:55.0515 4064 Netman (36739b39267914ba69ad0610a0299732) C:\WINDOWS\System32\netman.dll

22:42:55.0578 4064 Netman - ok

22:42:55.0687 4064 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:42:55.0703 4064 NetTcpPortSharing - ok

22:42:55.0875 4064 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

22:42:55.0984 4064 NETw4x32 - ok

22:42:56.0046 4064 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

22:42:56.0062 4064 NIC1394 - ok

22:42:56.0203 4064 NICCONFIGSVC (7e175be4fd8b6ec68a35181b98431477) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

22:42:56.0218 4064 NICCONFIGSVC - ok

22:42:56.0265 4064 Nla (097722f235a1fb698bf9234e01b52637) C:\WINDOWS\System32\mswsock.dll

22:42:56.0296 4064 Nla - ok

22:42:56.0343 4064 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

22:42:56.0343 4064 Npfs - ok

22:42:56.0406 4064 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

22:42:56.0421 4064 Ntfs - ok

22:42:56.0453 4064 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

22:42:56.0468 4064 NtLmSsp - ok

22:42:56.0531 4064 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS\system32\ntmssvc.dll

22:42:56.0578 4064 NtmsSvc - ok

22:42:56.0609 4064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

22:42:56.0609 4064 Null - ok

22:42:56.0765 4064 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

22:42:56.0875 4064 nv - ok

22:42:56.0953 4064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

22:42:56.0953 4064 NwlnkFlt - ok

22:42:56.0968 4064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

22:42:56.0968 4064 NwlnkFwd - ok

22:42:57.0125 4064 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:42:57.0171 4064 odserv - ok

22:42:57.0218 4064 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

22:42:57.0218 4064 ohci1394 - ok

22:42:57.0250 4064 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:42:57.0265 4064 ose - ok

22:42:57.0281 4064 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

22:42:57.0296 4064 Parport - ok

22:42:57.0296 4064 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

22:42:57.0296 4064 PartMgr - ok

22:42:57.0312 4064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

22:42:57.0328 4064 ParVdm - ok

22:42:57.0343 4064 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys

22:42:57.0343 4064 PBADRV - ok

22:42:57.0343 4064 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

22:42:57.0343 4064 PCI - ok

22:42:57.0343 4064 PCIDump - ok

22:42:57.0359 4064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

22:42:57.0359 4064 PCIIde - ok

22:42:57.0359 4064 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

22:42:57.0375 4064 Pcmcia - ok

22:42:57.0375 4064 PDCOMP - ok

22:42:57.0375 4064 PDFRAME - ok

22:42:57.0390 4064 PDRELI - ok

22:42:57.0390 4064 PDRFRAME - ok

22:42:57.0421 4064 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

22:42:57.0421 4064 perc2 - ok

22:42:57.0437 4064 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

22:42:57.0437 4064 perc2hib - ok

22:42:57.0515 4064 PlugPlay (4712531ab7a01b7ee059853ca17d39bd) C:\WINDOWS\system32\services.exe

22:42:57.0531 4064 PlugPlay - ok

22:42:57.0578 4064 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

22:42:57.0578 4064 PolicyAgent - ok

22:42:57.0625 4064 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

22:42:57.0625 4064 PptpMiniport - ok

22:42:57.0625 4064 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

22:42:57.0625 4064 ProtectedStorage - ok

22:42:57.0640 4064 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

22:42:57.0640 4064 PSched - ok

22:42:57.0640 4064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

22:42:57.0640 4064 Ptilink - ok

22:42:57.0656 4064 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

22:42:57.0656 4064 ql1080 - ok

22:42:57.0656 4064 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

22:42:57.0656 4064 Ql10wnt - ok

22:42:57.0671 4064 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

22:42:57.0671 4064 ql12160 - ok

22:42:57.0671 4064 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

22:42:57.0687 4064 ql1240 - ok

22:42:57.0703 4064 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

22:42:57.0703 4064 ql1280 - ok

22:42:57.0718 4064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

22:42:57.0718 4064 RasAcd - ok

22:42:57.0750 4064 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS\System32\rasauto.dll

22:42:57.0765 4064 RasAuto - ok

22:42:57.0796 4064 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

22:42:57.0796 4064 Rasl2tp - ok

22:42:57.0828 4064 RasMan (49b5eed5fb89d39456a2f616ccd8ba5d) C:\WINDOWS\System32\rasmans.dll

22:42:57.0843 4064 RasMan - ok

22:42:57.0843 4064 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

22:42:57.0859 4064 RasPppoe - ok

22:42:57.0859 4064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

22:42:57.0859 4064 Raspti - ok

22:42:57.0906 4064 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

22:42:57.0921 4064 Rdbss - ok

22:42:57.0921 4064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

22:42:57.0921 4064 RDPCDD - ok

22:42:57.0953 4064 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

22:42:57.0968 4064 rdpdr - ok

22:42:58.0000 4064 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

22:42:58.0000 4064 RDPWD - ok

22:42:58.0046 4064 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS\system32\sessmgr.exe

22:42:58.0093 4064 RDSessMgr - ok

22:42:58.0125 4064 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

22:42:58.0125 4064 redbook - ok

22:42:58.0218 4064 RegSrvc (2cf574d0965f58e514a2dc94114d7eca) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

22:42:58.0234 4064 RegSrvc - ok

22:42:58.0265 4064 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS\System32\mprdim.dll

22:42:58.0281 4064 RemoteAccess - ok

22:42:58.0312 4064 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS\system32\regsvc.dll

22:42:58.0343 4064 RemoteRegistry - ok

22:42:58.0375 4064 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS\system32\locator.exe

22:42:58.0390 4064 RpcLocator - ok

22:42:58.0437 4064 RpcSs (24b5d53b9accc1e2edcf0a878d6659d4) C:\WINDOWS\system32\rpcss.dll

22:42:58.0453 4064 RpcSs - ok

22:42:58.0484 4064 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

22:42:58.0531 4064 RSVP - ok

22:42:58.0593 4064 S24EventMonitor (874173edbd4f2fe711f245855a2ffa23) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

22:42:58.0625 4064 S24EventMonitor - ok

22:42:58.0671 4064 s24trans (eadfb87f911a7a75d1b80617f92901e8) C:\WINDOWS\system32\DRIVERS\s24trans.sys

22:42:58.0671 4064 s24trans - ok

22:42:58.0703 4064 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS\system32\lsass.exe

22:42:58.0718 4064 SamSs - ok

22:42:58.0750 4064 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS\System32\SCardSvr.exe

22:42:58.0765 4064 SCardSvr - ok

22:42:58.0796 4064 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS\system32\schedsvc.dll

22:42:58.0812 4064 Schedule - ok

22:42:58.0859 4064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

22:42:58.0859 4064 Secdrv - ok

22:42:58.0890 4064 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS\System32\seclogon.dll

22:42:58.0906 4064 seclogon - ok

22:42:59.0015 4064 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe

22:42:59.0046 4064 SecureStorageService - ok

22:42:59.0046 4064 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS\system32\sens.dll

22:42:59.0062 4064 SENS - ok

22:42:59.0078 4064 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

22:42:59.0078 4064 serenum - ok

22:42:59.0093 4064 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

22:42:59.0109 4064 Serial - ok

22:42:59.0140 4064 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

22:42:59.0140 4064 Sfloppy - ok

22:42:59.0187 4064 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS\System32\ipnathlp.dll

22:42:59.0250 4064 SharedAccess - ok

22:42:59.0281 4064 ShellHWDetection (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

22:42:59.0296 4064 ShellHWDetection - ok

22:42:59.0296 4064 Simbad - ok

22:42:59.0343 4064 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys

22:42:59.0343 4064 sisagp - ok

22:42:59.0359 4064 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

22:42:59.0359 4064 Sparrow - ok

22:42:59.0390 4064 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

22:42:59.0406 4064 splitter - ok

22:42:59.0437 4064 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe

22:42:59.0453 4064 Spooler - ok

22:42:59.0468 4064 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

22:42:59.0484 4064 sr - ok

22:42:59.0531 4064 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS\system32\srsvc.dll

22:42:59.0578 4064 srservice - ok

22:42:59.0625 4064 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

22:42:59.0640 4064 Srv - ok

22:42:59.0687 4064 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS\System32\ssdpsrv.dll

22:42:59.0703 4064 SSDPSRV - ok

22:42:59.0750 4064 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe

22:42:59.0796 4064 STacSV - ok

22:42:59.0921 4064 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys

22:42:59.0984 4064 STHDA - ok

22:43:00.0031 4064 stisvc (b6763f8534ac547cf1af98afdff2edc8) C:\WINDOWS\system32\wiaservc.dll

22:43:00.0093 4064 stisvc - ok

22:43:00.0156 4064 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

22:43:00.0171 4064 swenum - ok

22:43:00.0218 4064 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

22:43:00.0218 4064 swmidi - ok

22:43:00.0234 4064 SwPrv - ok

22:43:00.0250 4064 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

22:43:00.0250 4064 symc810 - ok

22:43:00.0281 4064 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

22:43:00.0281 4064 symc8xx - ok

22:43:00.0312 4064 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

22:43:00.0312 4064 sym_hi - ok

22:43:00.0312 4064 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

22:43:00.0328 4064 sym_u3 - ok

22:43:00.0359 4064 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

22:43:00.0359 4064 sysaudio - ok

22:43:00.0406 4064 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS\system32\smlogsvc.exe

22:43:00.0437 4064 SysmonLog - ok

22:43:00.0484 4064 TapiSrv (fb78839b36025aa286a51289ed28b73e) C:\WINDOWS\System32\tapisrv.dll

22:43:00.0625 4064 TapiSrv - ok

22:43:00.0968 4064 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

22:43:01.0140 4064 Tcpip - ok

22:43:01.0640 4064 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

22:43:01.0703 4064 tcsd_win32.exe - ok

22:43:01.0859 4064 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

22:43:01.0921 4064 TdmService - ok

22:43:02.0031 4064 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

22:43:02.0031 4064 TDPIPE - ok

22:43:02.0046 4064 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

22:43:02.0046 4064 TDTCP - ok

22:43:02.0078 4064 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

22:43:02.0093 4064 TermDD - ok

22:43:02.0156 4064 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS\System32\termsrv.dll

22:43:02.0359 4064 TermService - ok

22:43:02.0453 4064 Themes (6815def9b810aefac107eeaf72da6f82) C:\WINDOWS\System32\shsvcs.dll

22:43:02.0468 4064 Themes - ok

22:43:02.0515 4064 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS\system32\tlntsvr.exe

22:43:02.0546 4064 TlntSvr - ok

22:43:02.0593 4064 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

22:43:02.0609 4064 TosIde - ok

22:43:02.0640 4064 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS\system32\trkwks.dll

22:43:02.0734 4064 TrkWks - ok

22:43:02.0875 4064 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

22:43:02.0890 4064 Udfs - ok

22:43:02.0921 4064 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

22:43:02.0921 4064 ultra - ok

22:43:02.0968 4064 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

22:43:02.0984 4064 Update - ok

22:43:03.0031 4064 upnphost (aca5d98663d879c6baafcea7e2f1b710) C:\WINDOWS\System32\upnphost.dll

22:43:03.0078 4064 upnphost - ok

22:43:03.0109 4064 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS\System32\ups.exe

22:43:03.0125 4064 UPS - ok

22:43:03.0156 4064 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

22:43:03.0156 4064 USBAAPL - ok

22:43:03.0187 4064 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys

22:43:03.0203 4064 usbehci - ok

22:43:03.0218 4064 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

22:43:03.0218 4064 usbhub - ok

22:43:03.0250 4064 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

22:43:03.0265 4064 usbscan - ok

22:43:03.0296 4064 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

22:43:03.0296 4064 USBSTOR - ok

22:43:03.0312 4064 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

22:43:03.0328 4064 usbuhci - ok

22:43:03.0375 4064 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

22:43:03.0375 4064 VgaSave - ok

22:43:03.0406 4064 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys

22:43:03.0406 4064 viaagp - ok

22:43:03.0421 4064 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

22:43:03.0437 4064 ViaIde - ok

22:43:03.0468 4064 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

22:43:03.0468 4064 VolSnap - ok

22:43:03.0515 4064 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS\System32\vssvc.exe

22:43:03.0562 4064 VSS - ok

22:43:03.0609 4064 w32time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS\system32\w32time.dll

22:43:03.0671 4064 w32time - ok

22:43:03.0703 4064 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

22:43:03.0718 4064 Wanarp - ok

22:43:03.0718 4064 Wave UCSPlus - ok

22:43:03.0859 4064 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe

22:43:03.0875 4064 WaveEnrollmentService - ok

22:43:03.0906 4064 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys

22:43:03.0906 4064 WaveFDE - ok

22:43:03.0937 4064 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys

22:43:03.0953 4064 WavxDMgr - ok

22:43:03.0953 4064 WDICA - ok

22:43:04.0015 4064 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

22:43:04.0015 4064 wdmaud - ok

22:43:04.0062 4064 WebClient (265f534ef76832435afbf771ec97176d) C:\WINDOWS\System32\webclnt.dll

22:43:04.0062 4064 WebClient - ok

22:43:04.0140 4064 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

22:43:04.0187 4064 winachsf - ok

22:43:04.0281 4064 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS\system32\wbem\WMIsvc.dll

22:43:04.0296 4064 winmgmt - ok

22:43:04.0453 4064 WLANKEEPER (4307641ca3389a210295fdffd2a73dee) C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

22:43:04.0578 4064 WLANKEEPER - ok

22:43:04.0671 4064 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

22:43:04.0703 4064 WmdmPmSN - ok

22:43:04.0828 4064 Wmi (e8e57b0f9eb03d1aabec28d550c75116) C:\WINDOWS\System32\advapi32.dll

22:43:04.0875 4064 Wmi - ok

22:43:04.0921 4064 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

22:43:04.0937 4064 WmiAcpi - ok

22:43:04.0984 4064 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

22:43:05.0000 4064 WmiApSrv - ok

22:43:05.0093 4064 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

22:43:05.0125 4064 WMPNetworkSvc - ok

22:43:05.0171 4064 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS\system32\wscsvc.dll

22:43:05.0171 4064 wscsvc - ok

22:43:05.0218 4064 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS\system32\wuauserv.dll

22:43:05.0218 4064 wuauserv - ok

22:43:05.0250 4064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

22:43:05.0265 4064 WudfPf - ok

22:43:05.0296 4064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

22:43:05.0296 4064 WudfRd - ok

22:43:05.0312 4064 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

22:43:05.0328 4064 WudfSvc - ok

22:43:05.0375 4064 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS\System32\wzcsvc.dll

22:43:05.0421 4064 WZCSVC - ok

22:43:05.0437 4064 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS\System32\xmlprov.dll

22:43:05.0453 4064 xmlprov - ok

22:43:05.0484 4064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

22:43:05.0953 4064 \Device\Harddisk0\DR0 - ok

22:43:05.0953 4064 Boot (0x1200) (855b4d7c371f409c106be498d5ac2525) \Device\Harddisk0\DR0\Partition0

22:43:05.0968 4064 \Device\Harddisk0\DR0\Partition0 - ok

22:43:05.0968 4064 ============================================================

22:43:05.0968 4064 Scan finished

22:43:05.0968 4064 ============================================================

22:43:05.0968 0164 Detected object count: 0

22:43:05.0968 0164 Actual detected object count: 0

Link to post
Share on other sites

ComboFix did not run successfully. A command window opened, witha message the "c.bat is not recognized as an internal or external command, operable program or batch file."

The only file in the C:\ComboFix Directory is a file CF10655.3XE

Security Check checkup.txt:

Results of screen317's Security Check version 0.99.41

Windows XP Service Pack 2 x86

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Please wait while WMIC is being installed.d

i

s

p

l

a

y

N

a

m

e

ECHO is off.

a

v

a

s

t

!

ECHO is off.

A

n

t

i

v

i

r

u

s

ECHO is off.

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Adobe Flash Player 10 Flash Player out of date!

Google Chrome 18.0.1025.168

Google Chrome 19.0.1084.52

````````Process Check: objlist.exe by Laurent````````

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 avastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 26% Defragment your hard drive soon!

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Only way ComboFix would run was under Safe Mode:

Resulting Log:

ComboFix 12-05-29.01 - Nancy 05/29/2012 23:07:11.1.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.818 [GMT -4:00]

Running from: c:\documents and settings\Nancy\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\SET2C.tmp

c:\windows\system32\SET30.tmp

c:\windows\system32\SET38.tmp

c:\windows\system32\SET41.tmp

c:\windows\system32\SET42.tmp

c:\windows\system32\SET43.tmp

c:\windows\system32\SET46.tmp

c:\windows\system32\test

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))

.

.

2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\documents and settings\Nancy\Application Data\Malwarebytes

2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-29 02:23 . 2012-05-29 02:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-29 02:23 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-12 02:36 . 2012-05-12 02:36 -------- d-----w- c:\documents and settings\Nancy\Local Settings\Application Data\Identities

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-30 03:21 . 2008-03-06 02:15 0 ----a-w- c:\documents and settings\Nancy\Local Settings\Application Data\WavXMapDrive.bat

2012-03-06 23:15 . 2010-11-29 13:49 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2008-03-06 03:15 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:03 . 2011-06-17 20:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:03 . 2009-03-04 01:51 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:02 . 2008-03-06 03:15 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-06 23:01 . 2008-03-06 03:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2008-03-06 03:15 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-06 23:01 . 2008-03-06 03:15 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-06 23:01 . 2009-03-04 01:51 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 22:58 . 2008-03-06 03:15 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-26 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]

"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

"Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2008-10-15 45936]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-05 30192]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]

"Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe" [2007-05-11 738968]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-25 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]

2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/17/2011 4:20 PM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/3/2009 9:51 PM 337880]

R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 4:21 PM 79432]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/3/2009 9:51 PM 20696]

R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 7:00 PM 5120]

R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 2:32 PM 97536]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:31 PM 135664]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/25/2008 11:27 PM 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 1:31 PM 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:31]

.

2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 17:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6080226

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-29 23:21

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(804)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

.

- - - - - - - > 'explorer.exe'(3400)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\StacSV.exe

c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\windows\system32\msdtc.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Apoint\ApMsgFwd.exe

c:\program files\Apoint\HidFind.exe

c:\program files\Apoint\Apntex.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

.

**************************************************************************

.

Completion time: 2012-05-29 23:24:58 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-30 03:24

.

Pre-Run: 47,439,638,528 bytes free

Post-Run: 50,159,915,008 bytes free

.

- - End Of File - - 1B2438080F31E7F061E98FA0CC02A746

Link to post
Share on other sites

I see you have chosen to not install the Windows Recovery Console. This is a crucial feature that provides us with a necesssary safety net in case something bad happens while we attempt to fix your machine. Please re-run ComboFix.exe, and choose to install the Recovery Console this time. Please post the newly-created C:\ComboFix.txt.

If you need any help in installing the Recovery Console, don't hesitate to ask. ;)

Link to post
Share on other sites

Console installed.

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(664)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

.

- - - - - - - > 'explorer.exe'(1144)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2012-05-30 11:35:34

ComboFix-quarantined-files.txt 2012-05-30 15:35

ComboFix2.txt 2012-05-30 03:24

.

Pre-Run: 51,183,951,872 bytes free

Post-Run: 51,173,834,752 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 7550DBBBFDF72101EABD3C2054FAFB48

Link to post
Share on other sites

Yeah, that's the right log. In your post after instalilng the Recovery Console, the log was truncated. We got what we need now. :)

Let's take a deeper look at what might be troubling your system:

Download the latest version of Kaspersky Virus Removal Tool

  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    6zvqld.gif
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply.

Link to post
Share on other sites

Not having a whole lot of luck. Didn't really find anything. I'm assuming this is some kind of malware. I can create files without problems, but I still can not delete or rename a file unless I reboot into safe mode. I am having to do all these scans and runs in safe-mode, because they are not working otherwise. Not sure if that is causing it not to find anything.

The file is too big, so I need to .zip it. BUt I have to reboot in safe mode to be able to create the zip file. WIll upload shortly.

Link to post
Share on other sites

Please Launch Malwarebytes' Anti-Malware.

  • Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK for either of the prompts and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

Link to post
Share on other sites

Here is the log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.30.07

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 7.0.5730.13

Nancy :: JACK [administrator]

5/30/2012 11:50:32 PM

mbam-log-2012-05-30 (23-50-32).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 251147

Time elapsed: 1 hour(s), 14 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

I recommend you leave this running overnight:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Still nothing. DO you think this sounds like malware or just something else wrong with the computer? Here is the log from the ESET Scanner:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=b6c3c05e36e5b3419d25c9cd19b0d8c9

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-31 12:26:09

# local_time=2012-05-31 08:26:09 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=770 16774141 100 95 0 114250223 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=55151

# found=0

# cleaned=0

# scan_time=1618

Link to post
Share on other sites

It might very well just be a simple Registry issue, but I'd like to completely be sure it isn't malware-related before we explore that.

Please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

Link to post
Share on other sites

Here is the RogueKiller log:

RogueKiller V7.5.2 [05/30/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version

Started in : Normal mode

User: Nancy [Admin rights]

Mode: Scan -- Date: 05/31/2012 20:15:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST980813ASG +++++

--- User ---

[MBR] 0d20519f4697fe02675d1961fb932b3e

[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 76245 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfind
    20D04FE0-3AEA-1069-A2D8-08002B30309D


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook.txt:

SystemLook 30.07.11 by jpshortstuff

Log created at 23:05 on 31/05/2012 by Nancy

Administrator - Elevation successful

========== regfind ==========

Searching for "20D04FE0-3AEA-1069-A2D8-08002B30309D"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AppKey\17]

"ShellExecute"="::{20D04FE0-3AEA-1069-A2D8-08002B30309D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartMenu\StartPanel\MyComp\Policy\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]

[HKEY_USERS\S-1-5-21-3611719831-1192953567-205520213-1005\Software\Microsoft\Windows\ShellNoRoam\DUIBags\ShellFolders\{20D04FE0-3AEA-1069-A2D8-08002B30309D}]

-= EOF =-

Link to post
Share on other sites

When you say you can create new files, what file types are you referring to?

Do you receive any messages when unsuccessfully attempting to rename/delete files?

Are you attempting to rename/delete files from an Administrator account?

Please let me know. :)

Link to post
Share on other sites

Any type of file. All the files that you have had me save to my desktop, I can't delete. That means Office Docs, text files, .exe files. ANy file that gets created anywhere on the machine, I can't rename or delete them unless I am working in Safe Mode. In Safe Mode there does not appear to be any problems working with files. However, if I open a command prompt, and use command line, I can delete files, but I still can't rename them.

The user is a local administrator (You can see that from the SystemLook output also). I checked file level security permissions, and the permissions on the files are Full-Control. The error I get is Access Denied:

AccessDenied.jpg

The file is not currently in use, and the disk is not full.

I assume this means we haven't found any malware, and we are now wondering what the problem is.

Thanks again for all your help!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.