Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Happili redirect virus

(In Progress)
(!)

Remiel's Avatar
Remiel Remiel is offline
Computer Specs
Member with 3 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
24-Mar-2012, 02:19 PM #1
Happili redirect virus
About a week ago, I picked up some malware, either through an infected email or, I'm ashamed to admit, bittorrent. I have run Malwarebytes which caught some of the malware, but there is a particularly pernicious virus which seems to have hijacked any browser I open. Now, whenever I open google, the page is redirected to other suspicious sites including a site called Happili. I have read that other users on this forum have experienced this but have so far been unable to get rid of it. I have Windows XP SP 3 and am running Norton 360.

Hijack this:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:58:29 PM, on 3/23/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\program files\update\realsched.exe
E:\Program Files\Steam\Steam.exe
E:\Program Files\Trillian\trillian.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Adam\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "E:\program files\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

--
End of file - 8112 bytes

dds.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Run by Adam at 19:59:09 on 2012-03-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2457 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\program files\update\realsched.exe
E:\Program Files\Steam\Steam.exe
E:\Program Files\Trillian\trillian.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
e:\program files\RealPlay.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
uRun: [Steam] "e:\program files\steam\Steam.exe" -silent
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "e:\program files\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7806A9B7-7AF3-4D7C-B1C4-22AB45D50E6B} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\adam\application data\mozilla\firefox\profiles\2t562kkq.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserre cordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim. dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: e:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: e:\program files\java\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\program files\java\bin\new_plugin\npjp2.dll
FF - plugin: e:\program files\netscape6\nppl3260.dll
FF - plugin: e:\program files\netscape6\nprjplug.dll
FF - plugin: e:\program files\netscape6\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-1-30 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-1-30 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-20 820856]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-1-30 136312]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-12-25 95200]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-1-30 130008]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2010-4-11 18864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120323.002\IDSXpx86.sys [2012-3-23 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120322.019\NAVENG.SYS [2012-3-22 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120322.019\NAVEX15.SYS [2012-3-22 1576312]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
.
=============== Created Last 30 ================
.
2012-03-24 02:37:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 01:11:45 98816 ----a-w- c:\windows\sed.exe
2012-03-24 01:11:45 518144 ----a-w- c:\windows\SWREG.exe
2012-03-24 01:11:45 256000 ----a-w- c:\windows\PEV.exe
2012-03-24 01:11:45 208896 ----a-w- c:\windows\MBR.exe
2012-03-15 19:19:51 -------- d-----w- c:\windows\system32\appmgmt
2012-03-15 03:40:26 -------- d-----w- C:\sh4ldr
2012-03-15 03:40:26 -------- d-----w- c:\program files\Enigma Software Group
2012-03-15 03:39:45 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-15 03:34:41 -------- d-----w- c:\program files\common files\xing shared
.
==================== Find3M ====================
.
2012-03-15 03:34:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-15 03:34:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-14 04:15:46 16608 ----a-w- c:\windows\gdrv.sys
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1001FALS-00K1B0 rev.05.00K05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A30D49F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a314740]; MOV EAX, [0x8a3148b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A652AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007b[0x8A610398]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A6AAD98]
\Driver\atapi[0x8A3DAF38] -> IRP_MJ_CREATE -> 0x8A30D49F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A30D2C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:00:34.14 ===============

ark.txt:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-23 23:09:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\HPHID409PRINT_HPHI091 WDC_WD1001FALS-00K1B0 rev.05.00K05
Running: tpwughz6.exe; Driver: C:\DOCUME~1\Adam\LOCALS~1\Temp\uwpiifob.sys


---- System - GMER 1.0.15 ----

SSDT 89849008 ZwAlertResumeThread
SSDT 8981C118 ZwAlertThread
SSDT 898B9748 ZwAllocateVirtualMemory
SSDT 8983B0C8 ZwAssignProcessToJobObject
SSDT 8A22FE08 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB6C66710]
SSDT 8983D110 ZwCreateMutant
SSDT 89839478 ZwCreateSymbolicLinkObject
SSDT 89FA3618 ZwCreateThread
SSDT 8983B1A8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB6C66990]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB6C66EF0]
SSDT 898B58C0 ZwDuplicateObject
SSDT 898B27F8 ZwFreeVirtualMemory
SSDT 8983D008 ZwImpersonateAnonymousToken
SSDT 89849118 ZwImpersonateThread
SSDT 899B3E20 ZwLoadDriver
SSDT 898B2718 ZwMapViewOfSection
SSDT 897FE008 ZwOpenEvent
SSDT 898B7560 ZwOpenProcess
SSDT 898BA7F8 ZwOpenProcessToken
SSDT 8981D008 ZwOpenSection
SSDT 898B59B0 ZwOpenThread
SSDT 89839568 ZwProtectVirtualMemory
SSDT 8981C008 ZwResumeThread
SSDT 8987A120 ZwSetContextThread
SSDT 8981E0C8 ZwSetInformationProcess
SSDT 8981D0B8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB6C67140]
SSDT 897FE120 ZwSuspendProcess
SSDT 898676B0 ZwSuspendThread
SSDT 89C70060 ZwTerminateProcess
SSDT 8987A060 ZwTerminateThread
SSDT 898BC3E8 ZwUnmapViewOfSection
SSDT 898B1660 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 3010 805048AC 4 Bytes CALL ECD9D474
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9614380, 0x34E2EF, 0xE8000020]
? C:\DOCUME~1\Adam\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0096000C
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E8000A
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00E9000A
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00EA000A
.text C:\WINDOWS\System32\svchost.exe[1252] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00E7000A
.text E:\program files\update\realsched.exe[1832] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A30D2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A30D2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A30D2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A30D2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A30D2C6
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-12 8A30D2C6

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\SymDS\Temp\musdmys_DtuhKINhgdFX2XMDrzX1 0 bytes
File C:\WINDOWS\system32\oobe\actsetup\actconn.htm 3196 bytes
File C:\WINDOWS\system32\oobe\actsetup\actdone.htm 1829 bytes
File C:\WINDOWS\system32\oobe\actsetup\activ.htm 5579 bytes
File C:\WINDOWS\system32\oobe\actsetup\activerr.htm 2018 bytes
File C:\WINDOWS\system32\oobe\actsetup\activsvc.htm 8306 bytes
File C:\WINDOWS\system32\oobe\actsetup\actlan.htm 4171 bytes
File C:\WINDOWS\system32\oobe\actsetup\adeskerr.htm 18740 bytes
File C:\WINDOWS\system32\oobe\actsetup\adrdyreg.htm 4706 bytes
File C:\WINDOWS\system32\oobe\actsetup\apolicy.htm 4527 bytes
File C:\WINDOWS\system32\oobe\actsetup\aprvcyms.htm 4700 bytes
File C:\WINDOWS\system32\oobe\actsetup\areg1.htm 4007 bytes
File C:\WINDOWS\system32\oobe\actsetup\aregdial.htm 2182 bytes
File C:\WINDOWS\system32\oobe\actsetup\aregdone.htm 1891 bytes
File C:\WINDOWS\system32\oobe\actsetup\aregsty2.css 2286 bytes
File C:\WINDOWS\system32\oobe\actsetup\aregstyl.css 2277 bytes
File C:\WINDOWS\system32\oobe\actsetup\ausrinfo.htm 7187 bytes
File C:\WINDOWS\system32\oobe\actsetup\stgact.htm 10281 bytes
File C:\WINDOWS\system32\oobe\error\cnncterr.htm 3384 bytes
File C:\WINDOWS\system32\oobe\error\dialtone.htm 3039 bytes
File C:\WINDOWS\system32\oobe\error\hndshake.htm 2255 bytes
File C:\WINDOWS\system32\oobe\error\isp2busy.htm 2163 bytes
File C:\WINDOWS\system32\oobe\error\noanswer.htm 6328 bytes
File C:\WINDOWS\system32\oobe\error\pberr.htm 2044 bytes
File C:\WINDOWS\system32\oobe\error\pulse.htm 2663 bytes
File C:\WINDOWS\system32\oobe\error\toobusy.htm 6128 bytes

---- EOF - GMER 1.0.15 ----
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,884 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
24-Mar-2012, 03:04 PM #2
Thanks for being honest about your computing habits.

---------------------------------------------------

Go to Add Or Remove Programs, then uninstall/remove

BitTorrent

CCleaner

McAfee SiteAdvisor


---------------------------------------------------

Download and save

Java Runtime Environment 1.6.0.31(6 Update 31)

SUPERAntiSpyware Free Edition 5.0.0.1146

then close all open windows first, then install them.

Make sure to update the definition files during the install of SUPERAntiSpyware.

Restart the computer after they're both installed.

---------------------------------------------------

Start Malwarebytes Anti-Malware 1.60.1.1000, then run its update feature so it can update its definition files.

---------------------------------------------------

DON'T run any scans yet.

---------------------------------------------------
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,623 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
24-Mar-2012, 03:33 PM #3
Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

let it cure anything it fnds ( except SPTD.SYS, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
Remiel's Avatar
Remiel Remiel is offline
Computer Specs
Member with 3 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
24-Mar-2012, 10:44 PM #4
Well, I did all of the above, and it seems to have worked with the rootkit. See the TDSS killer log below. My question, though, is that I thought Ccleaner was a good tool to clean up the registry? Also, what are your thoughts on Norton 360? Does it give more "bang for the buck" than, say, MBAM?

---
19:35:40.0484 4676 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
19:35:41.0421 4676 ============================================================
19:35:41.0421 4676 Current date / time: 2012/03/24 19:35:41.0421
19:35:41.0421 4676 SystemInfo:
19:35:41.0421 4676
19:35:41.0421 4676 OS Version: 5.1.2600 ServicePack: 3.0
19:35:41.0421 4676 Product type: Workstation
19:35:41.0421 4676 ComputerName: ADAM-4346DE0177
19:35:41.0421 4676 UserName: Adam
19:35:41.0421 4676 Windows directory: C:\WINDOWS
19:35:41.0421 4676 System windows directory: C:\WINDOWS
19:35:41.0421 4676 Processor architecture: Intel x86
19:35:41.0421 4676 Number of processors: 8
19:35:41.0421 4676 Page size: 0x1000
19:35:41.0421 4676 Boot type: Normal boot
19:35:41.0421 4676 ============================================================
19:35:43.0593 4676 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
19:35:43.0593 4676 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:35:43.0593 4676 \Device\Harddisk1\DR1:
19:35:43.0593 4676 MBR used
19:35:43.0593 4676 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
19:35:43.0593 4676 \Device\Harddisk0\DR0:
19:35:43.0593 4676 MBR used
19:35:43.0609 4676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x61A3A66
19:35:43.0609 4676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A7966, BlocksNum 0x6E55E05B
19:35:43.0671 4676 Initialize success
19:35:43.0671 4676 ============================================================
19:35:46.0875 5324 ============================================================
19:35:46.0875 5324 Scan started
19:35:46.0875 5324 Mode: Manual;
19:35:46.0875 5324 ============================================================
19:35:47.0640 5324 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) E:\Program Files\Superantispyware\SASCORE.EXE
19:35:47.0640 5324 !SASCORE - ok
19:35:47.0765 5324 Abiosdsk - ok
19:35:47.0781 5324 abp480n5 - ok
19:35:47.0796 5324 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:35:47.0859 5324 ACPI - ok
19:35:47.0890 5324 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:35:47.0890 5324 ACPIEC - ok
19:35:47.0890 5324 adpu160m - ok
19:35:47.0906 5324 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:35:47.0906 5324 aec - ok
19:35:47.0921 5324 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:35:47.0921 5324 AFD - ok
19:35:47.0937 5324 Aha154x - ok
19:35:47.0937 5324 aic78u2 - ok
19:35:47.0937 5324 aic78xx - ok
19:35:47.0953 5324 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:35:47.0968 5324 Alerter - ok
19:35:47.0984 5324 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:35:47.0984 5324 ALG - ok
19:35:48.0000 5324 AliIde - ok
19:35:48.0000 5324 amsint - ok
19:35:48.0062 5324 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:35:48.0062 5324 Apple Mobile Device - ok
19:35:48.0078 5324 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:35:48.0078 5324 AppMgmt - ok
19:35:48.0093 5324 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:35:48.0093 5324 Arp1394 - ok
19:35:48.0093 5324 asc - ok
19:35:48.0093 5324 asc3350p - ok
19:35:48.0109 5324 asc3550 - ok
19:35:48.0125 5324 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:35:48.0140 5324 aspnet_state - ok
19:35:48.0156 5324 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:35:48.0156 5324 AsyncMac - ok
19:35:48.0156 5324 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:35:48.0156 5324 atapi - ok
19:35:48.0171 5324 Atdisk - ok
19:35:48.0171 5324 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:35:48.0171 5324 Atmarpc - ok
19:35:48.0187 5324 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:35:48.0187 5324 AudioSrv - ok
19:35:48.0187 5324 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:35:48.0187 5324 audstub - ok
19:35:48.0203 5324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:35:48.0203 5324 Beep - ok
19:35:48.0296 5324 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
19:35:48.0296 5324 BHDrvx86 - ok
19:35:48.0328 5324 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:35:48.0359 5324 BITS - ok
19:35:48.0375 5324 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:35:48.0375 5324 Bonjour Service - ok
19:35:48.0390 5324 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
19:35:48.0390 5324 Browser - ok
19:35:48.0421 5324 catchme - ok
19:35:48.0437 5324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:35:48.0437 5324 cbidf2k - ok
19:35:48.0453 5324 cd20xrnt - ok
19:35:48.0453 5324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:35:48.0453 5324 Cdaudio - ok
19:35:48.0468 5324 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:35:48.0468 5324 Cdfs - ok
19:35:48.0468 5324 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:35:48.0468 5324 Cdrom - ok
19:35:48.0468 5324 Changer - ok
19:35:48.0484 5324 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:35:48.0484 5324 CiSvc - ok
19:35:48.0500 5324 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:35:48.0500 5324 ClipSrv - ok
19:35:48.0531 5324 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:48.0546 5324 clr_optimization_v2.0.50727_32 - ok
19:35:48.0546 5324 CmdIde - ok
19:35:48.0546 5324 COMSysApp - ok
19:35:48.0562 5324 Cpqarray - ok
19:35:48.0578 5324 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:35:48.0578 5324 CryptSvc - ok
19:35:48.0593 5324 dac2w2k - ok
19:35:48.0593 5324 dac960nt - ok
19:35:48.0625 5324 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:35:48.0625 5324 DcomLaunch - ok
19:35:48.0640 5324 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
19:35:48.0640 5324 Dhcp - ok
19:35:48.0640 5324 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:35:48.0640 5324 Disk - ok
19:35:48.0656 5324 dmadmin - ok
19:35:48.0671 5324 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:35:48.0687 5324 dmboot - ok
19:35:48.0703 5324 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:35:48.0703 5324 dmio - ok
19:35:48.0703 5324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:35:48.0718 5324 dmload - ok
19:35:48.0718 5324 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:35:48.0718 5324 dmserver - ok
19:35:48.0750 5324 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:35:48.0750 5324 DMusic - ok
19:35:48.0765 5324 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
19:35:48.0765 5324 Dnscache - ok
19:35:48.0765 5324 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
19:35:48.0781 5324 Dot3svc - ok
19:35:48.0796 5324 Dot4 HPH09 (ad4bf19f18e56e9cc23b02b53321336e) C:\WINDOWS\system32\DRIVERS\hphid409.sys
19:35:48.0796 5324 Dot4 HPH09 - ok
19:35:48.0812 5324 Dot4Print HPH09 (81ac4ae8ff949bf5924b5ee00d5ac90b) C:\WINDOWS\system32\DRIVERS\hphipr09.sys
19:35:48.0812 5324 Dot4Print HPH09 - ok
19:35:48.0843 5324 Dot4Storage HPH09 (47b5fd84ca8d16060c4e59647d80c0ca) C:\WINDOWS\system32\Drivers\hphs2k09.sys
19:35:48.0843 5324 Dot4Storage HPH09 - ok
19:35:48.0859 5324 Dot4Usb HPH09 (eb20c76c39917b1641bb4c5206be7d76) C:\WINDOWS\system32\drivers\hphius09.sys
19:35:48.0859 5324 Dot4Usb HPH09 - ok
19:35:48.0859 5324 dpti2o - ok
19:35:48.0875 5324 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:35:48.0890 5324 drmkaud - ok
19:35:48.0906 5324 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:35:48.0906 5324 EapHost - ok
19:35:48.0937 5324 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:35:48.0937 5324 eeCtrl - ok
19:35:48.0937 5324 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:35:48.0937 5324 EraserUtilRebootDrv - ok
19:35:48.0953 5324 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:35:48.0953 5324 ERSvc - ok
19:35:48.0968 5324 esgiguard - ok
19:35:48.0984 5324 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:35:48.0984 5324 Eventlog - ok
19:35:49.0015 5324 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
19:35:49.0015 5324 EventSystem - ok
19:35:49.0015 5324 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:35:49.0031 5324 Fastfat - ok
19:35:49.0046 5324 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:35:49.0046 5324 FastUserSwitchingCompatibility - ok
19:35:49.0062 5324 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:35:49.0062 5324 Fdc - ok
19:35:49.0078 5324 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:35:49.0078 5324 Fips - ok
19:35:49.0078 5324 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:35:49.0078 5324 Flpydisk - ok
19:35:49.0093 5324 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:35:49.0093 5324 FltMgr - ok
19:35:49.0125 5324 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:49.0140 5324 FontCache3.0.0.0 - ok
19:35:49.0140 5324 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:35:49.0140 5324 Fs_Rec - ok
19:35:49.0140 5324 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:35:49.0156 5324 Ftdisk - ok
19:35:49.0171 5324 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
19:35:49.0171 5324 gdrv - ok
19:35:49.0187 5324 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:35:49.0187 5324 GEARAspiWDM - ok
19:35:49.0203 5324 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:35:49.0203 5324 Gpc - ok
19:35:49.0218 5324 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:35:49.0218 5324 HDAudBus - ok
19:35:49.0234 5324 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:35:49.0234 5324 helpsvc - ok
19:35:49.0250 5324 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
19:35:49.0250 5324 HidServ - ok
19:35:49.0265 5324 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:35:49.0265 5324 hidusb - ok
19:35:49.0281 5324 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:35:49.0281 5324 hkmsvc - ok
19:35:49.0296 5324 hpn - ok
19:35:49.0312 5324 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:35:49.0312 5324 HTTP - ok
19:35:49.0343 5324 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:35:49.0343 5324 HTTPFilter - ok
19:35:49.0343 5324 i2omgmt - ok
19:35:49.0343 5324 i2omp - ok
19:35:49.0359 5324 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
19:35:49.0359 5324 i8042prt - ok
19:35:49.0390 5324 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:49.0406 5324 idsvc - ok
19:35:49.0515 5324 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120323.002\IDSxpx86.sys
19:35:49.0515 5324 IDSxpx86 - ok
19:35:49.0515 5324 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:35:49.0515 5324 Imapi - ok
19:35:49.0531 5324 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:35:49.0531 5324 ImapiService - ok
19:35:49.0531 5324 ini910u - ok
19:35:49.0625 5324 IntcAzAudAddService (4aaa8312732655f93a254d1fa695eb79) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:35:49.0640 5324 IntcAzAudAddService - ok
19:35:49.0671 5324 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:35:49.0671 5324 IntelIde - ok
19:35:49.0687 5324 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:35:49.0687 5324 intelppm - ok
19:35:49.0703 5324 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:35:49.0703 5324 Ip6Fw - ok
19:35:49.0718 5324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:35:49.0718 5324 IpFilterDriver - ok
19:35:49.0734 5324 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:35:49.0734 5324 IpInIp - ok
19:35:49.0750 5324 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:35:49.0750 5324 IpNat - ok
19:35:49.0796 5324 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
19:35:49.0796 5324 iPod Service - ok
19:35:49.0812 5324 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:35:49.0812 5324 IPSec - ok
19:35:49.0828 5324 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:35:49.0843 5324 IRENUM - ok
19:35:49.0859 5324 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:35:49.0859 5324 isapnp - ok
19:35:49.0921 5324 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
19:35:49.0921 5324 JavaQuickStarterService - ok
19:35:49.0937 5324 JRAID (a324485106f133e751f4b7f47c4be3ea) C:\WINDOWS\system32\DRIVERS\jraid.sys
19:35:49.0937 5324 JRAID - ok
19:35:49.0953 5324 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:35:49.0953 5324 Kbdclass - ok
19:35:49.0984 5324 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:35:49.0984 5324 kbdhid - ok
19:35:50.0000 5324 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:35:50.0000 5324 kmixer - ok
19:35:50.0015 5324 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:35:50.0015 5324 KSecDD - ok
19:35:50.0046 5324 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
19:35:50.0046 5324 LanmanServer - ok
19:35:50.0062 5324 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
19:35:50.0062 5324 lanmanworkstation - ok
19:35:50.0062 5324 lbrtfdc - ok
19:35:50.0078 5324 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:35:50.0078 5324 LmHosts - ok
19:35:50.0093 5324 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:35:50.0093 5324 Messenger - ok
19:35:50.0109 5324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:35:50.0109 5324 mnmdd - ok
19:35:50.0125 5324 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:35:50.0125 5324 mnmsrvc - ok
19:35:50.0140 5324 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:35:50.0140 5324 Modem - ok
19:35:50.0140 5324 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:35:50.0140 5324 Mouclass - ok
19:35:50.0171 5324 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:35:50.0171 5324 mouhid - ok
19:35:50.0171 5324 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:35:50.0171 5324 MountMgr - ok
19:35:50.0171 5324 mraid35x - ok
19:35:50.0187 5324 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:35:50.0187 5324 MRxDAV - ok
19:35:50.0203 5324 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:35:50.0218 5324 MRxSmb - ok
19:35:50.0234 5324 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:35:50.0234 5324 MSDTC - ok
19:35:50.0250 5324 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:35:50.0250 5324 Msfs - ok
19:35:50.0250 5324 MSIServer - ok
19:35:50.0265 5324 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:35:50.0265 5324 MSKSSRV - ok
19:35:50.0265 5324 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:35:50.0281 5324 MSPCLOCK - ok
19:35:50.0281 5324 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:35:50.0281 5324 MSPQM - ok
19:35:50.0296 5324 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:35:50.0296 5324 mssmbios - ok
19:35:50.0312 5324 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:35:50.0312 5324 Mup - ok
19:35:50.0359 5324 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
19:35:50.0359 5324 N360 - ok
19:35:50.0375 5324 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:35:50.0390 5324 napagent - ok
19:35:50.0484 5324 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120323.023\NAVENG.SYS
19:35:50.0484 5324 NAVENG - ok
19:35:50.0531 5324 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120323.023\NAVEX15.SYS
19:35:50.0546 5324 NAVEX15 - ok
19:35:50.0546 5324 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:35:50.0546 5324 NDIS - ok
19:35:50.0578 5324 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:35:50.0578 5324 NdisTapi - ok
19:35:50.0593 5324 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:35:50.0593 5324 Ndisuio - ok
19:35:50.0609 5324 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:35:50.0609 5324 NdisWan - ok
19:35:50.0609 5324 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:35:50.0609 5324 NDProxy - ok
19:35:50.0625 5324 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:35:50.0625 5324 NetBIOS - ok
19:35:50.0640 5324 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:35:50.0640 5324 NetBT - ok
19:35:50.0656 5324 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:35:50.0656 5324 NetDDE - ok
19:35:50.0656 5324 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:35:50.0656 5324 NetDDEdsdm - ok
19:35:50.0671 5324 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:35:50.0687 5324 Netlogon - ok
19:35:50.0687 5324 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:35:50.0687 5324 Netman - ok
19:35:50.0718 5324 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:50.0734 5324 NetTcpPortSharing - ok
19:35:50.0750 5324 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:35:50.0750 5324 NIC1394 - ok
19:35:50.0765 5324 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
19:35:50.0765 5324 Nla - ok
19:35:50.0781 5324 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:35:50.0781 5324 Npfs - ok
19:35:50.0781 5324 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:35:50.0796 5324 Ntfs - ok
19:35:50.0796 5324 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:35:50.0796 5324 NtLmSsp - ok
19:35:50.0812 5324 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:35:50.0812 5324 NtmsSvc - ok
19:35:50.0843 5324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:35:50.0843 5324 Null - ok
19:35:50.0953 5324 nv (29e060897a3179660c49367f52fcaac0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:35:51.0031 5324 nv - ok
19:35:51.0046 5324 NVSvc (c7fe8c39c91b8bf7044742e76b1bcadf) C:\WINDOWS\system32\nvsvc32.exe
19:35:51.0062 5324 NVSvc - ok
19:35:51.0078 5324 NWCWorkstation (2c2fd0e6b0180f94c260dd26706aa5f4) C:\WINDOWS\System32\nwwks.dll
19:35:51.0078 5324 NWCWorkstation - ok
19:35:51.0093 5324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:35:51.0093 5324 NwlnkFlt - ok
19:35:51.0093 5324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:35:51.0093 5324 NwlnkFwd - ok
19:35:51.0109 5324 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
19:35:51.0109 5324 NwlnkIpx - ok
19:35:51.0125 5324 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
19:35:51.0125 5324 NwlnkNb - ok
19:35:51.0140 5324 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
19:35:51.0140 5324 NwlnkSpx - ok
19:35:51.0140 5324 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
19:35:51.0140 5324 NWRDR - ok
19:35:51.0156 5324 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:35:51.0156 5324 ohci1394 - ok
19:35:51.0187 5324 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
19:35:51.0187 5324 Parport - ok
19:35:51.0187 5324 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:35:51.0187 5324 PartMgr - ok
19:35:51.0203 5324 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:35:51.0203 5324 ParVdm - ok
19:35:51.0218 5324 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:35:51.0218 5324 PCI - ok
19:35:51.0218 5324 PCIDump - ok
19:35:51.0234 5324 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:35:51.0234 5324 PCIIde - ok
19:35:51.0234 5324 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:35:51.0250 5324 Pcmcia - ok
19:35:51.0250 5324 PDCOMP - ok
19:35:51.0250 5324 PDFRAME - ok
19:35:51.0265 5324 PDRELI - ok
19:35:51.0265 5324 PDRFRAME - ok
19:35:51.0281 5324 perc2 - ok
19:35:51.0281 5324 perc2hib - ok
19:35:51.0312 5324 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:35:51.0312 5324 PlugPlay - ok
19:35:51.0343 5324 Pml Driver (913aef7fc38959155f426b1e997e798f) C:\WINDOWS\system32\HPHipm09.exe
19:35:51.0343 5324 Pml Driver - ok
19:35:51.0359 5324 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:35:51.0359 5324 PolicyAgent - ok
19:35:51.0359 5324 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:35:51.0359 5324 PptpMiniport - ok
19:35:51.0375 5324 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:35:51.0375 5324 ProtectedStorage - ok
19:35:51.0375 5324 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:35:51.0375 5324 PSched - ok
19:35:51.0390 5324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:35:51.0390 5324 Ptilink - ok
19:35:51.0406 5324 ql1080 - ok
19:35:51.0406 5324 Ql10wnt - ok
19:35:51.0406 5324 ql12160 - ok
19:35:51.0421 5324 ql1240 - ok
19:35:51.0421 5324 ql1280 - ok
19:35:51.0421 5324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:35:51.0437 5324 RasAcd - ok
19:35:51.0453 5324 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:35:51.0453 5324 RasAuto - ok
19:35:51.0453 5324 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:35:51.0453 5324 Rasl2tp - ok
19:35:51.0468 5324 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:35:51.0484 5324 RasMan - ok
19:35:51.0484 5324 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:35:51.0484 5324 RasPppoe - ok
19:35:51.0500 5324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:35:51.0500 5324 Raspti - ok
19:35:51.0515 5324 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:35:51.0515 5324 Rdbss - ok
19:35:51.0531 5324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:35:51.0531 5324 RDPCDD - ok
19:35:51.0531 5324 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:35:51.0531 5324 rdpdr - ok
19:35:51.0578 5324 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:35:51.0578 5324 RDPWD - ok
19:35:51.0593 5324 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:35:51.0593 5324 RDSessMgr - ok
19:35:51.0593 5324 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:35:51.0593 5324 redbook - ok
19:35:51.0609 5324 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:35:51.0609 5324 RemoteAccess - ok
19:35:51.0625 5324 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:35:51.0625 5324 RemoteRegistry - ok
19:35:51.0656 5324 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:35:51.0656 5324 RpcLocator - ok
19:35:51.0671 5324 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:35:51.0671 5324 RpcSs - ok
19:35:51.0687 5324 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:35:51.0687 5324 RSVP - ok
19:35:51.0703 5324 RTLE8023xp (0c57c0f776361b155b00d245c99b41f6) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:35:51.0718 5324 RTLE8023xp - ok
19:35:51.0734 5324 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:35:51.0734 5324 SamSs - ok
19:35:51.0796 5324 SASDIFSV (39763504067962108505bff25f024345) E:\Program Files\Superantispyware\SASDIFSV.SYS
19:35:51.0796 5324 SASDIFSV - ok
19:35:51.0812 5324 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) E:\Program Files\Superantispyware\SASKUTIL.SYS
19:35:51.0812 5324 SASKUTIL - ok
19:35:51.0828 5324 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:35:51.0828 5324 SCardSvr - ok
19:35:51.0843 5324 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:35:51.0843 5324 Schedule - ok
19:35:51.0859 5324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:35:51.0859 5324 Secdrv - ok
19:35:51.0875 5324 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:35:51.0875 5324 seclogon - ok
19:35:51.0875 5324 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:35:51.0890 5324 SENS - ok
19:35:51.0890 5324 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:35:51.0890 5324 serenum - ok
19:35:51.0906 5324 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:35:51.0906 5324 Serial - ok
19:35:51.0937 5324 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:35:51.0937 5324 Sfloppy - ok
19:35:51.0968 5324 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
19:35:51.0968 5324 SharedAccess - ok
19:35:51.0984 5324 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:35:51.0984 5324 ShellHWDetection - ok
19:35:52.0000 5324 Simbad - ok
19:35:52.0000 5324 Sparrow - ok
19:35:52.0000 5324 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:35:52.0000 5324 splitter - ok
19:35:52.0015 5324 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:35:52.0031 5324 Spooler - ok
19:35:52.0031 5324 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:35:52.0031 5324 sr - ok
19:35:52.0046 5324 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:35:52.0046 5324 srservice - ok
19:35:52.0093 5324 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
19:35:52.0093 5324 SRTSP - ok
19:35:52.0109 5324 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
19:35:52.0109 5324 SRTSPX - ok
19:35:52.0125 5324 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:35:52.0125 5324 Srv - ok
19:35:52.0140 5324 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:35:52.0140 5324 SSDPSRV - ok
19:35:52.0156 5324 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:35:52.0171 5324 stisvc - ok
19:35:52.0171 5324 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:35:52.0171 5324 swenum - ok
19:35:52.0187 5324 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:35:52.0187 5324 swmidi - ok
19:35:52.0203 5324 SwPrv - ok
19:35:52.0203 5324 symc810 - ok
19:35:52.0218 5324 symc8xx - ok
19:35:52.0234 5324 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
19:35:52.0250 5324 SymDS - ok
19:35:52.0265 5324 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
19:35:52.0281 5324 SymEFA - ok
19:35:52.0312 5324 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:35:52.0312 5324 SymEvent - ok
19:35:52.0312 5324 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
19:35:52.0328 5324 SymIRON - ok
19:35:52.0359 5324 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
19:35:52.0359 5324 SYMTDI - ok
19:35:52.0359 5324 sym_hi - ok
19:35:52.0359 5324 sym_u3 - ok
19:35:52.0375 5324 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:35:52.0375 5324 sysaudio - ok
19:35:52.0390 5324 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:35:52.0390 5324 SysmonLog - ok
19:35:52.0406 5324 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
19:35:52.0406 5324 TapiSrv - ok
19:35:52.0437 5324 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:35:52.0437 5324 Tcpip - ok
19:35:52.0453 5324 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:35:52.0453 5324 TDPIPE - ok
19:35:52.0468 5324 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:35:52.0468 5324 TDTCP - ok
19:35:52.0484 5324 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:35:52.0500 5324 TermDD - ok
19:35:52.0515 5324 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
19:35:52.0515 5324 TermService - ok
19:35:52.0531 5324 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
19:35:52.0531 5324 Themes - ok
19:35:52.0546 5324 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:35:52.0546 5324 TlntSvr - ok
19:35:52.0546 5324 TosIde - ok
19:35:52.0562 5324 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:35:52.0562 5324 TrkWks - ok
19:35:52.0578 5324 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:35:52.0593 5324 Udfs - ok
19:35:52.0593 5324 ultra - ok
19:35:52.0625 5324 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:35:52.0625 5324 Update - ok
19:35:52.0640 5324 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:35:52.0640 5324 upnphost - ok
19:35:52.0656 5324 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:35:52.0656 5324 UPS - ok
19:35:52.0687 5324 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:35:52.0687 5324 usbaudio - ok
19:35:52.0703 5324 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:35:52.0703 5324 usbccgp - ok
19:35:52.0734 5324 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:35:52.0734 5324 usbehci - ok
19:35:52.0750 5324 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:35:52.0750 5324 usbhub - ok
19:35:52.0765 5324 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:35:52.0765 5324 usbscan - ok
19:35:52.0796 5324 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:35:52.0812 5324 USBSTOR - ok
19:35:52.0812 5324 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:35:52.0812 5324 usbuhci - ok
19:35:52.0828 5324 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:35:52.0828 5324 VgaSave - ok
19:35:52.0828 5324 ViaIde - ok
19:35:52.0843 5324 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:35:52.0843 5324 VolSnap - ok
19:35:52.0859 5324 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:35:52.0859 5324 VSS - ok
19:35:52.0875 5324 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
19:35:52.0890 5324 W32Time - ok
19:35:52.0890 5324 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:35:52.0906 5324 Wanarp - ok
19:35:52.0937 5324 WDICA - ok
19:35:52.0953 5324 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:35:52.0953 5324 wdmaud - ok
19:35:52.0968 5324 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:35:52.0968 5324 WebClient - ok
19:35:52.0984 5324 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:35:52.0984 5324 winmgmt - ok
19:35:53.0031 5324 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:35:53.0046 5324 wlidsvc - ok
19:35:53.0062 5324 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
19:35:53.0062 5324 WmdmPmSN - ok
19:35:53.0093 5324 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:35:53.0109 5324 Wmi - ok
19:35:53.0125 5324 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:35:53.0125 5324 WmiApSrv - ok
19:35:53.0156 5324 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:35:53.0171 5324 WMPNetworkSvc - ok
19:35:53.0187 5324 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:35:53.0187 5324 WS2IFSL - ok
19:35:53.0203 5324 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:35:53.0203 5324 wscsvc - ok
19:35:53.0218 5324 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
19:35:53.0218 5324 wuauserv - ok
19:35:53.0234 5324 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:35:53.0250 5324 WudfPf - ok
19:35:53.0265 5324 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:35:53.0265 5324 WudfRd - ok
19:35:53.0281 5324 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:35:53.0281 5324 WudfSvc - ok
19:35:53.0296 5324 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
19:35:53.0312 5324 WZCSVC - ok
19:35:53.0328 5324 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:35:53.0359 5324 xmlprov - ok
19:35:53.0359 5324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:35:53.0453 5324 \Device\Harddisk1\DR1 - ok
19:35:53.0468 5324 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
19:35:53.0484 5324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
19:35:53.0484 5324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
19:35:53.0484 5324 Boot (0x1200) (40187c2e09d553f91f831c3d8044e358) \Device\Harddisk1\DR1\Partition0
19:35:53.0484 5324 \Device\Harddisk1\DR1\Partition0 - ok
19:35:53.0515 5324 Boot (0x1200) (2b4647d153054b765651f6ed5700f4c7) \Device\Harddisk0\DR0\Partition0
19:35:53.0515 5324 \Device\Harddisk0\DR0\Partition0 - ok
19:35:53.0531 5324 Boot (0x1200) (873a3bb05cdfae269ee4ecfd21cd7d33) \Device\Harddisk0\DR0\Partition1
19:35:53.0531 5324 \Device\Harddisk0\DR0\Partition1 - ok
19:35:53.0531 5324 ============================================================
19:35:53.0531 5324 Scan finished
19:35:53.0531 5324 ============================================================
19:35:53.0531 5316 Detected object count: 1
19:35:53.0531 5316 Actual detected object count: 1
19:36:05.0937 5316 \Device\Harddisk0\DR0\# - copied to quarantine
19:36:05.0937 5316 \Device\Harddisk0\DR0 - copied to quarantine
19:36:06.0015 5316 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
19:36:06.0015 5316 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
19:36:06.0015 5316 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
19:36:06.0031 5316 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:36:06.0031 5316 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:36:06.0031 5316 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
19:36:06.0046 5316 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
19:36:06.0046 5316 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
19:36:06.0046 5316 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
19:36:06.0078 5316 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
19:36:06.0078 5316 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
19:36:06.0078 5316 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
19:36:06.0078 5316 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:36:06.0078 5316 \Device\Harddisk0\DR0 - ok
19:36:12.0203 5316 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:36:14.0890 4672 Deinitialize success
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,623 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
25-Mar-2012, 04:48 AM #5
next
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Here or Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,884 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
25-Mar-2012, 09:40 AM #6
Quote:
Originally Posted by Remiel View Post
Well, I did all of the above, and it seems to have worked with the rootkit. See the TDSS killer log below. My question, though, is that I thought Ccleaner was a good tool to clean up the registry? Also, what are your thoughts on Norton 360? Does it give more "bang for the buck" than, say, MBAM?
"Cleaning" the registry is NEVER a good thing to do. The end result of doing that can be a damaged Windows operating system and some programs that no longer work and unexpected error/warning mesages and overall havoc with your computer.

Avoid using cleaner/optimizer/booster/tuneup type programs, no matter what they claim they can do.

------------------------------------------------------------------
Remiel's Avatar
Remiel Remiel is offline
Computer Specs
Member with 3 posts.
THREAD STARTER
 
Join Date: Mar 2012
Experience: Intermediate
25-Mar-2012, 06:33 PM #7
re: happili redirect rootkit
The problem seems to have been solved, from what I can tell. Thank you both for your assistance.

ComboFix Log:

ComboFix 12-03-22.01 - Adam 03/25/2012 12:28:53.3.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2682 [GMT -7:00]
Running from: c:\documents and settings\Adam\Desktop\username123.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 02:36 . 2012-03-25 02:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-25 02:23 . 2012-03-25 02:23 -------- d-----w- c:\documents and settings\Adam\Application Data\SUPERAntiSpyware.com
2012-03-25 02:22 . 2012-03-25 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-03-25 02:19 . 2012-03-25 02:19 -------- d-----w- c:\program files\Common Files\Java
2012-03-25 02:19 . 2012-03-25 02:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-03-25 02:19 . 2012-03-25 02:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-25 02:19 . 2012-03-25 02:19 -------- d-----w- c:\program files\Java
2012-03-24 02:37 . 2012-03-24 06:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-15 03:40 . 2012-03-15 19:19 -------- d-----w- C:\sh4ldr
2012-03-15 03:40 . 2012-03-15 03:40 -------- d-----w- c:\program files\Enigma Software Group
2012-03-15 03:39 . 2012-03-15 19:19 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-15 03:34 . 2012-03-15 03:34 -------- d-----w- c:\program files\Real
2012-03-15 03:34 . 2012-03-15 03:34 -------- d-----w- c:\program files\Common Files\xing shared
2012-03-13 04:57 . 2012-03-13 04:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 03:34 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-15 03:34 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-03-14 04:15 . 2010-02-07 04:26 16608 ----a-w- c:\windows\gdrv.sys
2012-02-03 09:22 . 2008-04-14 08:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 06:29 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2010-02-06 23:39 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-05-17 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-03-24_01.28.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-25 18:16 . 2012-03-25 18:16 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat
+ 2012-03-25 18:14 . 2012-03-25 18:14 16384 c:\windows\Temp\Perflib_Perfdata_24c.dat
+ 2012-03-24 02:37 . 2012-03-24 02:37 250528 c:\windows\system32\Macromed\Flash\FlashUtil11g_Plugin.exe
- 2012-03-14 04:27 . 2012-03-14 04:27 250528 c:\windows\system32\Macromed\Flash\FlashUtil11g_Plugin.exe
+ 2012-03-24 06:49 . 2012-03-24 06:49 250528 c:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
+ 2012-03-24 06:49 . 2012-03-24 06:49 335520 c:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.dll
+ 2012-03-25 02:19 . 2012-03-25 02:19 157472 c:\windows\system32\javaws.exe
+ 2012-03-25 02:19 . 2012-03-25 02:19 149280 c:\windows\system32\javaw.exe
+ 2012-03-25 02:19 . 2012-03-25 02:19 149280 c:\windows\system32\java.exe
- 2010-02-06 15:31 . 2012-02-15 11:19 145216 c:\windows\system32\FNTCACHE.DAT
+ 2010-02-06 15:31 . 2012-03-25 18:14 145216 c:\windows\system32\FNTCACHE.DAT
+ 2010-02-06 23:39 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
+ 2012-03-25 02:19 . 2012-03-25 02:19 203776 c:\windows\Installer\1d8ec72.msi
+ 2012-03-25 02:19 . 2012-03-25 02:19 902656 c:\windows\Installer\1d8ec6b.msi
+ 2012-03-24 02:37 . 2012-03-24 02:37 8527520 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-10-28 03:40 . 2012-03-14 04:27 8527520 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-04-14 08:00 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
+ 2012-03-24 02:30 . 2012-03-24 02:30 3947520 c:\windows\Installer\1abda43.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"SUPERAntiSpyware"="e:\program files\Superantispyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-08 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-08 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"TkBellExe"="e:\program files\update\realsched.exe" [2012-03-15 296056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-11-5 113664]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\Superantispyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- e:\program files\Superantispyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
= [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ------r- c:\windows\alcwzrd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-03-08 08:37 1657376 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-23 08:51 16804864 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-06-18 10:01 77824 ----a-r- c:\windows\SoundMan.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"e:\\Program Files\\Steam\\Steam.exe"=
"e:\\Civ 4\\Civilization4.exe"=
"e:\\Civ 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"e:\\Civ 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"d:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"=
"e:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"e:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"e:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\Trillian\\trillian.exe"=
"e:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"e:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\CivilizationV.exe"=
"e:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
"e:\\games\\Dragon Age\\bin_ship\\daorigins.exe"=
"e:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\ApexDC++\\ApexDC.exe"=
"e:\\Program Files\\Microsoft Games\\Age of Empires Online\\Spartan.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\kings bounty armored princess\\kb.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"e:\\Program Files\\Steam\\steamapps\\common\\tales of monkey island - chapter 1\\MonkeyIsland101.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\tales of monkey island - chapter 2\\MonkeyIsland102.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\tales of monkey island - chapter 3\\MonkeyIsland103.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\tales of monkey island - chapter 4\\MonkeyIsland104.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\tales of monkey island - chapter 5\\MonkeyIsland105.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\the secret of monkey island special edition\\MISE.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\monkey2\\Monkey2.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent\\Launcher.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\disciples 3\\DisciplesIII.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\disciples iii resurrection\\DisciplesIII.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"e:\\Program Files\\Steam\\steamapps\\common\\skyrim\\SkyrimLauncher.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [1/30/2012 10:31 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [1/30/2012 10:31 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [3/20/2012 10:47 AM 820856]
R1 SASDIFSV;SASDIFSV;e:\program files\Superantispyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;e:\program files\Superantispyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [1/30/2012 10:31 PM 136312]
R2 !SASCORE;SAS Core Service;e:\program files\Superantispyware\SASCore.exe [8/11/2011 4:38 PM 116608]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.0.13\ccsvchst.exe [1/30/2012 10:31 PM 130008]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [4/11/2010 2:08 PM 18864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 9:25 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120323.002\IDSXpx86.sys [3/23/2012 3:40 PM 356280]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2012-03-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-527237240-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-31 00:45]
.
2012-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-527237240-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-31 00:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\2t562kkq.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ccleaner - c:\program files\CCleaner\CCleaner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-25 12:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
e:\program files\Superantispyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-03-25 12:35:06
ComboFix-quarantined-files.txt 2012-03-25 19:35
ComboFix2.txt 2012-03-24 02:17
ComboFix3.txt 2012-03-24 01:33
.
Pre-Run: 14,904,602,624 bytes free
Post-Run: 15,052,201,984 bytes free
.
- - End Of File - - 4DB781DD2441D8EAE80049E68B20F224
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,623 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
26-Mar-2012, 10:28 AM #8
if it is cured then

*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer and update whatever it suggests

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑