1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Happili redirect virus

Discussion in 'Virus & Other Malware Removal' started by Remiel, Mar 24, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Remiel

    Remiel Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    3
    About a week ago, I picked up some malware, either through an infected email or, I'm ashamed to admit, bittorrent. I have run Malwarebytes which caught some of the malware, but there is a particularly pernicious virus which seems to have hijacked any browser I open. Now, whenever I open google, the page is redirected to other suspicious sites including a site called Happili. I have read that other users on this forum have experienced this but have so far been unable to get rid of it. I have Windows XP SP 3 and am running Norton 360.

    Hijack this:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:58:29 PM, on 3/23/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\system32\hphmon03.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    E:\program files\update\realsched.exe
    E:\Program Files\Steam\Steam.exe
    E:\Program Files\Trillian\trillian.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    E:\Program Files\Java\bin\jqs.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\HPHipm09.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Adam\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [TkBellExe] "E:\program files\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Steam] "E:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe

    --
    End of file - 8112 bytes

    dds.txt:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
    Run by Adam at 19:59:09 on 2012-03-23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2457 [GMT -7:00]
    .
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\WINDOWS\system32\hphmon03.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    E:\program files\update\realsched.exe
    E:\Program Files\Steam\Steam.exe
    E:\Program Files\Trillian\trillian.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    E:\Program Files\Java\bin\jqs.exe
    c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\HPHipm09.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Program Files\Mozilla Firefox\plugin-container.exe
    e:\program files\RealPlay.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.0.13\ips\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
    uRun: [Steam] "e:\program files\steam\Steam.exe" -silent
    uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
    mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
    mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [TkBellExe] "e:\program files\update\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office10\OSA.EXE
    IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{7806A9B7-7AF3-4D7C-B1C4-22AB45D50E6B} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\adam\application data\mozilla\firefox\profiles\2t562kkq.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: e:\program files\itunes\mozilla plugins\npitunes.dll
    FF - plugin: e:\program files\java\bin\new_plugin\npdeploytk.dll
    FF - plugin: e:\program files\java\bin\new_plugin\npjp2.dll
    FF - plugin: e:\program files\netscape6\nppl3260.dll
    FF - plugin: e:\program files\netscape6\nprjplug.dll
    FF - plugin: e:\program files\netscape6\nprpjplug.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-1-30 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-1-30 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-20 820856]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-1-30 136312]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-12-25 95200]
    R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-1-30 130008]
    R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2010-4-11 18864]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120323.002\IDSXpx86.sys [2012-3-23 356280]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120322.019\NAVENG.SYS [2012-3-22 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120322.019\NAVEX15.SYS [2012-3-22 1576312]
    S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-24 02:37:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-24 01:11:45 98816 ----a-w- c:\windows\sed.exe
    2012-03-24 01:11:45 518144 ----a-w- c:\windows\SWREG.exe
    2012-03-24 01:11:45 256000 ----a-w- c:\windows\PEV.exe
    2012-03-24 01:11:45 208896 ----a-w- c:\windows\MBR.exe
    2012-03-15 19:19:51 -------- d-----w- c:\windows\system32\appmgmt
    2012-03-15 03:40:26 -------- d-----w- C:\sh4ldr
    2012-03-15 03:40:26 -------- d-----w- c:\program files\Enigma Software Group
    2012-03-15 03:39:45 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
    2012-03-15 03:34:41 -------- d-----w- c:\program files\common files\xing shared
    .
    ==================== Find3M ====================
    .
    2012-03-15 03:34:18 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-03-15 03:34:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-03-14 04:15:46 16608 ----a-w- c:\windows\gdrv.sys
    2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD1001FALS-00K1B0 rev.05.00K05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A30D49F]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a314740]; MOV EAX, [0x8a3148b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A652AB8]
    3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007b[0x8A610398]
    5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A6AAD98]
    \Driver\atapi[0x8A3DAF38] -> IRP_MJ_CREATE -> 0x8A30D49F
    error: Read A device attached to the system is not functioning.
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x8A30D2C6
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 20:00:34.14 ===============

    ark.txt:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-23 23:09:25
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\HPHID409PRINT_HPHI091 WDC_WD1001FALS-00K1B0 rev.05.00K05
    Running: tpwughz6.exe; Driver: C:\DOCUME~1\Adam\LOCALS~1\Temp\uwpiifob.sys


    ---- System - GMER 1.0.15 ----

    SSDT 89849008 ZwAlertResumeThread
    SSDT 8981C118 ZwAlertThread
    SSDT 898B9748 ZwAllocateVirtualMemory
    SSDT 8983B0C8 ZwAssignProcessToJobObject
    SSDT 8A22FE08 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB6C66710]
    SSDT 8983D110 ZwCreateMutant
    SSDT 89839478 ZwCreateSymbolicLinkObject
    SSDT 89FA3618 ZwCreateThread
    SSDT 8983B1A8 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB6C66990]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB6C66EF0]
    SSDT 898B58C0 ZwDuplicateObject
    SSDT 898B27F8 ZwFreeVirtualMemory
    SSDT 8983D008 ZwImpersonateAnonymousToken
    SSDT 89849118 ZwImpersonateThread
    SSDT 899B3E20 ZwLoadDriver
    SSDT 898B2718 ZwMapViewOfSection
    SSDT 897FE008 ZwOpenEvent
    SSDT 898B7560 ZwOpenProcess
    SSDT 898BA7F8 ZwOpenProcessToken
    SSDT 8981D008 ZwOpenSection
    SSDT 898B59B0 ZwOpenThread
    SSDT 89839568 ZwProtectVirtualMemory
    SSDT 8981C008 ZwResumeThread
    SSDT 8987A120 ZwSetContextThread
    SSDT 8981E0C8 ZwSetInformationProcess
    SSDT 8981D0B8 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB6C67140]
    SSDT 897FE120 ZwSuspendProcess
    SSDT 898676B0 ZwSuspendThread
    SSDT 89C70060 ZwTerminateProcess
    SSDT 8987A060 ZwTerminateThread
    SSDT 898BC3E8 ZwUnmapViewOfSection
    SSDT 898B1660 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 3010 805048AC 4 Bytes CALL ECD9D474
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9614380, 0x34E2EF, 0xE8000020]
    ? C:\DOCUME~1\Adam\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[1252] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0096000C
    .text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E8000A
    .text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00E9000A
    .text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00EA000A
    .text C:\WINDOWS\System32\svchost.exe[1252] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00E7000A
    .text E:\program files\update\realsched.exe[1832] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A30D2C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A30D2C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A30D2C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A30D2C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A30D2C6
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-12 8A30D2C6

    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\SymDS\Temp\musdmys_DtuhKINhgdFX2XMDrzX1 0 bytes
    File C:\WINDOWS\system32\oobe\actsetup\actconn.htm 3196 bytes
    File C:\WINDOWS\system32\oobe\actsetup\actdone.htm 1829 bytes
    File C:\WINDOWS\system32\oobe\actsetup\activ.htm 5579 bytes
    File C:\WINDOWS\system32\oobe\actsetup\activerr.htm 2018 bytes
    File C:\WINDOWS\system32\oobe\actsetup\activsvc.htm 8306 bytes
    File C:\WINDOWS\system32\oobe\actsetup\actlan.htm 4171 bytes
    File C:\WINDOWS\system32\oobe\actsetup\adeskerr.htm 18740 bytes
    File C:\WINDOWS\system32\oobe\actsetup\adrdyreg.htm 4706 bytes
    File C:\WINDOWS\system32\oobe\actsetup\apolicy.htm 4527 bytes
    File C:\WINDOWS\system32\oobe\actsetup\aprvcyms.htm 4700 bytes
    File C:\WINDOWS\system32\oobe\actsetup\areg1.htm 4007 bytes
    File C:\WINDOWS\system32\oobe\actsetup\aregdial.htm 2182 bytes
    File C:\WINDOWS\system32\oobe\actsetup\aregdone.htm 1891 bytes
    File C:\WINDOWS\system32\oobe\actsetup\aregsty2.css 2286 bytes
    File C:\WINDOWS\system32\oobe\actsetup\aregstyl.css 2277 bytes
    File C:\WINDOWS\system32\oobe\actsetup\ausrinfo.htm 7187 bytes
    File C:\WINDOWS\system32\oobe\actsetup\stgact.htm 10281 bytes
    File C:\WINDOWS\system32\oobe\error\cnncterr.htm 3384 bytes
    File C:\WINDOWS\system32\oobe\error\dialtone.htm 3039 bytes
    File C:\WINDOWS\system32\oobe\error\hndshake.htm 2255 bytes
    File C:\WINDOWS\system32\oobe\error\isp2busy.htm 2163 bytes
    File C:\WINDOWS\system32\oobe\error\noanswer.htm 6328 bytes
    File C:\WINDOWS\system32\oobe\error\pberr.htm 2044 bytes
    File C:\WINDOWS\system32\oobe\error\pulse.htm 2663 bytes
    File C:\WINDOWS\system32\oobe\error\toobusy.htm 6128 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    Thanks for being honest about your computing habits.

    ---------------------------------------------------

    Go to Add Or Remove Programs, then uninstall/remove

    BitTorrent

    CCleaner

    McAfee SiteAdvisor


    ---------------------------------------------------

    Download and save

    Java Runtime Environment 1.6.0.31(6 Update 31)

    SUPERAntiSpyware Free Edition 5.0.0.1146

    then close all open windows first, then install them.

    Make sure to update the definition files during the install of SUPERAntiSpyware.

    Restart the computer after they're both installed.

    ---------------------------------------------------

    Start Malwarebytes Anti-Malware 1.60.1.1000, then run its update feature so it can update its definition files.

    ---------------------------------------------------

    DON'T run any scans yet.

    ---------------------------------------------------
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,830
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  4. Remiel

    Remiel Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    3
    Well, I did all of the above, and it seems to have worked with the rootkit. See the TDSS killer log below. My question, though, is that I thought Ccleaner was a good tool to clean up the registry? Also, what are your thoughts on Norton 360? Does it give more "bang for the buck" than, say, MBAM?

    ---
    19:35:40.0484 4676 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    19:35:41.0421 4676 ============================================================
    19:35:41.0421 4676 Current date / time: 2012/03/24 19:35:41.0421
    19:35:41.0421 4676 SystemInfo:
    19:35:41.0421 4676
    19:35:41.0421 4676 OS Version: 5.1.2600 ServicePack: 3.0
    19:35:41.0421 4676 Product type: Workstation
    19:35:41.0421 4676 ComputerName: ADAM-4346DE0177
    19:35:41.0421 4676 UserName: Adam
    19:35:41.0421 4676 Windows directory: C:\WINDOWS
    19:35:41.0421 4676 System windows directory: C:\WINDOWS
    19:35:41.0421 4676 Processor architecture: Intel x86
    19:35:41.0421 4676 Number of processors: 8
    19:35:41.0421 4676 Page size: 0x1000
    19:35:41.0421 4676 Boot type: Normal boot
    19:35:41.0421 4676 ============================================================
    19:35:43.0593 4676 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    19:35:43.0593 4676 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    19:35:43.0593 4676 \Device\Harddisk1\DR1:
    19:35:43.0593 4676 MBR used
    19:35:43.0593 4676 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
    19:35:43.0593 4676 \Device\Harddisk0\DR0:
    19:35:43.0593 4676 MBR used
    19:35:43.0609 4676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x61A3A66
    19:35:43.0609 4676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A7966, BlocksNum 0x6E55E05B
    19:35:43.0671 4676 Initialize success
    19:35:43.0671 4676 ============================================================
    19:35:46.0875 5324 ============================================================
    19:35:46.0875 5324 Scan started
    19:35:46.0875 5324 Mode: Manual;
    19:35:46.0875 5324 ============================================================
    19:35:47.0640 5324 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) E:\Program Files\Superantispyware\SASCORE.EXE
    19:35:47.0640 5324 !SASCORE - ok
    19:35:47.0765 5324 Abiosdsk - ok
    19:35:47.0781 5324 abp480n5 - ok
    19:35:47.0796 5324 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    19:35:47.0859 5324 ACPI - ok
    19:35:47.0890 5324 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    19:35:47.0890 5324 ACPIEC - ok
    19:35:47.0890 5324 adpu160m - ok
    19:35:47.0906 5324 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    19:35:47.0906 5324 aec - ok
    19:35:47.0921 5324 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    19:35:47.0921 5324 AFD - ok
    19:35:47.0937 5324 Aha154x - ok
    19:35:47.0937 5324 aic78u2 - ok
    19:35:47.0937 5324 aic78xx - ok
    19:35:47.0953 5324 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    19:35:47.0968 5324 Alerter - ok
    19:35:47.0984 5324 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    19:35:47.0984 5324 ALG - ok
    19:35:48.0000 5324 AliIde - ok
    19:35:48.0000 5324 amsint - ok
    19:35:48.0062 5324 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:35:48.0062 5324 Apple Mobile Device - ok
    19:35:48.0078 5324 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    19:35:48.0078 5324 AppMgmt - ok
    19:35:48.0093 5324 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    19:35:48.0093 5324 Arp1394 - ok
    19:35:48.0093 5324 asc - ok
    19:35:48.0093 5324 asc3350p - ok
    19:35:48.0109 5324 asc3550 - ok
    19:35:48.0125 5324 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    19:35:48.0140 5324 aspnet_state - ok
    19:35:48.0156 5324 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:35:48.0156 5324 AsyncMac - ok
    19:35:48.0156 5324 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:35:48.0156 5324 atapi - ok
    19:35:48.0171 5324 Atdisk - ok
    19:35:48.0171 5324 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:35:48.0171 5324 Atmarpc - ok
    19:35:48.0187 5324 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    19:35:48.0187 5324 AudioSrv - ok
    19:35:48.0187 5324 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:35:48.0187 5324 audstub - ok
    19:35:48.0203 5324 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    19:35:48.0203 5324 Beep - ok
    19:35:48.0296 5324 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
    19:35:48.0296 5324 BHDrvx86 - ok
    19:35:48.0328 5324 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    19:35:48.0359 5324 BITS - ok
    19:35:48.0375 5324 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    19:35:48.0375 5324 Bonjour Service - ok
    19:35:48.0390 5324 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    19:35:48.0390 5324 Browser - ok
    19:35:48.0421 5324 catchme - ok
    19:35:48.0437 5324 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:35:48.0437 5324 cbidf2k - ok
    19:35:48.0453 5324 cd20xrnt - ok
    19:35:48.0453 5324 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:35:48.0453 5324 Cdaudio - ok
    19:35:48.0468 5324 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    19:35:48.0468 5324 Cdfs - ok
    19:35:48.0468 5324 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:35:48.0468 5324 Cdrom - ok
    19:35:48.0468 5324 Changer - ok
    19:35:48.0484 5324 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    19:35:48.0484 5324 CiSvc - ok
    19:35:48.0500 5324 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    19:35:48.0500 5324 ClipSrv - ok
    19:35:48.0531 5324 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:35:48.0546 5324 clr_optimization_v2.0.50727_32 - ok
    19:35:48.0546 5324 CmdIde - ok
    19:35:48.0546 5324 COMSysApp - ok
    19:35:48.0562 5324 Cpqarray - ok
    19:35:48.0578 5324 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    19:35:48.0578 5324 CryptSvc - ok
    19:35:48.0593 5324 dac2w2k - ok
    19:35:48.0593 5324 dac960nt - ok
    19:35:48.0625 5324 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    19:35:48.0625 5324 DcomLaunch - ok
    19:35:48.0640 5324 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    19:35:48.0640 5324 Dhcp - ok
    19:35:48.0640 5324 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    19:35:48.0640 5324 Disk - ok
    19:35:48.0656 5324 dmadmin - ok
    19:35:48.0671 5324 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    19:35:48.0687 5324 dmboot - ok
    19:35:48.0703 5324 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    19:35:48.0703 5324 dmio - ok
    19:35:48.0703 5324 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    19:35:48.0718 5324 dmload - ok
    19:35:48.0718 5324 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    19:35:48.0718 5324 dmserver - ok
    19:35:48.0750 5324 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    19:35:48.0750 5324 DMusic - ok
    19:35:48.0765 5324 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    19:35:48.0765 5324 Dnscache - ok
    19:35:48.0765 5324 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    19:35:48.0781 5324 Dot3svc - ok
    19:35:48.0796 5324 Dot4 HPH09 (ad4bf19f18e56e9cc23b02b53321336e) C:\WINDOWS\system32\DRIVERS\hphid409.sys
    19:35:48.0796 5324 Dot4 HPH09 - ok
    19:35:48.0812 5324 Dot4Print HPH09 (81ac4ae8ff949bf5924b5ee00d5ac90b) C:\WINDOWS\system32\DRIVERS\hphipr09.sys
    19:35:48.0812 5324 Dot4Print HPH09 - ok
    19:35:48.0843 5324 Dot4Storage HPH09 (47b5fd84ca8d16060c4e59647d80c0ca) C:\WINDOWS\system32\Drivers\hphs2k09.sys
    19:35:48.0843 5324 Dot4Storage HPH09 - ok
    19:35:48.0859 5324 Dot4Usb HPH09 (eb20c76c39917b1641bb4c5206be7d76) C:\WINDOWS\system32\drivers\hphius09.sys
    19:35:48.0859 5324 Dot4Usb HPH09 - ok
    19:35:48.0859 5324 dpti2o - ok
    19:35:48.0875 5324 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    19:35:48.0890 5324 drmkaud - ok
    19:35:48.0906 5324 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    19:35:48.0906 5324 EapHost - ok
    19:35:48.0937 5324 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    19:35:48.0937 5324 eeCtrl - ok
    19:35:48.0937 5324 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    19:35:48.0937 5324 EraserUtilRebootDrv - ok
    19:35:48.0953 5324 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    19:35:48.0953 5324 ERSvc - ok
    19:35:48.0968 5324 esgiguard - ok
    19:35:48.0984 5324 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    19:35:48.0984 5324 Eventlog - ok
    19:35:49.0015 5324 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    19:35:49.0015 5324 EventSystem - ok
    19:35:49.0015 5324 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    19:35:49.0031 5324 Fastfat - ok
    19:35:49.0046 5324 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    19:35:49.0046 5324 FastUserSwitchingCompatibility - ok
    19:35:49.0062 5324 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    19:35:49.0062 5324 Fdc - ok
    19:35:49.0078 5324 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    19:35:49.0078 5324 Fips - ok
    19:35:49.0078 5324 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    19:35:49.0078 5324 Flpydisk - ok
    19:35:49.0093 5324 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    19:35:49.0093 5324 FltMgr - ok
    19:35:49.0125 5324 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    19:35:49.0140 5324 FontCache3.0.0.0 - ok
    19:35:49.0140 5324 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:35:49.0140 5324 Fs_Rec - ok
    19:35:49.0140 5324 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:35:49.0156 5324 Ftdisk - ok
    19:35:49.0171 5324 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
    19:35:49.0171 5324 gdrv - ok
    19:35:49.0187 5324 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    19:35:49.0187 5324 GEARAspiWDM - ok
    19:35:49.0203 5324 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:35:49.0203 5324 Gpc - ok
    19:35:49.0218 5324 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    19:35:49.0218 5324 HDAudBus - ok
    19:35:49.0234 5324 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    19:35:49.0234 5324 helpsvc - ok
    19:35:49.0250 5324 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    19:35:49.0250 5324 HidServ - ok
    19:35:49.0265 5324 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    19:35:49.0265 5324 hidusb - ok
    19:35:49.0281 5324 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    19:35:49.0281 5324 hkmsvc - ok
    19:35:49.0296 5324 hpn - ok
    19:35:49.0312 5324 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    19:35:49.0312 5324 HTTP - ok
    19:35:49.0343 5324 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    19:35:49.0343 5324 HTTPFilter - ok
    19:35:49.0343 5324 i2omgmt - ok
    19:35:49.0343 5324 i2omp - ok
    19:35:49.0359 5324 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
    19:35:49.0359 5324 i8042prt - ok
    19:35:49.0390 5324 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:35:49.0406 5324 idsvc - ok
    19:35:49.0515 5324 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120323.002\IDSxpx86.sys
    19:35:49.0515 5324 IDSxpx86 - ok
    19:35:49.0515 5324 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:35:49.0515 5324 Imapi - ok
    19:35:49.0531 5324 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    19:35:49.0531 5324 ImapiService - ok
    19:35:49.0531 5324 ini910u - ok
    19:35:49.0625 5324 IntcAzAudAddService (4aaa8312732655f93a254d1fa695eb79) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    19:35:49.0640 5324 IntcAzAudAddService - ok
    19:35:49.0671 5324 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    19:35:49.0671 5324 IntelIde - ok
    19:35:49.0687 5324 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    19:35:49.0687 5324 intelppm - ok
    19:35:49.0703 5324 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    19:35:49.0703 5324 Ip6Fw - ok
    19:35:49.0718 5324 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:35:49.0718 5324 IpFilterDriver - ok
    19:35:49.0734 5324 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:35:49.0734 5324 IpInIp - ok
    19:35:49.0750 5324 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:35:49.0750 5324 IpNat - ok
    19:35:49.0796 5324 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
    19:35:49.0796 5324 iPod Service - ok
    19:35:49.0812 5324 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:35:49.0812 5324 IPSec - ok
    19:35:49.0828 5324 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:35:49.0843 5324 IRENUM - ok
    19:35:49.0859 5324 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:35:49.0859 5324 isapnp - ok
    19:35:49.0921 5324 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
    19:35:49.0921 5324 JavaQuickStarterService - ok
    19:35:49.0937 5324 JRAID (a324485106f133e751f4b7f47c4be3ea) C:\WINDOWS\system32\DRIVERS\jraid.sys
    19:35:49.0937 5324 JRAID - ok
    19:35:49.0953 5324 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:35:49.0953 5324 Kbdclass - ok
    19:35:49.0984 5324 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    19:35:49.0984 5324 kbdhid - ok
    19:35:50.0000 5324 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    19:35:50.0000 5324 kmixer - ok
    19:35:50.0015 5324 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    19:35:50.0015 5324 KSecDD - ok
    19:35:50.0046 5324 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    19:35:50.0046 5324 LanmanServer - ok
    19:35:50.0062 5324 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    19:35:50.0062 5324 lanmanworkstation - ok
    19:35:50.0062 5324 lbrtfdc - ok
    19:35:50.0078 5324 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    19:35:50.0078 5324 LmHosts - ok
    19:35:50.0093 5324 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    19:35:50.0093 5324 Messenger - ok
    19:35:50.0109 5324 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    19:35:50.0109 5324 mnmdd - ok
    19:35:50.0125 5324 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    19:35:50.0125 5324 mnmsrvc - ok
    19:35:50.0140 5324 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    19:35:50.0140 5324 Modem - ok
    19:35:50.0140 5324 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:35:50.0140 5324 Mouclass - ok
    19:35:50.0171 5324 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    19:35:50.0171 5324 mouhid - ok
    19:35:50.0171 5324 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    19:35:50.0171 5324 MountMgr - ok
    19:35:50.0171 5324 mraid35x - ok
    19:35:50.0187 5324 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:35:50.0187 5324 MRxDAV - ok
    19:35:50.0203 5324 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:35:50.0218 5324 MRxSmb - ok
    19:35:50.0234 5324 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    19:35:50.0234 5324 MSDTC - ok
    19:35:50.0250 5324 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    19:35:50.0250 5324 Msfs - ok
    19:35:50.0250 5324 MSIServer - ok
    19:35:50.0265 5324 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:35:50.0265 5324 MSKSSRV - ok
    19:35:50.0265 5324 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:35:50.0281 5324 MSPCLOCK - ok
    19:35:50.0281 5324 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    19:35:50.0281 5324 MSPQM - ok
    19:35:50.0296 5324 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    19:35:50.0296 5324 mssmbios - ok
    19:35:50.0312 5324 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    19:35:50.0312 5324 Mup - ok
    19:35:50.0359 5324 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
    19:35:50.0359 5324 N360 - ok
    19:35:50.0375 5324 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    19:35:50.0390 5324 napagent - ok
    19:35:50.0484 5324 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120323.023\NAVENG.SYS
    19:35:50.0484 5324 NAVENG - ok
    19:35:50.0531 5324 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120323.023\NAVEX15.SYS
    19:35:50.0546 5324 NAVEX15 - ok
    19:35:50.0546 5324 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    19:35:50.0546 5324 NDIS - ok
    19:35:50.0578 5324 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:35:50.0578 5324 NdisTapi - ok
    19:35:50.0593 5324 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:35:50.0593 5324 Ndisuio - ok
    19:35:50.0609 5324 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:35:50.0609 5324 NdisWan - ok
    19:35:50.0609 5324 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    19:35:50.0609 5324 NDProxy - ok
    19:35:50.0625 5324 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:35:50.0625 5324 NetBIOS - ok
    19:35:50.0640 5324 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:35:50.0640 5324 NetBT - ok
    19:35:50.0656 5324 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    19:35:50.0656 5324 NetDDE - ok
    19:35:50.0656 5324 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    19:35:50.0656 5324 NetDDEdsdm - ok
    19:35:50.0671 5324 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:35:50.0687 5324 Netlogon - ok
    19:35:50.0687 5324 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    19:35:50.0687 5324 Netman - ok
    19:35:50.0718 5324 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:35:50.0734 5324 NetTcpPortSharing - ok
    19:35:50.0750 5324 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    19:35:50.0750 5324 NIC1394 - ok
    19:35:50.0765 5324 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    19:35:50.0765 5324 Nla - ok
    19:35:50.0781 5324 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    19:35:50.0781 5324 Npfs - ok
    19:35:50.0781 5324 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    19:35:50.0796 5324 Ntfs - ok
    19:35:50.0796 5324 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:35:50.0796 5324 NtLmSsp - ok
    19:35:50.0812 5324 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    19:35:50.0812 5324 NtmsSvc - ok
    19:35:50.0843 5324 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    19:35:50.0843 5324 Null - ok
    19:35:50.0953 5324 nv (29e060897a3179660c49367f52fcaac0) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    19:35:51.0031 5324 nv - ok
    19:35:51.0046 5324 NVSvc (c7fe8c39c91b8bf7044742e76b1bcadf) C:\WINDOWS\system32\nvsvc32.exe
    19:35:51.0062 5324 NVSvc - ok
    19:35:51.0078 5324 NWCWorkstation (2c2fd0e6b0180f94c260dd26706aa5f4) C:\WINDOWS\System32\nwwks.dll
    19:35:51.0078 5324 NWCWorkstation - ok
    19:35:51.0093 5324 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:35:51.0093 5324 NwlnkFlt - ok
    19:35:51.0093 5324 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:35:51.0093 5324 NwlnkFwd - ok
    19:35:51.0109 5324 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    19:35:51.0109 5324 NwlnkIpx - ok
    19:35:51.0125 5324 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    19:35:51.0125 5324 NwlnkNb - ok
    19:35:51.0140 5324 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    19:35:51.0140 5324 NwlnkSpx - ok
    19:35:51.0140 5324 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
    19:35:51.0140 5324 NWRDR - ok
    19:35:51.0156 5324 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    19:35:51.0156 5324 ohci1394 - ok
    19:35:51.0187 5324 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    19:35:51.0187 5324 Parport - ok
    19:35:51.0187 5324 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    19:35:51.0187 5324 PartMgr - ok
    19:35:51.0203 5324 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    19:35:51.0203 5324 ParVdm - ok
    19:35:51.0218 5324 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    19:35:51.0218 5324 PCI - ok
    19:35:51.0218 5324 PCIDump - ok
    19:35:51.0234 5324 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:35:51.0234 5324 PCIIde - ok
    19:35:51.0234 5324 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:35:51.0250 5324 Pcmcia - ok
    19:35:51.0250 5324 PDCOMP - ok
    19:35:51.0250 5324 PDFRAME - ok
    19:35:51.0265 5324 PDRELI - ok
    19:35:51.0265 5324 PDRFRAME - ok
    19:35:51.0281 5324 perc2 - ok
    19:35:51.0281 5324 perc2hib - ok
    19:35:51.0312 5324 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    19:35:51.0312 5324 PlugPlay - ok
    19:35:51.0343 5324 Pml Driver (913aef7fc38959155f426b1e997e798f) C:\WINDOWS\system32\HPHipm09.exe
    19:35:51.0343 5324 Pml Driver - ok
    19:35:51.0359 5324 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:35:51.0359 5324 PolicyAgent - ok
    19:35:51.0359 5324 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:35:51.0359 5324 PptpMiniport - ok
    19:35:51.0375 5324 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:35:51.0375 5324 ProtectedStorage - ok
    19:35:51.0375 5324 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    19:35:51.0375 5324 PSched - ok
    19:35:51.0390 5324 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:35:51.0390 5324 Ptilink - ok
    19:35:51.0406 5324 ql1080 - ok
    19:35:51.0406 5324 Ql10wnt - ok
    19:35:51.0406 5324 ql12160 - ok
    19:35:51.0421 5324 ql1240 - ok
    19:35:51.0421 5324 ql1280 - ok
    19:35:51.0421 5324 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:35:51.0437 5324 RasAcd - ok
    19:35:51.0453 5324 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    19:35:51.0453 5324 RasAuto - ok
    19:35:51.0453 5324 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:35:51.0453 5324 Rasl2tp - ok
    19:35:51.0468 5324 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    19:35:51.0484 5324 RasMan - ok
    19:35:51.0484 5324 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:35:51.0484 5324 RasPppoe - ok
    19:35:51.0500 5324 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:35:51.0500 5324 Raspti - ok
    19:35:51.0515 5324 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:35:51.0515 5324 Rdbss - ok
    19:35:51.0531 5324 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:35:51.0531 5324 RDPCDD - ok
    19:35:51.0531 5324 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    19:35:51.0531 5324 rdpdr - ok
    19:35:51.0578 5324 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    19:35:51.0578 5324 RDPWD - ok
    19:35:51.0593 5324 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    19:35:51.0593 5324 RDSessMgr - ok
    19:35:51.0593 5324 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:35:51.0593 5324 redbook - ok
    19:35:51.0609 5324 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    19:35:51.0609 5324 RemoteAccess - ok
    19:35:51.0625 5324 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    19:35:51.0625 5324 RemoteRegistry - ok
    19:35:51.0656 5324 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    19:35:51.0656 5324 RpcLocator - ok
    19:35:51.0671 5324 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    19:35:51.0671 5324 RpcSs - ok
    19:35:51.0687 5324 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    19:35:51.0687 5324 RSVP - ok
    19:35:51.0703 5324 RTLE8023xp (0c57c0f776361b155b00d245c99b41f6) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    19:35:51.0718 5324 RTLE8023xp - ok
    19:35:51.0734 5324 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    19:35:51.0734 5324 SamSs - ok
    19:35:51.0796 5324 SASDIFSV (39763504067962108505bff25f024345) E:\Program Files\Superantispyware\SASDIFSV.SYS
    19:35:51.0796 5324 SASDIFSV - ok
    19:35:51.0812 5324 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) E:\Program Files\Superantispyware\SASKUTIL.SYS
    19:35:51.0812 5324 SASKUTIL - ok
    19:35:51.0828 5324 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    19:35:51.0828 5324 SCardSvr - ok
    19:35:51.0843 5324 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    19:35:51.0843 5324 Schedule - ok
    19:35:51.0859 5324 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:35:51.0859 5324 Secdrv - ok
    19:35:51.0875 5324 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    19:35:51.0875 5324 seclogon - ok
    19:35:51.0875 5324 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    19:35:51.0890 5324 SENS - ok
    19:35:51.0890 5324 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    19:35:51.0890 5324 serenum - ok
    19:35:51.0906 5324 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    19:35:51.0906 5324 Serial - ok
    19:35:51.0937 5324 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:35:51.0937 5324 Sfloppy - ok
    19:35:51.0968 5324 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    19:35:51.0968 5324 SharedAccess - ok
    19:35:51.0984 5324 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    19:35:51.0984 5324 ShellHWDetection - ok
    19:35:52.0000 5324 Simbad - ok
    19:35:52.0000 5324 Sparrow - ok
    19:35:52.0000 5324 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    19:35:52.0000 5324 splitter - ok
    19:35:52.0015 5324 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    19:35:52.0031 5324 Spooler - ok
    19:35:52.0031 5324 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    19:35:52.0031 5324 sr - ok
    19:35:52.0046 5324 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    19:35:52.0046 5324 srservice - ok
    19:35:52.0093 5324 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
    19:35:52.0093 5324 SRTSP - ok
    19:35:52.0109 5324 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
    19:35:52.0109 5324 SRTSPX - ok
    19:35:52.0125 5324 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    19:35:52.0125 5324 Srv - ok
    19:35:52.0140 5324 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    19:35:52.0140 5324 SSDPSRV - ok
    19:35:52.0156 5324 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    19:35:52.0171 5324 stisvc - ok
    19:35:52.0171 5324 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:35:52.0171 5324 swenum - ok
    19:35:52.0187 5324 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    19:35:52.0187 5324 swmidi - ok
    19:35:52.0203 5324 SwPrv - ok
    19:35:52.0203 5324 symc810 - ok
    19:35:52.0218 5324 symc8xx - ok
    19:35:52.0234 5324 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
    19:35:52.0250 5324 SymDS - ok
    19:35:52.0265 5324 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
    19:35:52.0281 5324 SymEFA - ok
    19:35:52.0312 5324 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    19:35:52.0312 5324 SymEvent - ok
    19:35:52.0312 5324 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
    19:35:52.0328 5324 SymIRON - ok
    19:35:52.0359 5324 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
    19:35:52.0359 5324 SYMTDI - ok
    19:35:52.0359 5324 sym_hi - ok
    19:35:52.0359 5324 sym_u3 - ok
    19:35:52.0375 5324 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    19:35:52.0375 5324 sysaudio - ok
    19:35:52.0390 5324 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    19:35:52.0390 5324 SysmonLog - ok
    19:35:52.0406 5324 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    19:35:52.0406 5324 TapiSrv - ok
    19:35:52.0437 5324 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:35:52.0437 5324 Tcpip - ok
    19:35:52.0453 5324 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:35:52.0453 5324 TDPIPE - ok
    19:35:52.0468 5324 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    19:35:52.0468 5324 TDTCP - ok
    19:35:52.0484 5324 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:35:52.0500 5324 TermDD - ok
    19:35:52.0515 5324 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    19:35:52.0515 5324 TermService - ok
    19:35:52.0531 5324 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    19:35:52.0531 5324 Themes - ok
    19:35:52.0546 5324 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    19:35:52.0546 5324 TlntSvr - ok
    19:35:52.0546 5324 TosIde - ok
    19:35:52.0562 5324 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    19:35:52.0562 5324 TrkWks - ok
    19:35:52.0578 5324 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    19:35:52.0593 5324 Udfs - ok
    19:35:52.0593 5324 ultra - ok
    19:35:52.0625 5324 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    19:35:52.0625 5324 Update - ok
    19:35:52.0640 5324 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    19:35:52.0640 5324 upnphost - ok
    19:35:52.0656 5324 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    19:35:52.0656 5324 UPS - ok
    19:35:52.0687 5324 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    19:35:52.0687 5324 usbaudio - ok
    19:35:52.0703 5324 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    19:35:52.0703 5324 usbccgp - ok
    19:35:52.0734 5324 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:35:52.0734 5324 usbehci - ok
    19:35:52.0750 5324 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:35:52.0750 5324 usbhub - ok
    19:35:52.0765 5324 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    19:35:52.0765 5324 usbscan - ok
    19:35:52.0796 5324 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:35:52.0812 5324 USBSTOR - ok
    19:35:52.0812 5324 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    19:35:52.0812 5324 usbuhci - ok
    19:35:52.0828 5324 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    19:35:52.0828 5324 VgaSave - ok
    19:35:52.0828 5324 ViaIde - ok
    19:35:52.0843 5324 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    19:35:52.0843 5324 VolSnap - ok
    19:35:52.0859 5324 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    19:35:52.0859 5324 VSS - ok
    19:35:52.0875 5324 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    19:35:52.0890 5324 W32Time - ok
    19:35:52.0890 5324 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:35:52.0906 5324 Wanarp - ok
    19:35:52.0937 5324 WDICA - ok
    19:35:52.0953 5324 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    19:35:52.0953 5324 wdmaud - ok
    19:35:52.0968 5324 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    19:35:52.0968 5324 WebClient - ok
    19:35:52.0984 5324 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    19:35:52.0984 5324 winmgmt - ok
    19:35:53.0031 5324 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:35:53.0046 5324 wlidsvc - ok
    19:35:53.0062 5324 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
    19:35:53.0062 5324 WmdmPmSN - ok
    19:35:53.0093 5324 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    19:35:53.0109 5324 Wmi - ok
    19:35:53.0125 5324 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    19:35:53.0125 5324 WmiApSrv - ok
    19:35:53.0156 5324 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
    19:35:53.0171 5324 WMPNetworkSvc - ok
    19:35:53.0187 5324 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    19:35:53.0187 5324 WS2IFSL - ok
    19:35:53.0203 5324 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    19:35:53.0203 5324 wscsvc - ok
    19:35:53.0218 5324 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    19:35:53.0218 5324 wuauserv - ok
    19:35:53.0234 5324 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    19:35:53.0250 5324 WudfPf - ok
    19:35:53.0265 5324 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    19:35:53.0265 5324 WudfRd - ok
    19:35:53.0281 5324 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    19:35:53.0281 5324 WudfSvc - ok
    19:35:53.0296 5324 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    19:35:53.0312 5324 WZCSVC - ok
    19:35:53.0328 5324 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    19:35:53.0359 5324 xmlprov - ok
    19:35:53.0359 5324 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    19:35:53.0453 5324 \Device\Harddisk1\DR1 - ok
    19:35:53.0468 5324 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
    19:35:53.0484 5324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    19:35:53.0484 5324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    19:35:53.0484 5324 Boot (0x1200) (40187c2e09d553f91f831c3d8044e358) \Device\Harddisk1\DR1\Partition0
    19:35:53.0484 5324 \Device\Harddisk1\DR1\Partition0 - ok
    19:35:53.0515 5324 Boot (0x1200) (2b4647d153054b765651f6ed5700f4c7) \Device\Harddisk0\DR0\Partition0
    19:35:53.0515 5324 \Device\Harddisk0\DR0\Partition0 - ok
    19:35:53.0531 5324 Boot (0x1200) (873a3bb05cdfae269ee4ecfd21cd7d33) \Device\Harddisk0\DR0\Partition1
    19:35:53.0531 5324 \Device\Harddisk0\DR0\Partition1 - ok
    19:35:53.0531 5324 ============================================================
    19:35:53.0531 5324 Scan finished
    19:35:53.0531 5324 ============================================================
    19:35:53.0531 5316 Detected object count: 1
    19:35:53.0531 5316 Actual detected object count: 1
    19:36:05.0937 5316 \Device\Harddisk0\DR0\# - copied to quarantine
    19:36:05.0937 5316 \Device\Harddisk0\DR0 - copied to quarantine
    19:36:06.0015 5316 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    19:36:06.0015 5316 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    19:36:06.0015 5316 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    19:36:06.0031 5316 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    19:36:06.0031 5316 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    19:36:06.0031 5316 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    19:36:06.0046 5316 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    19:36:06.0046 5316 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    19:36:06.0046 5316 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    19:36:06.0078 5316 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    19:36:06.0078 5316 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    19:36:06.0078 5316 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    19:36:06.0078 5316 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    19:36:06.0078 5316 \Device\Harddisk0\DR0 - ok
    19:36:12.0203 5316 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    19:36:14.0890 4672 Deinitialize success
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,830
    next
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  6. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,629
    "Cleaning" the registry is NEVER a good thing to do. The end result of doing that can be a damaged Windows operating system and some programs that no longer work and unexpected error/warning mesages and overall havoc with your computer.

    Avoid using cleaner/optimizer/booster/tuneup type programs, no matter what they claim they can do.

    ------------------------------------------------------------------
     
  7. Remiel

    Remiel Thread Starter

    Joined:
    Mar 24, 2012
    Messages:
    3
    The problem seems to have been solved, from what I can tell. Thank you both for your assistance.

    ComboFix Log:

    ComboFix 12-03-22.01 - Adam 03/25/2012 12:28:53.3.8 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2682 [GMT -7:00]
    Running from: c:\documents and settings\Adam\Desktop\username123.exe
    AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-25 02:36 . 2012-03-25 02:36 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-25 02:23 . 2012-03-25 02:23 -------- d-----w- c:\documents and settings\Adam\Application Data\SUPERAntiSpyware.com
    2012-03-25 02:22 . 2012-03-25 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-03-25 02:19 . 2012-03-25 02:19 -------- d-----w- c:\program files\Common Files\Java
    2012-03-25 02:19 . 2012-03-25 02:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-03-25 02:19 . 2012-03-25 02:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-25 02:19 . 2012-03-25 02:19 -------- d-----w- c:\program files\Java
    2012-03-24 02:37 . 2012-03-24 06:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-15 03:40 . 2012-03-15 19:19 -------- d-----w- C:\sh4ldr
    2012-03-15 03:40 . 2012-03-15 03:40 -------- d-----w- c:\program files\Enigma Software Group
    2012-03-15 03:39 . 2012-03-15 19:19 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
    2012-03-15 03:34 . 2012-03-15 03:34 -------- d-----w- c:\program files\Real
    2012-03-15 03:34 . 2012-03-15 03:34 -------- d-----w- c:\program files\Common Files\xing shared
    2012-03-13 04:57 . 2012-03-13 04:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-15 03:34 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-03-15 03:34 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-03-14 04:15 . 2010-02-07 04:26 16608 ----a-w- c:\windows\gdrv.sys
    2012-02-03 09:22 . 2008-04-14 08:00 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-11 19:06 . 2012-02-15 06:29 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20 . 2010-02-06 23:39 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2009-05-17 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-24_01.28.05 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-25 18:16 . 2012-03-25 18:16 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat
    + 2012-03-25 18:14 . 2012-03-25 18:14 16384 c:\windows\Temp\Perflib_Perfdata_24c.dat
    + 2012-03-24 02:37 . 2012-03-24 02:37 250528 c:\windows\system32\Macromed\Flash\FlashUtil11g_Plugin.exe
    - 2012-03-14 04:27 . 2012-03-14 04:27 250528 c:\windows\system32\Macromed\Flash\FlashUtil11g_Plugin.exe
    + 2012-03-24 06:49 . 2012-03-24 06:49 250528 c:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
    + 2012-03-24 06:49 . 2012-03-24 06:49 335520 c:\windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.dll
    + 2012-03-25 02:19 . 2012-03-25 02:19 157472 c:\windows\system32\javaws.exe
    + 2012-03-25 02:19 . 2012-03-25 02:19 149280 c:\windows\system32\javaw.exe
    + 2012-03-25 02:19 . 2012-03-25 02:19 149280 c:\windows\system32\java.exe
    - 2010-02-06 15:31 . 2012-02-15 11:19 145216 c:\windows\system32\FNTCACHE.DAT
    + 2010-02-06 15:31 . 2012-03-25 18:14 145216 c:\windows\system32\FNTCACHE.DAT
    + 2010-02-06 23:39 . 2012-01-09 16:20 139784 c:\windows\system32\dllcache\rdpwd.sys
    + 2012-03-25 02:19 . 2012-03-25 02:19 203776 c:\windows\Installer\1d8ec72.msi
    + 2012-03-25 02:19 . 2012-03-25 02:19 902656 c:\windows\Installer\1d8ec6b.msi
    + 2012-03-24 02:37 . 2012-03-24 02:37 8527520 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    - 2009-10-28 03:40 . 2012-03-14 04:27 8527520 c:\windows\system32\Macromed\Flash\NPSWF32.dll
    + 2008-04-14 08:00 . 2012-02-03 09:22 1860096 c:\windows\system32\dllcache\win32k.sys
    + 2012-03-24 02:30 . 2012-03-24 02:30 3947520 c:\windows\Installer\1abda43.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="e:\program files\Steam\Steam.exe" [2011-08-02 1242448]
    "SUPERAntiSpyware"="e:\program files\Superantispyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-08 13680640]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-08 86016]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
    "HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    "iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "TkBellExe"="e:\program files\update\realsched.exe" [2012-03-15 296056]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-11-5 113664]
    Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\program files\Superantispyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- e:\program files\Superantispyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    = [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    2008-06-19 08:42 2808832 ------r- c:\windows\alcwzrd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2009-03-08 08:37 1657376 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2008-07-23 08:51 16804864 ------r- c:\windows\RTHDCPL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2008-06-18 10:01 77824 ----a-r- c:\windows\SoundMan.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "e:\\Program Files\\Steam\\Steam.exe"=
    "e:\\Civ 4\\Civilization4.exe"=
    "e:\\Civ 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
    "e:\\Civ 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
    "d:\\Program Files\\EA GAMES\\Command and Conquer Generals\\game.dat"=
    "e:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
    "e:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
    "e:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "e:\\Program Files\\Trillian\\trillian.exe"=
    "e:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "e:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\CivilizationV.exe"=
    "e:\\Program Files\\StarCraft II\\Versions\\Base16605\\SC2.exe"=
    "e:\\games\\Dragon Age\\bin_ship\\daorigins.exe"=
    "e:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "e:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
    "e:\\Program Files\\iTunes\\iTunes.exe"=
    "e:\\Program Files\\ApexDC++\\ApexDC.exe"=
    "e:\\Program Files\\Microsoft Games\\Age of Empires Online\\Spartan.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\kings bounty armored princess\\kb.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\mass effect\\Binaries\\MassEffect.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
    "e:\\Program Files\\Steam\\steamapps\\common\\tales of monkey island - chapter 1\\MonkeyIsland101.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\tales of monkey island - chapter 2\\MonkeyIsland102.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\tales of monkey island - chapter 3\\MonkeyIsland103.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\tales of monkey island - chapter 4\\MonkeyIsland104.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\tales of monkey island - chapter 5\\MonkeyIsland105.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\the secret of monkey island special edition\\MISE.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\monkey2\\Monkey2.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\amnesia the dark descent\\Launcher.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\disciples 3\\DisciplesIII.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\disciples iii resurrection\\DisciplesIII.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization v\\Launcher.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
    "e:\\Program Files\\Steam\\steamapps\\common\\skyrim\\SkyrimLauncher.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [1/30/2012 10:31 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [1/30/2012 10:31 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [3/20/2012 10:47 AM 820856]
    R1 SASDIFSV;SASDIFSV;e:\program files\Superantispyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;e:\program files\Superantispyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [1/30/2012 10:31 PM 136312]
    R2 !SASCORE;SAS Core Service;e:\program files\Superantispyware\SASCore.exe [8/11/2011 4:38 PM 116608]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.0.13\ccsvchst.exe [1/30/2012 10:31 PM 130008]
    R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [4/11/2010 2:08 PM 18864]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 9:25 PM 106104]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120323.002\IDSXpx86.sys [3/23/2012 3:40 PM 356280]
    S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
    .
    2012-03-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-527237240-1801674531-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-31 00:45]
    .
    2012-03-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-527237240-1801674531-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-31 00:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\documents and settings\Adam\Application Data\Mozilla\Firefox\Profiles\2t562kkq.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-ccleaner - c:\program files\CCleaner\CCleaner.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-25 12:33
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(836)
    e:\program files\Superantispyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(2676)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-03-25 12:35:06
    ComboFix-quarantined-files.txt 2012-03-25 19:35
    ComboFix2.txt 2012-03-24 02:17
    ComboFix3.txt 2012-03-24 01:33
    .
    Pre-Run: 14,904,602,624 bytes free
    Post-Run: 15,052,201,984 bytes free
    .
    - - End Of File - - 4DB781DD2441D8EAE80049E68B20F224
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,830
    if it is cured then

    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer and update whatever it suggests

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1046450