View Full Version : search engine redirect issue
Enuf2BDangerous
2012-07-31, 04:17
The computer is infected with a search engine redirect when performing a search the results appear as expected but when clicking on the results a different website loads.
My son ran Microsoft security and it found and removed (?) Win32/Alureon.FO and JS/FakePAV. he then installed Spybot and it found something else but the problem still occurs.
DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Owner at 20:38:20 on 2012-07-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.716 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GoZone\GoZone_iSync.exe
C:\Program Files\ActiHealth\AHClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web
printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1
runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1
runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web
printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web
printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\networ~1.lnk - c:\program files\actihealth\AHClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital
imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital
imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ecommunity.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {086EA26E-CCE0-11D5-A801-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverainst.cab
DPF: {16EA5913-C33B-11D5-A7F9-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soveractl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://chnsslvpn.ecommunity.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343054564421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://ecomkron.ecommunity.com/InternalSite/WhlCompMgr.cab
DPF: {A9983B43-CE52-11CF-AE75-00A0248802BA} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/viewer.cab
DPF: {C09F02C3-0DEC-4C44-A098-E7D4437C750C} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverahim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D} : NameServer = 192.168.1.1,192.168.15.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\x4tq2xv2.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 171064]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe
[2012-7-2 913792]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-1-19 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update
Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
S3 DMService;Whale Component Manager;c:\windows\downlo~1\DMService.exe [2011-10-18 428184]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe
[2012-6-8 113120]
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2012-3-2
122752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2012-07-30 22:47:30 -------- d-----w- c:\program files\iPod
2012-07-30 22:47:24 -------- d-----w- c:\program files\iTunes
2012-07-30 01:04:58 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft
antimalware\definition updates\{d24518ee-3c6c-493e-9a0a-d571d9acef6a}\mpengine.dll
2012-07-29 06:29:45 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft
antimalware\definition updates\backup\mpengine.dll
2012-07-25 00:25:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-25 00:25:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search
& Destroy
2012-07-02 23:20:53 -------- d-----w- c:\windows\system32\winrm
2012-07-02 23:20:53 -------- d-----w- c:\windows\system32\GroupPolicy
2012-07-02 23:20:44 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2012-07-02 23:17:24 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-02 23:06:00 -------- d-----w- c:\documents and settings\all users\application data\IObit
2012-07-02 23:05:46 -------- d-----w- c:\documents and settings\owner\application data\IObit
2012-07-02 23:05:34 -------- d-----w- c:\program files\IObit
2012-07-02 22:36:13 26176 ---ha-w- c:\windows\system32\hamachi.sys
.
==================== Find3M ====================
.
2012-07-28 19:41:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-28 19:41:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250318AS rev.CC38 -> Harddisk0\DR0 -> \Device\00000032
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A0BC4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a0c393c]; MOV EAX, [0x8a0c3ab0]; PUSH EBX; PUSH
ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x8A467AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\00000067[0x8A46EF18]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EE140] -> [0x8A46D030]
\Driver\nvata[0x8A0F03D0] -> IRP_MJ_CREATE -> 0x8A0BC4B1
error: Read The system cannot find the file specified.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b;
PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000066 ->
\??\IDE#DiskST3250318AS_____________________________CC38____#202020202020202020202020563933594D505739#{53f56307-b6bf-11d0-94
f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 20:40:26.79 ===============
aswMBR Log:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 20:43:45
-----------------------------
20:43:45.703 OS Version: Windows 5.1.2600 Service Pack 3
20:43:45.703 Number of processors: 1 586 0x5F02
20:43:45.703 ComputerName: ACERPOWER UserName: Owner
20:43:46.234 Initialize success
20:45:58.796 AVAST engine defs: 12073100
20:48:06.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
20:48:06.140 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3
20:48:06.140 Device \Device\00000066 -> \??\IDE#DiskST3250318AS_____________________________CC38____#202020202020202020202020563933594D505739#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
20:48:06.140 Disk 0 MBR read error 0
20:48:06.140 Disk 0 MBR scan
20:48:06.171 Disk 0 unknown MBR code
20:48:06.171 MBR BIOS signature not found 0
20:48:06.187 Disk 0 scanning sectors +488376000
20:48:06.234 Disk 0 scanning C:\WINDOWS\system32\drivers
20:48:21.343 Service scanning
20:48:33.515 Service MpKsl69f3d489 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D24518EE-3C6C-493E-9A0A-D571D9ACEF6A}\MpKsl69f3d489.sys **LOCKED** 32
20:48:47.593 Modules scanning
20:48:51.671 Disk 0 trace - called modules:
20:48:51.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a0bc4b1]<<
20:48:51.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a467ab8]
20:48:51.671 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a46ef18]
20:48:51.687 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> [0x8a46d030]
20:48:51.687 \Driver\nvata[0x8a0f03d0] -> IRP_MJ_CREATE -> 0x8a0bc4b1
20:48:52.203 AVAST engine scan C:\WINDOWS
20:49:00.859 AVAST engine scan C:\WINDOWS\system32
20:53:39.578 AVAST engine scan C:\WINDOWS\system32\drivers
20:54:03.156 AVAST engine scan C:\Documents and Settings\Owner
20:54:42.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
20:54:42.578 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Hopefully I followed the directions this time. Thanks for your help.
Hi,
Disable word wrap in notepad (that will make logs easier to read). Then run DDS again and post back its logs contents.
Enuf2BDangerous
2012-08-04, 02:03
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Owner at 18:58:08 on 2012-08-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.722 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GoZone\GoZone_iSync.exe
C:\Program Files\ActiHealth\AHClient.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\networ~1.lnk - c:\program files\actihealth\AHClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ecommunity.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {086EA26E-CCE0-11D5-A801-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverainst.cab
DPF: {16EA5913-C33B-11D5-A7F9-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soveractl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://chnsslvpn.ecommunity.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343054564421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://ecomkron.ecommunity.com/InternalSite/WhlCompMgr.cab
DPF: {A9983B43-CE52-11CF-AE75-00A0248802BA} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/viewer.cab
DPF: {C09F02C3-0DEC-4C44-A098-E7D4437C750C} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverahim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D} : NameServer = 192.168.1.1,192.168.15.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\x4tq2xv2.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 171064]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-7-2 913792]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-1-19 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
S3 DMService;Whale Component Manager;c:\windows\downlo~1\DMService.exe [2011-10-18 428184]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-8 113120]
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2012-3-2 122752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2012-08-03 13:31:53 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6a6cffc0-273b-4ca3-a55f-84bc567aadcc}\mpengine.dll
2012-08-02 11:28:13 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-30 22:47:30 -------- d-----w- c:\program files\iPod
2012-07-30 22:47:24 -------- d-----w- c:\program files\iTunes
2012-07-25 00:25:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-25 00:25:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-08-03 07:41:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 07:41:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 14:48:10 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250318AS rev.CC38 -> Harddisk0\DR0 -> \Device\00000032
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89ACD4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89ad493c]; MOV EAX, [0x89ad4ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x8A467AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\00000067[0x8A46EF18]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EE140] -> [0x8A46D030]
\Driver\nvata[0x89C4E2D0] -> IRP_MJ_CREATE -> 0x89ACD4B1
error: Read The system cannot find the file specified.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000066 -> \??\IDE#DiskST3250318AS_____________________________CC38____#202020202020202020202020563933594D505739#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:59:04.64 ===============
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Enuf2BDangerous
2012-08-04, 17:48
ComboFix 12-08-04.02 - Owner 08/04/2012 10:19:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.915 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 13:31 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B3BD860E-635C-4CDA-8D6D-0CBA709B5654}\mpengine.dll
2012-08-03 13:31 . 2012-06-29 08:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-30 22:47 . 2012-07-30 22:47 -------- d-----w- c:\program files\iPod
2012-07-30 22:47 . 2012-07-30 22:48 -------- d-----w- c:\program files\iTunes
2012-07-30 00:53 . 2012-07-30 00:54 -------- d-----w- c:\program files\ERUNT
2012-07-25 00:25 . 2012-07-25 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-25 00:25 . 2012-07-25 00:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-24 19:25 . 2012-07-24 19:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2012-07-23 15:02 . 2012-07-23 15:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 07:41 . 2012-04-07 17:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 07:41 . 2011-08-23 11:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2009-08-07 00:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-01-19 21:36 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-01-19 21:36 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2010-01-19 21:36 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2010-01-19 21:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2010-01-19 21:36 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-01-19 21:36 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-01-19 21:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-01-20 17:47 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-01-20 17:47 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 14:48 . 2012-07-02 23:17 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-06-19 06:29 . 2011-05-05 03:36 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-19 16206848]
"SkyTel"="SkyTel.EXE" [2010-01-19 1448960]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2011-5-28 431608]
Network Client.lnk - c:\program files\ActiHealth\AHClient.exe [2012-5-23 10141672]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [7/2/2012 7:05 PM 913792]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 4:39 PM 427192]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [1/19/2010 5:53 PM 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 1:01 PM 250056]
S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [10/18/2011 9:12 PM 428184]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/8/2012 11:57 PM 113120]
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [3/2/2012 8:19 PM 122752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 07:41]
.
2012-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1844823847-682003330-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 00:34]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1844823847-682003330-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-14 00:34]
.
2012-08-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: ecommunity.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D}: NameServer = 192.168.1.1,192.168.15.1
DPF: {086EA26E-CCE0-11D5-A801-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverainst.cab
DPF: {16EA5913-C33B-11D5-A7F9-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soveractl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://chnsslvpn.ecommunity.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {A9983B43-CE52-11CF-AE75-00A0248802BA} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/viewer.cab
DPF: {C09F02C3-0DEC-4C44-A098-E7D4437C750C} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverahim.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\x4tq2xv2.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-04 10:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250318AS rev.CC38 -> Harddisk0\DR0 -> \Device\00000032
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89B6B4B1]<<
c:\docume~1\Owner\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89b7293c]; MOV EAX, [0x89b72ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x8A467AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\00000067[0x8A46EF18]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EE140] -> [0x8A46D030]
\Driver\nvata[0x89C6F2A8] -> IRP_MJ_CREATE -> 0x89B6B4B1
error: Read The system cannot find the file specified.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000066 -> \??\IDE#DiskST3250318AS_____________________________CC38____#202020202020202020202020563933594D505739#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
Completion time: 2012-08-04 10:27:15
ComboFix-quarantined-files.txt 2012-08-04 14:27
.
Pre-Run: 206,629,318,656 bytes free
Post-Run: 207,328,763,904 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B1BDD1A657EE7A01C32A55BFE8013427
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Owner at 10:33:07 on 2012-08-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.528 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GoZone\GoZone_iSync.exe
C:\Program Files\ActiHealth\AHClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\Install\{E05051D8-8225-4288-8A98-B52FA985D168}\21.0.1180.60_20.0.1132.57_chrome_updater.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\CR_AC5E1.tmp\setup.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\networ~1.lnk - c:\program files\actihealth\AHClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ecommunity.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {086EA26E-CCE0-11D5-A801-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverainst.cab
DPF: {16EA5913-C33B-11D5-A7F9-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soveractl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://chnsslvpn.ecommunity.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343054564421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://ecomkron.ecommunity.com/InternalSite/WhlCompMgr.cab
DPF: {A9983B43-CE52-11CF-AE75-00A0248802BA} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/viewer.cab
DPF: {C09F02C3-0DEC-4C44-A098-E7D4437C750C} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverahim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D} : NameServer = 192.168.1.1,192.168.15.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\x4tq2xv2.default\
FF - prefs.js: network.proxy.type - 4
.
============= SERVICES / DRIVERS ===============
.
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-1-19 20160]
.
=============== Created Last 30 ================
.
2012-08-04 14:28:15 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{114383ba-626b-4d65-b9b2-c66ee48f1e65}\mpengine.dll
2012-08-04 14:18:26 -------- d-sha-r- C:\cmdcons
2012-08-04 14:16:30 98816 ----a-w- c:\windows\sed.exe
2012-08-04 14:16:30 518144 ----a-w- c:\windows\SWREG.exe
2012-08-04 14:16:30 256000 ----a-w- c:\windows\PEV.exe
2012-08-04 14:16:30 208896 ----a-w- c:\windows\MBR.exe
2012-08-03 13:31:53 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-30 22:47:30 -------- d-----w- c:\program files\iPod
2012-07-30 22:47:24 -------- d-----w- c:\program files\iTunes
2012-07-25 00:25:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-25 00:25:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-08-03 07:41:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 07:41:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 14:48:10 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3250318AS rev.CC38 -> Harddisk0\DR0 -> \Device\00000032
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89B6B4B1]<<
c:\docume~1\owner\locals~1\temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89b7293c]; MOV EAX, [0x89b72ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\Harddisk0\DR0[0x8A467AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE140] -> \Device\00000067[0x8A46EF18]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EE140] -> [0x8A46D030]
\Driver\nvata[0x89C6F2A8] -> IRP_MJ_CREATE -> 0x89B6B4B1
error: Read The system cannot find the file specified.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000066 -> \??\IDE#DiskST3250318AS_____________________________CC38____#202020202020202020202020563933594D505739#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 10:34:59.45 ===============
Blade 81,
Here are the results. I turned on the anti virus before I run DDS.SCR hope that's ok. if not I'll run it again with it off. Thank you for all your help with this. Let me know what you find from these reports. PS thanks for your patience.
Enuf
Thanks for the logs. Let's continue :)
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
Enuf2BDangerous
2012-08-04, 22:40
15:31:06.0107 3228 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:31:06.0436 3228 ============================================================
15:31:06.0436 3228 Current date / time: 2012/08/04 15:31:06.0436
15:31:06.0436 3228 SystemInfo:
15:31:06.0436 3228
15:31:06.0436 3228 OS Version: 5.1.2600 ServicePack: 3.0
15:31:06.0436 3228 Product type: Workstation
15:31:06.0436 3228 ComputerName: ACERPOWER
15:31:06.0436 3228 UserName: Owner
15:31:06.0436 3228 Windows directory: C:\WINDOWS
15:31:06.0436 3228 System windows directory: C:\WINDOWS
15:31:06.0436 3228 Processor architecture: Intel x86
15:31:06.0436 3228 Number of processors: 1
15:31:06.0436 3228 Page size: 0x1000
15:31:06.0436 3228 Boot type: Normal boot
15:31:06.0436 3228 ============================================================
15:31:07.0279 3228 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:31:07.0279 3228 ============================================================
15:31:07.0279 3228 \Device\Harddisk0\DR0:
15:31:07.0279 3228 MBR partitions:
15:31:07.0279 3228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
15:31:07.0279 3228 ============================================================
15:31:07.0311 3228 C: <-> \Device\Harddisk0\DR0\Partition0
15:31:07.0311 3228 ============================================================
15:31:07.0311 3228 Initialize success
15:31:07.0311 3228 ============================================================
15:32:01.0232 1096 ============================================================
15:32:01.0232 1096 Scan started
15:32:01.0232 1096 Mode: Manual;
15:32:01.0232 1096 ============================================================
15:32:01.0389 1096 Abiosdsk - ok
15:32:01.0404 1096 abp480n5 - ok
15:32:01.0451 1096 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:32:01.0451 1096 ACPI - ok
15:32:01.0482 1096 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:32:01.0482 1096 ACPIEC - ok
15:32:01.0514 1096 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
15:32:01.0514 1096 ADM8511 - ok
15:32:01.0607 1096 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:32:01.0607 1096 AdobeFlashPlayerUpdateSvc - ok
15:32:01.0623 1096 adpu160m - ok
15:32:01.0717 1096 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
15:32:01.0732 1096 AdvancedSystemCareService5 - ok
15:32:01.0779 1096 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:32:01.0779 1096 aec - ok
15:32:01.0826 1096 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:32:01.0826 1096 AFD - ok
15:32:01.0842 1096 Aha154x - ok
15:32:01.0857 1096 aic78u2 - ok
15:32:01.0857 1096 aic78xx - ok
15:32:01.0904 1096 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:32:01.0904 1096 Alerter - ok
15:32:01.0920 1096 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:32:01.0936 1096 ALG - ok
15:32:01.0936 1096 AliIde - ok
15:32:01.0982 1096 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
15:32:01.0982 1096 AmdPPM - ok
15:32:01.0998 1096 amsint - ok
15:32:02.0092 1096 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:32:02.0092 1096 Apple Mobile Device - ok
15:32:02.0139 1096 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:32:02.0139 1096 AppMgmt - ok
15:32:02.0154 1096 asc - ok
15:32:02.0154 1096 asc3350p - ok
15:32:02.0170 1096 asc3550 - ok
15:32:02.0279 1096 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:32:02.0279 1096 aspnet_state - ok
15:32:02.0311 1096 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:32:02.0311 1096 AsyncMac - ok
15:32:02.0326 1096 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:32:02.0326 1096 atapi - ok
15:32:02.0342 1096 Atdisk - ok
15:32:02.0389 1096 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:32:02.0389 1096 Atmarpc - ok
15:32:02.0420 1096 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:32:02.0420 1096 AudioSrv - ok
15:32:02.0467 1096 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:32:02.0467 1096 audstub - ok
15:32:02.0514 1096 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:32:02.0545 1096 BCM43XX - ok
15:32:02.0592 1096 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:32:02.0592 1096 Beep - ok
15:32:02.0639 1096 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:32:02.0717 1096 BITS - ok
15:32:02.0811 1096 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:32:02.0811 1096 Bonjour Service - ok
15:32:02.0857 1096 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
15:32:02.0857 1096 Bridge - ok
15:32:02.0857 1096 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
15:32:02.0857 1096 BridgeMP - ok
15:32:02.0889 1096 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:32:02.0889 1096 Browser - ok
15:32:02.0967 1096 catchme - ok
15:32:02.0998 1096 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:32:02.0998 1096 cbidf2k - ok
15:32:03.0029 1096 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:32:03.0045 1096 CCDECODE - ok
15:32:03.0061 1096 cd20xrnt - ok
15:32:03.0107 1096 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:32:03.0107 1096 Cdaudio - ok
15:32:03.0170 1096 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:32:03.0170 1096 Cdfs - ok
15:32:03.0186 1096 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:32:03.0186 1096 Cdrom - ok
15:32:03.0186 1096 Changer - ok
15:32:03.0217 1096 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:32:03.0217 1096 CiSvc - ok
15:32:03.0248 1096 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:32:03.0248 1096 ClipSrv - ok
15:32:03.0357 1096 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:32:03.0357 1096 clr_optimization_v2.0.50727_32 - ok
15:32:03.0373 1096 CmdIde - ok
15:32:03.0373 1096 COMSysApp - ok
15:32:03.0389 1096 Cpqarray - ok
15:32:03.0436 1096 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:32:03.0436 1096 CryptSvc - ok
15:32:03.0451 1096 dac2w2k - ok
15:32:03.0451 1096 dac960nt - ok
15:32:03.0498 1096 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:32:03.0514 1096 DcomLaunch - ok
15:32:03.0529 1096 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:32:03.0529 1096 Dhcp - ok
15:32:03.0545 1096 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:32:03.0545 1096 Disk - ok
15:32:03.0545 1096 dmadmin - ok
15:32:03.0592 1096 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:32:03.0607 1096 dmboot - ok
15:32:03.0623 1096 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:32:03.0623 1096 dmio - ok
15:32:03.0639 1096 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:32:03.0654 1096 dmload - ok
15:32:03.0686 1096 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:32:03.0686 1096 dmserver - ok
15:32:03.0764 1096 DMService (854127e348ed4d6b0d8a11e32d6b9030) C:\WINDOWS\DOWNLO~1\DMService.exe
15:32:03.0779 1096 DMService - ok
15:32:03.0826 1096 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:32:03.0826 1096 DMusic - ok
15:32:03.0857 1096 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:32:03.0857 1096 Dnscache - ok
15:32:03.0889 1096 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:32:03.0904 1096 Dot3svc - ok
15:32:03.0936 1096 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:32:03.0967 1096 dot4 - ok
15:32:03.0982 1096 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:32:03.0998 1096 Dot4Print - ok
15:32:04.0014 1096 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
15:32:04.0029 1096 dot4usb - ok
15:32:04.0045 1096 dpti2o - ok
15:32:04.0076 1096 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:32:04.0076 1096 drmkaud - ok
15:32:04.0123 1096 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:32:04.0123 1096 EapHost - ok
15:32:04.0139 1096 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:32:04.0139 1096 ERSvc - ok
15:32:04.0186 1096 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:32:04.0186 1096 Eventlog - ok
15:32:04.0232 1096 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:32:04.0232 1096 EventSystem - ok
15:32:04.0279 1096 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:32:04.0279 1096 Fastfat - ok
15:32:04.0326 1096 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:32:04.0342 1096 FastUserSwitchingCompatibility - ok
15:32:04.0373 1096 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:32:04.0373 1096 Fdc - ok
15:32:04.0389 1096 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:32:04.0389 1096 Fips - ok
15:32:04.0404 1096 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:32:04.0404 1096 Flpydisk - ok
15:32:04.0451 1096 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:32:04.0451 1096 FltMgr - ok
15:32:04.0592 1096 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:32:04.0592 1096 FontCache3.0.0.0 - ok
15:32:04.0623 1096 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:32:04.0623 1096 Fs_Rec - ok
15:32:04.0639 1096 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:32:04.0639 1096 Ftdisk - ok
15:32:04.0686 1096 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:32:04.0686 1096 GEARAspiWDM - ok
15:32:04.0701 1096 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:32:04.0701 1096 Gpc - ok
15:32:04.0748 1096 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:32:04.0748 1096 hamachi - ok
15:32:04.0795 1096 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:32:04.0795 1096 HDAudBus - ok
15:32:04.0873 1096 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:32:04.0873 1096 helpsvc - ok
15:32:04.0920 1096 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:32:04.0936 1096 HidServ - ok
15:32:04.0967 1096 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:32:04.0967 1096 hidusb - ok
15:32:04.0998 1096 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:32:05.0014 1096 hkmsvc - ok
15:32:05.0014 1096 hpn - ok
15:32:05.0139 1096 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:32:05.0139 1096 hpqcxs08 - ok
15:32:05.0186 1096 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:32:05.0186 1096 hpqddsvc - ok
15:32:05.0217 1096 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:32:05.0232 1096 HPSLPSVC - ok
15:32:05.0264 1096 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:32:05.0264 1096 HPZid412 - ok
15:32:05.0295 1096 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:32:05.0295 1096 HPZipr12 - ok
15:32:05.0311 1096 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:32:05.0311 1096 HPZius12 - ok
15:32:05.0357 1096 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:32:05.0357 1096 HTTP - ok
15:32:05.0404 1096 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:32:05.0404 1096 HTTPFilter - ok
15:32:05.0420 1096 i2omgmt - ok
15:32:05.0420 1096 i2omp - ok
15:32:05.0482 1096 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
15:32:05.0482 1096 i8042prt - ok
15:32:05.0623 1096 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:32:05.0639 1096 idsvc - ok
15:32:05.0686 1096 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:32:05.0686 1096 Imapi - ok
15:32:05.0701 1096 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:32:05.0701 1096 ImapiService - ok
15:32:05.0717 1096 ini910u - ok
15:32:05.0842 1096 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:32:05.0873 1096 IntcAzAudAddService - ok
15:32:05.0936 1096 IntelIde - ok
15:32:05.0967 1096 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:32:05.0967 1096 Ip6Fw - ok
15:32:06.0014 1096 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:32:06.0014 1096 IpFilterDriver - ok
15:32:06.0014 1096 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:32:06.0014 1096 IpInIp - ok
15:32:06.0061 1096 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:32:06.0061 1096 IpNat - ok
15:32:06.0154 1096 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
15:32:06.0170 1096 iPod Service - ok
15:32:06.0201 1096 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:32:06.0217 1096 IPSec - ok
15:32:06.0248 1096 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:32:06.0248 1096 IRENUM - ok
15:32:06.0279 1096 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:32:06.0295 1096 isapnp - ok
15:32:06.0342 1096 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15:32:06.0342 1096 JavaQuickStarterService - ok
15:32:06.0357 1096 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:32:06.0357 1096 Kbdclass - ok
15:32:06.0373 1096 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:32:06.0373 1096 kbdhid - ok
15:32:06.0420 1096 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:32:06.0420 1096 kmixer - ok
15:32:06.0467 1096 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:32:06.0467 1096 KSecDD - ok
15:32:06.0529 1096 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:32:06.0529 1096 LanmanServer - ok
15:32:06.0576 1096 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:32:06.0576 1096 lanmanworkstation - ok
15:32:06.0592 1096 lbrtfdc - ok
15:32:06.0654 1096 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:32:06.0654 1096 LmHosts - ok
15:32:06.0654 1096 mcdbus - ok
15:32:06.0686 1096 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:32:06.0686 1096 Messenger - ok
15:32:06.0732 1096 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:32:06.0732 1096 mnmdd - ok
15:32:06.0764 1096 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:32:06.0764 1096 mnmsrvc - ok
15:32:06.0795 1096 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:32:06.0795 1096 Modem - ok
15:32:06.0826 1096 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:32:06.0826 1096 Mouclass - ok
15:32:06.0857 1096 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:32:06.0857 1096 mouhid - ok
15:32:06.0904 1096 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:32:06.0904 1096 MountMgr - ok
15:32:06.0951 1096 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:32:06.0967 1096 MozillaMaintenance - ok
15:32:06.0998 1096 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
15:32:06.0998 1096 MpFilter - ok
15:32:07.0092 1096 MpKsla2b33500 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{114383BA-626B-4D65-B9B2-C66EE48F1E65}\MpKsla2b33500.sys
15:32:07.0092 1096 MpKsla2b33500 - ok
15:32:07.0092 1096 mraid35x - ok
15:32:07.0123 1096 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:32:07.0139 1096 MRxDAV - ok
15:32:07.0232 1096 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:32:07.0232 1096 MRxSmb - ok
15:32:07.0264 1096 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:32:07.0264 1096 MSDTC - ok
15:32:07.0279 1096 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:32:07.0279 1096 Msfs - ok
15:32:07.0295 1096 MSIServer - ok
15:32:07.0342 1096 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:32:07.0342 1096 MSKSSRV - ok
15:32:07.0420 1096 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:32:07.0420 1096 MsMpSvc - ok
15:32:07.0451 1096 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:32:07.0451 1096 MSPCLOCK - ok
15:32:07.0482 1096 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:32:07.0482 1096 MSPQM - ok
15:32:07.0514 1096 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:32:07.0514 1096 mssmbios - ok
15:32:07.0561 1096 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:32:07.0561 1096 MSTEE - ok
15:32:07.0607 1096 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:32:07.0607 1096 Mup - ok
15:32:07.0654 1096 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:32:07.0686 1096 NABTSFEC - ok
15:32:07.0701 1096 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:32:07.0717 1096 napagent - ok
15:32:07.0748 1096 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:32:07.0748 1096 NDIS - ok
15:32:07.0795 1096 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:32:07.0826 1096 NdisIP - ok
15:32:07.0857 1096 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:32:07.0857 1096 NdisTapi - ok
15:32:07.0904 1096 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:32:07.0904 1096 Ndisuio - ok
15:32:07.0920 1096 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:32:07.0920 1096 NdisWan - ok
15:32:07.0967 1096 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:32:07.0967 1096 NDProxy - ok
15:32:08.0014 1096 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\WINDOWS\system32\HPZinw12.dll
15:32:08.0014 1096 Net Driver HPZ12 - ok
15:32:08.0061 1096 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:32:08.0061 1096 NetBIOS - ok
15:32:08.0107 1096 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:32:08.0107 1096 NetBT - ok
15:32:08.0139 1096 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:32:08.0139 1096 NetDDE - ok
15:32:08.0154 1096 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:32:08.0154 1096 NetDDEdsdm - ok
15:32:08.0186 1096 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:32:08.0186 1096 Netlogon - ok
15:32:08.0232 1096 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:32:08.0232 1096 Netman - ok
15:32:08.0357 1096 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:32:08.0357 1096 NetTcpPortSharing - ok
15:32:08.0389 1096 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:32:08.0389 1096 Nla - ok
15:32:08.0420 1096 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:32:08.0420 1096 Npfs - ok
15:32:08.0482 1096 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:32:08.0498 1096 Ntfs - ok
15:32:08.0498 1096 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:32:08.0498 1096 NtLmSsp - ok
15:32:08.0545 1096 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:32:08.0561 1096 NtmsSvc - ok
15:32:08.0607 1096 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:32:08.0607 1096 Null - ok
15:32:08.0811 1096 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:32:08.0982 1096 nv - ok
15:32:09.0076 1096 nvata (b7fb72492b753930ec70a0f49d04f12f) C:\WINDOWS\system32\DRIVERS\nvata.sys
15:32:09.0092 1096 nvata - ok
15:32:09.0123 1096 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
15:32:09.0139 1096 NVENETFD - ok
15:32:09.0186 1096 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
15:32:09.0186 1096 nvnetbus - ok
15:32:09.0201 1096 NVSvc (c0204c1a7a2d2433d48f49e4ecc09ab6) C:\WINDOWS\system32\nvsvc32.exe
15:32:09.0201 1096 NVSvc - ok
15:32:09.0248 1096 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:32:09.0248 1096 NwlnkFlt - ok
15:32:09.0248 1096 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:32:09.0248 1096 NwlnkFwd - ok
15:32:09.0326 1096 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:32:09.0326 1096 ose - ok
15:32:09.0389 1096 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:32:09.0389 1096 Parport - ok
15:32:09.0404 1096 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:32:09.0404 1096 PartMgr - ok
15:32:09.0451 1096 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:32:09.0451 1096 ParVdm - ok
15:32:09.0482 1096 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:32:09.0482 1096 PCI - ok
15:32:09.0482 1096 PCIDump - ok
15:32:09.0498 1096 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:32:09.0498 1096 PCIIde - ok
15:32:09.0529 1096 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:32:09.0529 1096 Pcmcia - ok
15:32:09.0545 1096 PDCOMP - ok
15:32:09.0545 1096 PDFRAME - ok
15:32:09.0561 1096 PDRELI - ok
15:32:09.0576 1096 PDRFRAME - ok
15:32:09.0576 1096 perc2 - ok
15:32:09.0592 1096 perc2hib - ok
15:32:09.0654 1096 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:32:09.0654 1096 PlugPlay - ok
15:32:09.0701 1096 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\WINDOWS\system32\HPZipm12.dll
15:32:09.0701 1096 Pml Driver HPZ12 - ok
15:32:09.0732 1096 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:32:09.0732 1096 PolicyAgent - ok
15:32:09.0748 1096 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:32:09.0748 1096 PptpMiniport - ok
15:32:09.0764 1096 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:32:09.0764 1096 Processor - ok
15:32:09.0779 1096 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:32:09.0779 1096 ProtectedStorage - ok
15:32:09.0779 1096 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:32:09.0795 1096 PSched - ok
15:32:09.0811 1096 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:32:09.0811 1096 Ptilink - ok
15:32:09.0826 1096 ql1080 - ok
15:32:09.0826 1096 Ql10wnt - ok
15:32:09.0842 1096 ql12160 - ok
15:32:09.0857 1096 ql1240 - ok
15:32:09.0857 1096 ql1280 - ok
15:32:09.0889 1096 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:32:09.0889 1096 RasAcd - ok
15:32:09.0920 1096 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:32:09.0920 1096 RasAuto - ok
15:32:09.0936 1096 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:32:09.0936 1096 Rasl2tp - ok
15:32:09.0982 1096 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:32:09.0982 1096 RasMan - ok
15:32:09.0998 1096 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:32:09.0998 1096 RasPppoe - ok
15:32:09.0998 1096 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:32:09.0998 1096 Raspti - ok
15:32:10.0045 1096 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:32:10.0045 1096 Rdbss - ok
15:32:10.0061 1096 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:32:10.0076 1096 RDPCDD - ok
15:32:10.0107 1096 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:32:10.0107 1096 rdpdr - ok
15:32:10.0154 1096 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
15:32:10.0154 1096 RDPWD - ok
15:32:10.0170 1096 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:32:10.0186 1096 RDSessMgr - ok
15:32:10.0201 1096 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:32:10.0201 1096 redbook - ok
15:32:10.0232 1096 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:32:10.0264 1096 RemoteAccess - ok
15:32:10.0279 1096 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:32:10.0279 1096 RemoteRegistry - ok
15:32:10.0311 1096 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:32:10.0311 1096 RpcLocator - ok
15:32:10.0357 1096 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:32:10.0373 1096 RpcSs - ok
15:32:10.0404 1096 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:32:10.0420 1096 RSVP - ok
15:32:10.0467 1096 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:32:10.0467 1096 SamSs - ok
15:32:10.0498 1096 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:32:10.0514 1096 SCardSvr - ok
15:32:10.0561 1096 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:32:10.0561 1096 Schedule - ok
15:32:10.0592 1096 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:32:10.0592 1096 Secdrv - ok
15:32:10.0623 1096 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:32:10.0623 1096 seclogon - ok
15:32:10.0639 1096 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:32:10.0639 1096 SENS - ok
15:32:10.0686 1096 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:32:10.0686 1096 Serial - ok
15:32:10.0764 1096 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:32:10.0764 1096 Sfloppy - ok
15:32:10.0779 1096 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:32:10.0795 1096 SharedAccess - ok
15:32:10.0826 1096 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:32:10.0826 1096 ShellHWDetection - ok
15:32:10.0842 1096 Simbad - ok
15:32:10.0889 1096 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:32:10.0904 1096 SLIP - ok
15:32:10.0920 1096 Sparrow - ok
15:32:10.0967 1096 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:32:10.0967 1096 splitter - ok
15:32:11.0014 1096 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:32:11.0014 1096 Spooler - ok
15:32:11.0061 1096 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:32:11.0061 1096 sr - ok
15:32:11.0123 1096 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:32:11.0123 1096 srservice - ok
15:32:11.0154 1096 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:32:11.0154 1096 Srv - ok
15:32:11.0201 1096 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:32:11.0217 1096 SSDPSRV - ok
15:32:11.0264 1096 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
15:32:11.0264 1096 StillCam - ok
15:32:11.0279 1096 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:32:11.0279 1096 stisvc - ok
15:32:11.0311 1096 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:32:11.0342 1096 streamip - ok
15:32:11.0357 1096 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:32:11.0357 1096 swenum - ok
15:32:11.0404 1096 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:32:11.0404 1096 swmidi - ok
15:32:11.0404 1096 SwPrv - ok
15:32:11.0420 1096 symc810 - ok
15:32:11.0436 1096 symc8xx - ok
15:32:11.0436 1096 sym_hi - ok
15:32:11.0451 1096 sym_u3 - ok
15:32:11.0482 1096 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:32:11.0482 1096 sysaudio - ok
15:32:11.0529 1096 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:32:11.0529 1096 SysmonLog - ok
15:32:11.0545 1096 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:32:11.0561 1096 TapiSrv - ok
15:32:11.0592 1096 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:32:11.0607 1096 Tcpip - ok
15:32:11.0639 1096 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:32:11.0639 1096 TDPIPE - ok
15:32:11.0654 1096 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:32:11.0654 1096 TDTCP - ok
15:32:11.0701 1096 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:32:11.0701 1096 TermDD - ok
15:32:11.0748 1096 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:32:11.0748 1096 TermService - ok
15:32:11.0795 1096 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:32:11.0795 1096 Themes - ok
15:32:11.0842 1096 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:32:11.0842 1096 TlntSvr - ok
15:32:11.0857 1096 TosIde - ok
15:32:11.0904 1096 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:32:11.0904 1096 TrkWks - ok
15:32:11.0936 1096 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:32:11.0936 1096 Udfs - ok
15:32:11.0951 1096 ultra - ok
15:32:11.0982 1096 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:32:11.0998 1096 Update - ok
15:32:12.0014 1096 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:32:12.0014 1096 upnphost - ok
15:32:12.0029 1096 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:32:12.0045 1096 UPS - ok
15:32:12.0076 1096 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:32:12.0123 1096 USBAAPL - ok
15:32:12.0139 1096 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:32:12.0186 1096 usbaudio - ok
15:32:12.0217 1096 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:32:12.0217 1096 usbccgp - ok
15:32:12.0232 1096 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:32:12.0232 1096 usbehci - ok
15:32:12.0248 1096 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:32:12.0248 1096 usbhub - ok
15:32:12.0264 1096 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:32:12.0264 1096 usbohci - ok
15:32:12.0295 1096 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:32:12.0295 1096 usbprint - ok
15:32:12.0326 1096 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:32:12.0326 1096 usbscan - ok
15:32:12.0389 1096 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:32:12.0389 1096 USBSTOR - ok
15:32:12.0436 1096 USBTINSP (f9288b919ea3065ad65f33d971604696) C:\WINDOWS\system32\DRIVERS\tinspusb.sys
15:32:12.0436 1096 USBTINSP - ok
15:32:12.0467 1096 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:32:12.0482 1096 usbvideo - ok
15:32:12.0529 1096 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:32:12.0529 1096 VgaSave - ok
15:32:12.0529 1096 ViaIde - ok
15:32:12.0545 1096 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:32:12.0545 1096 VolSnap - ok
15:32:12.0623 1096 vpnagent (cb7859f7029ac19e9b9c76aa0e5e79d2) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
15:32:12.0686 1096 vpnagent - ok
15:32:12.0732 1096 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\WINDOWS\system32\DRIVERS\vpnva.sys
15:32:12.0732 1096 vpnva - ok
15:32:12.0795 1096 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:32:12.0795 1096 VSS - ok
15:32:12.0842 1096 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:32:12.0857 1096 W32Time - ok
15:32:12.0904 1096 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:32:12.0904 1096 Wanarp - ok
15:32:12.0904 1096 WDICA - ok
15:32:12.0951 1096 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:32:12.0951 1096 wdmaud - ok
15:32:12.0998 1096 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:32:12.0998 1096 WebClient - ok
15:32:13.0092 1096 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:32:13.0092 1096 winmgmt - ok
15:32:13.0154 1096 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
15:32:13.0217 1096 WinRM - ok
15:32:13.0264 1096 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:32:13.0279 1096 WmdmPmSN - ok
15:32:13.0326 1096 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:32:13.0342 1096 Wmi - ok
15:32:13.0420 1096 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:32:13.0420 1096 WmiApSrv - ok
15:32:13.0545 1096 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:32:13.0576 1096 WMPNetworkSvc - ok
15:32:13.0607 1096 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:32:13.0623 1096 WS2IFSL - ok
15:32:13.0654 1096 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:32:13.0654 1096 wscsvc - ok
15:32:13.0701 1096 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:32:13.0717 1096 WSTCODEC - ok
15:32:13.0748 1096 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:32:13.0764 1096 wuauserv - ok
15:32:13.0795 1096 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:32:13.0811 1096 WudfPf - ok
15:32:13.0826 1096 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:32:13.0826 1096 WudfRd - ok
15:32:13.0842 1096 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:32:13.0842 1096 WudfSvc - ok
15:32:13.0889 1096 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:32:13.0904 1096 WZCSVC - ok
15:32:13.0936 1096 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:32:13.0951 1096 xmlprov - ok
15:32:13.0998 1096 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:32:14.0029 1096 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:32:14.0029 1096 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:32:14.0045 1096 Boot (0x1200) (2ec6581adbfd94f217b216749224a196) \Device\Harddisk0\DR0\Partition0
15:32:14.0045 1096 \Device\Harddisk0\DR0\Partition0 - ok
15:32:14.0045 1096 ============================================================
15:32:14.0045 1096 Scan finished
15:32:14.0045 1096 ============================================================
15:32:14.0061 2852 Detected object count: 1
15:32:14.0061 2852 Actual detected object count: 1
15:32:50.0404 2852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
15:32:50.0404 2852 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
log files as requested.
Hi,
Re-run TDSSKiller and this time select cure on that item. Post back the report.
Enuf2BDangerous
2012-08-05, 15:42
08:29:31.0873 0824 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:29:32.0201 0824 ============================================================
08:29:32.0201 0824 Current date / time: 2012/08/05 08:29:32.0201
08:29:32.0201 0824 SystemInfo:
08:29:32.0201 0824
08:29:32.0201 0824 OS Version: 5.1.2600 ServicePack: 3.0
08:29:32.0201 0824 Product type: Workstation
08:29:32.0201 0824 ComputerName: ACERPOWER
08:29:32.0201 0824 UserName: Owner
08:29:32.0201 0824 Windows directory: C:\WINDOWS
08:29:32.0201 0824 System windows directory: C:\WINDOWS
08:29:32.0201 0824 Processor architecture: Intel x86
08:29:32.0201 0824 Number of processors: 1
08:29:32.0201 0824 Page size: 0x1000
08:29:32.0201 0824 Boot type: Normal boot
08:29:32.0201 0824 ============================================================
08:29:33.0045 0824 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:29:33.0045 0824 ============================================================
08:29:33.0045 0824 \Device\Harddisk0\DR0:
08:29:33.0045 0824 MBR partitions:
08:29:33.0045 0824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
08:29:33.0045 0824 ============================================================
08:29:33.0076 0824 C: <-> \Device\Harddisk0\DR0\Partition0
08:29:33.0076 0824 ============================================================
08:29:33.0076 0824 Initialize success
08:29:33.0076 0824 ============================================================
08:29:34.0936 2204 ============================================================
08:29:34.0936 2204 Scan started
08:29:34.0936 2204 Mode: Manual;
08:29:34.0936 2204 ============================================================
08:29:35.0186 2204 Abiosdsk - ok
08:29:35.0201 2204 abp480n5 - ok
08:29:35.0248 2204 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:29:35.0248 2204 ACPI - ok
08:29:35.0264 2204 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:29:35.0279 2204 ACPIEC - ok
08:29:35.0311 2204 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
08:29:35.0311 2204 ADM8511 - ok
08:29:35.0389 2204 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:29:35.0389 2204 AdobeFlashPlayerUpdateSvc - ok
08:29:35.0404 2204 adpu160m - ok
08:29:35.0498 2204 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
08:29:35.0529 2204 AdvancedSystemCareService5 - ok
08:29:35.0576 2204 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:29:35.0576 2204 aec - ok
08:29:35.0623 2204 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:29:35.0623 2204 AFD - ok
08:29:35.0639 2204 Aha154x - ok
08:29:35.0654 2204 aic78u2 - ok
08:29:35.0654 2204 aic78xx - ok
08:29:35.0717 2204 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:29:35.0717 2204 Alerter - ok
08:29:35.0732 2204 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:29:35.0732 2204 ALG - ok
08:29:35.0748 2204 AliIde - ok
08:29:35.0779 2204 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
08:29:35.0779 2204 AmdPPM - ok
08:29:35.0795 2204 amsint - ok
08:29:35.0889 2204 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:29:35.0889 2204 Apple Mobile Device - ok
08:29:35.0936 2204 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:29:35.0936 2204 AppMgmt - ok
08:29:35.0951 2204 asc - ok
08:29:35.0951 2204 asc3350p - ok
08:29:35.0967 2204 asc3550 - ok
08:29:36.0092 2204 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:29:36.0139 2204 aspnet_state - ok
08:29:36.0186 2204 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:29:36.0232 2204 AsyncMac - ok
08:29:36.0326 2204 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:29:36.0326 2204 atapi - ok
08:29:36.0342 2204 Atdisk - ok
08:29:36.0389 2204 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:29:36.0389 2204 Atmarpc - ok
08:29:36.0436 2204 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:29:36.0436 2204 AudioSrv - ok
08:29:36.0482 2204 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:29:36.0498 2204 audstub - ok
08:29:36.0607 2204 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
08:29:36.0623 2204 BCM43XX - ok
08:29:36.0670 2204 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:29:36.0670 2204 Beep - ok
08:29:36.0717 2204 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:29:36.0717 2204 BITS - ok
08:29:36.0842 2204 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:29:36.0857 2204 Bonjour Service - ok
08:29:36.0904 2204 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
08:29:36.0904 2204 Bridge - ok
08:29:36.0904 2204 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
08:29:36.0904 2204 BridgeMP - ok
08:29:36.0951 2204 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:29:36.0951 2204 Browser - ok
08:29:37.0029 2204 catchme - ok
08:29:37.0061 2204 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:29:37.0061 2204 cbidf2k - ok
08:29:37.0076 2204 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:29:37.0107 2204 CCDECODE - ok
08:29:37.0107 2204 cd20xrnt - ok
08:29:37.0154 2204 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:29:37.0154 2204 Cdaudio - ok
08:29:37.0217 2204 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:29:37.0217 2204 Cdfs - ok
08:29:37.0248 2204 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:29:37.0248 2204 Cdrom - ok
08:29:37.0248 2204 Changer - ok
08:29:37.0279 2204 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:29:37.0279 2204 CiSvc - ok
08:29:37.0311 2204 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:29:37.0311 2204 ClipSrv - ok
08:29:37.0467 2204 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:29:37.0467 2204 clr_optimization_v2.0.50727_32 - ok
08:29:37.0482 2204 CmdIde - ok
08:29:37.0482 2204 COMSysApp - ok
08:29:37.0514 2204 Cpqarray - ok
08:29:37.0561 2204 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:29:37.0561 2204 CryptSvc - ok
08:29:37.0561 2204 dac2w2k - ok
08:29:37.0576 2204 dac960nt - ok
08:29:37.0623 2204 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:29:37.0639 2204 DcomLaunch - ok
08:29:37.0670 2204 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:29:37.0670 2204 Dhcp - ok
08:29:37.0717 2204 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:29:37.0717 2204 Disk - ok
08:29:37.0732 2204 dmadmin - ok
08:29:37.0779 2204 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:29:37.0795 2204 dmboot - ok
08:29:37.0811 2204 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:29:37.0811 2204 dmio - ok
08:29:37.0826 2204 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:29:37.0826 2204 dmload - ok
08:29:37.0857 2204 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:29:37.0857 2204 dmserver - ok
08:29:37.0951 2204 DMService (854127e348ed4d6b0d8a11e32d6b9030) C:\WINDOWS\DOWNLO~1\DMService.exe
08:29:37.0951 2204 DMService - ok
08:29:37.0998 2204 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:29:37.0998 2204 DMusic - ok
08:29:38.0061 2204 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:29:38.0061 2204 Dnscache - ok
08:29:38.0076 2204 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:29:38.0092 2204 Dot3svc - ok
08:29:38.0123 2204 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
08:29:38.0154 2204 dot4 - ok
08:29:38.0170 2204 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
08:29:38.0186 2204 Dot4Print - ok
08:29:38.0201 2204 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
08:29:38.0217 2204 dot4usb - ok
08:29:38.0217 2204 dpti2o - ok
08:29:38.0264 2204 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:29:38.0264 2204 drmkaud - ok
08:29:38.0279 2204 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:29:38.0279 2204 EapHost - ok
08:29:38.0311 2204 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:29:38.0311 2204 ERSvc - ok
08:29:38.0342 2204 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:29:38.0357 2204 Eventlog - ok
08:29:38.0389 2204 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:29:38.0404 2204 EventSystem - ok
08:29:38.0436 2204 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:29:38.0451 2204 Fastfat - ok
08:29:38.0482 2204 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:29:38.0482 2204 FastUserSwitchingCompatibility - ok
08:29:38.0529 2204 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:29:38.0529 2204 Fdc - ok
08:29:38.0545 2204 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:29:38.0545 2204 Fips - ok
08:29:38.0561 2204 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:29:38.0561 2204 Flpydisk - ok
08:29:38.0607 2204 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:29:38.0607 2204 FltMgr - ok
08:29:38.0717 2204 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:29:38.0732 2204 FontCache3.0.0.0 - ok
08:29:38.0764 2204 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:29:38.0779 2204 Fs_Rec - ok
08:29:38.0795 2204 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:29:38.0795 2204 Ftdisk - ok
08:29:38.0842 2204 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:29:38.0842 2204 GEARAspiWDM - ok
08:29:38.0857 2204 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:29:38.0857 2204 Gpc - ok
08:29:38.0904 2204 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
08:29:38.0904 2204 hamachi - ok
08:29:38.0951 2204 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:29:38.0951 2204 HDAudBus - ok
08:29:39.0029 2204 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:29:39.0029 2204 helpsvc - ok
08:29:39.0092 2204 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:29:39.0092 2204 HidServ - ok
08:29:39.0139 2204 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:29:39.0139 2204 hidusb - ok
08:29:39.0170 2204 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:29:39.0170 2204 hkmsvc - ok
08:29:39.0186 2204 hpn - ok
08:29:39.0264 2204 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
08:29:39.0279 2204 hpqcxs08 - ok
08:29:39.0311 2204 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
08:29:39.0311 2204 hpqddsvc - ok
08:29:39.0342 2204 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
08:29:39.0357 2204 HPSLPSVC - ok
08:29:39.0404 2204 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:29:39.0404 2204 HPZid412 - ok
08:29:39.0420 2204 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:29:39.0420 2204 HPZipr12 - ok
08:29:39.0451 2204 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:29:39.0451 2204 HPZius12 - ok
08:29:39.0498 2204 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:29:39.0498 2204 HTTP - ok
08:29:39.0545 2204 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:29:39.0545 2204 HTTPFilter - ok
08:29:39.0545 2204 i2omgmt - ok
08:29:39.0561 2204 i2omp - ok
08:29:39.0607 2204 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
08:29:39.0607 2204 i8042prt - ok
08:29:39.0748 2204 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:29:39.0764 2204 idsvc - ok
08:29:39.0795 2204 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:29:39.0795 2204 Imapi - ok
08:29:39.0811 2204 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:29:39.0811 2204 ImapiService - ok
08:29:39.0826 2204 ini910u - ok
08:29:39.0951 2204 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:29:40.0014 2204 IntcAzAudAddService - ok
08:29:40.0123 2204 IntelIde - ok
08:29:40.0154 2204 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:29:40.0154 2204 Ip6Fw - ok
08:29:40.0217 2204 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:29:40.0217 2204 IpFilterDriver - ok
08:29:40.0217 2204 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:29:40.0217 2204 IpInIp - ok
08:29:40.0248 2204 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:29:40.0248 2204 IpNat - ok
08:29:40.0342 2204 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
08:29:40.0357 2204 iPod Service - ok
08:29:40.0389 2204 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:29:40.0404 2204 IPSec - ok
08:29:40.0436 2204 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:29:40.0436 2204 IRENUM - ok
08:29:40.0467 2204 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:29:40.0482 2204 isapnp - ok
08:29:40.0529 2204 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
08:29:40.0545 2204 JavaQuickStarterService - ok
08:29:40.0561 2204 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:29:40.0561 2204 Kbdclass - ok
08:29:40.0576 2204 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:29:40.0576 2204 kbdhid - ok
08:29:40.0623 2204 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:29:40.0623 2204 kmixer - ok
08:29:40.0670 2204 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:29:40.0686 2204 KSecDD - ok
08:29:40.0717 2204 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:29:40.0717 2204 LanmanServer - ok
08:29:40.0779 2204 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:29:40.0779 2204 lanmanworkstation - ok
08:29:40.0795 2204 lbrtfdc - ok
08:29:40.0857 2204 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:29:40.0857 2204 LmHosts - ok
08:29:40.0857 2204 mcdbus - ok
08:29:40.0889 2204 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:29:40.0889 2204 Messenger - ok
08:29:40.0936 2204 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:29:40.0936 2204 mnmdd - ok
08:29:40.0982 2204 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:29:40.0982 2204 mnmsrvc - ok
08:29:41.0014 2204 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:29:41.0014 2204 Modem - ok
08:29:41.0045 2204 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:29:41.0045 2204 Mouclass - ok
08:29:41.0061 2204 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:29:41.0061 2204 mouhid - ok
08:29:41.0076 2204 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:29:41.0076 2204 MountMgr - ok
08:29:41.0139 2204 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:29:41.0139 2204 MozillaMaintenance - ok
08:29:41.0170 2204 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:29:41.0170 2204 MpFilter - ok
08:29:41.0264 2204 MpKsl2a86988b (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4AC7498C-8BD4-4788-B371-73E17606DC03}\MpKsl2a86988b.sys
08:29:41.0279 2204 MpKsl2a86988b - ok
08:29:41.0279 2204 mraid35x - ok
08:29:41.0311 2204 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:29:41.0326 2204 MRxDAV - ok
08:29:41.0389 2204 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:29:41.0404 2204 MRxSmb - ok
08:29:41.0451 2204 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
08:29:41.0451 2204 MSDTC - ok
08:29:41.0467 2204 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:29:41.0467 2204 Msfs - ok
08:29:41.0467 2204 MSIServer - ok
08:29:41.0529 2204 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:29:41.0545 2204 MSKSSRV - ok
08:29:41.0623 2204 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:29:41.0623 2204 MsMpSvc - ok
08:29:41.0639 2204 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:29:41.0639 2204 MSPCLOCK - ok
08:29:41.0670 2204 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:29:41.0670 2204 MSPQM - ok
08:29:41.0717 2204 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:29:41.0717 2204 mssmbios - ok
08:29:41.0764 2204 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:29:41.0779 2204 MSTEE - ok
08:29:41.0811 2204 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:29:41.0826 2204 Mup - ok
08:29:41.0857 2204 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:29:41.0889 2204 NABTSFEC - ok
08:29:41.0920 2204 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:29:41.0920 2204 napagent - ok
08:29:41.0951 2204 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:29:41.0951 2204 NDIS - ok
08:29:41.0998 2204 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:29:42.0014 2204 NdisIP - ok
08:29:42.0045 2204 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:29:42.0045 2204 NdisTapi - ok
08:29:42.0092 2204 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:29:42.0123 2204 Ndisuio - ok
08:29:42.0154 2204 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:29:42.0154 2204 NdisWan - ok
08:29:42.0201 2204 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:29:42.0201 2204 NDProxy - ok
08:29:42.0232 2204 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\WINDOWS\system32\HPZinw12.dll
08:29:42.0232 2204 Net Driver HPZ12 - ok
08:29:42.0248 2204 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:29:42.0248 2204 NetBIOS - ok
08:29:42.0311 2204 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:29:42.0311 2204 NetBT - ok
08:29:42.0357 2204 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:29:42.0357 2204 NetDDE - ok
08:29:42.0357 2204 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:29:42.0373 2204 NetDDEdsdm - ok
08:29:42.0404 2204 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:29:42.0404 2204 Netlogon - ok
08:29:42.0451 2204 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:29:42.0451 2204 Netman - ok
08:29:42.0576 2204 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:29:42.0576 2204 NetTcpPortSharing - ok
08:29:42.0607 2204 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:29:42.0623 2204 Nla - ok
08:29:42.0639 2204 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:29:42.0639 2204 Npfs - ok
08:29:42.0686 2204 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:29:42.0701 2204 Ntfs - ok
08:29:42.0717 2204 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:29:42.0717 2204 NtLmSsp - ok
08:29:42.0764 2204 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:29:42.0779 2204 NtmsSvc - ok
08:29:42.0826 2204 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:29:42.0826 2204 Null - ok
08:29:43.0045 2204 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:29:43.0264 2204 nv - ok
08:29:43.0373 2204 nvata (b7fb72492b753930ec70a0f49d04f12f) C:\WINDOWS\system32\DRIVERS\nvata.sys
08:29:43.0373 2204 nvata - ok
08:29:43.0420 2204 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:29:43.0420 2204 NVENETFD - ok
08:29:43.0467 2204 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:29:43.0467 2204 nvnetbus - ok
08:29:43.0482 2204 NVSvc (c0204c1a7a2d2433d48f49e4ecc09ab6) C:\WINDOWS\system32\nvsvc32.exe
08:29:43.0482 2204 NVSvc - ok
08:29:43.0514 2204 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:29:43.0514 2204 NwlnkFlt - ok
08:29:43.0529 2204 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:29:43.0529 2204 NwlnkFwd - ok
08:29:43.0607 2204 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:29:43.0607 2204 ose - ok
08:29:43.0654 2204 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:29:43.0654 2204 Parport - ok
08:29:43.0670 2204 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:29:43.0670 2204 PartMgr - ok
08:29:43.0717 2204 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:29:43.0717 2204 ParVdm - ok
08:29:43.0732 2204 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:29:43.0732 2204 PCI - ok
08:29:43.0748 2204 PCIDump - ok
08:29:43.0748 2204 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:29:43.0764 2204 PCIIde - ok
08:29:43.0811 2204 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:29:43.0811 2204 Pcmcia - ok
08:29:43.0826 2204 PDCOMP - ok
08:29:43.0826 2204 PDFRAME - ok
08:29:43.0842 2204 PDRELI - ok
08:29:43.0842 2204 PDRFRAME - ok
08:29:43.0857 2204 perc2 - ok
08:29:43.0873 2204 perc2hib - ok
08:29:43.0920 2204 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:29:43.0920 2204 PlugPlay - ok
08:29:43.0967 2204 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\WINDOWS\system32\HPZipm12.dll
08:29:43.0967 2204 Pml Driver HPZ12 - ok
08:29:43.0982 2204 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:29:43.0998 2204 PolicyAgent - ok
08:29:44.0029 2204 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:29:44.0029 2204 PptpMiniport - ok
08:29:44.0076 2204 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:29:44.0076 2204 Processor - ok
08:29:44.0076 2204 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:29:44.0076 2204 ProtectedStorage - ok
08:29:44.0092 2204 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:29:44.0092 2204 PSched - ok
08:29:44.0139 2204 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:29:44.0139 2204 Ptilink - ok
08:29:44.0139 2204 ql1080 - ok
08:29:44.0154 2204 Ql10wnt - ok
08:29:44.0154 2204 ql12160 - ok
08:29:44.0170 2204 ql1240 - ok
08:29:44.0186 2204 ql1280 - ok
08:29:44.0201 2204 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:29:44.0201 2204 RasAcd - ok
08:29:44.0232 2204 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:29:44.0232 2204 RasAuto - ok
08:29:44.0264 2204 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:29:44.0264 2204 Rasl2tp - ok
08:29:44.0279 2204 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:29:44.0295 2204 RasMan - ok
08:29:44.0295 2204 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:29:44.0295 2204 RasPppoe - ok
08:29:44.0311 2204 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:29:44.0311 2204 Raspti - ok
08:29:44.0373 2204 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:29:44.0373 2204 Rdbss - ok
08:29:44.0389 2204 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:29:44.0389 2204 RDPCDD - ok
08:29:44.0420 2204 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:29:44.0436 2204 rdpdr - ok
08:29:44.0482 2204 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
08:29:44.0482 2204 RDPWD - ok
08:29:44.0498 2204 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:29:44.0514 2204 RDSessMgr - ok
08:29:44.0561 2204 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:29:44.0561 2204 redbook - ok
08:29:44.0592 2204 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:29:44.0592 2204 RemoteAccess - ok
08:29:44.0639 2204 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:29:44.0639 2204 RemoteRegistry - ok
08:29:44.0670 2204 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:29:44.0670 2204 RpcLocator - ok
08:29:44.0717 2204 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:29:44.0732 2204 RpcSs - ok
08:29:44.0779 2204 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:29:44.0779 2204 RSVP - ok
08:29:44.0826 2204 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:29:44.0826 2204 SamSs - ok
08:29:44.0873 2204 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:29:44.0873 2204 SCardSvr - ok
08:29:44.0920 2204 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:29:44.0920 2204 Schedule - ok
08:29:44.0951 2204 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:29:44.0951 2204 Secdrv - ok
08:29:44.0982 2204 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:29:44.0982 2204 seclogon - ok
08:29:44.0998 2204 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:29:44.0998 2204 SENS - ok
08:29:45.0029 2204 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
08:29:45.0029 2204 Serial - ok
08:29:45.0061 2204 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:29:45.0061 2204 Sfloppy - ok
08:29:45.0076 2204 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:29:45.0092 2204 SharedAccess - ok
08:29:45.0123 2204 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:29:45.0123 2204 ShellHWDetection - ok
08:29:45.0139 2204 Simbad - ok
08:29:45.0170 2204 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:29:45.0186 2204 SLIP - ok
08:29:45.0201 2204 Sparrow - ok
08:29:45.0232 2204 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:29:45.0232 2204 splitter - ok
08:29:45.0279 2204 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:29:45.0279 2204 Spooler - ok
08:29:45.0342 2204 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:29:45.0342 2204 sr - ok
08:29:45.0373 2204 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:29:45.0373 2204 srservice - ok
08:29:45.0420 2204 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:29:45.0420 2204 Srv - ok
08:29:45.0482 2204 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:29:45.0498 2204 SSDPSRV - ok
08:29:45.0529 2204 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
08:29:45.0529 2204 StillCam - ok
08:29:45.0561 2204 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:29:45.0561 2204 stisvc - ok
08:29:45.0607 2204 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:29:45.0623 2204 streamip - ok
08:29:45.0654 2204 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:29:45.0654 2204 swenum - ok
08:29:45.0701 2204 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:29:45.0701 2204 swmidi - ok
08:29:45.0701 2204 SwPrv - ok
08:29:45.0717 2204 symc810 - ok
08:29:45.0732 2204 symc8xx - ok
08:29:45.0732 2204 sym_hi - ok
08:29:45.0748 2204 sym_u3 - ok
08:29:45.0795 2204 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:29:45.0795 2204 sysaudio - ok
08:29:45.0842 2204 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:29:45.0842 2204 SysmonLog - ok
08:29:45.0857 2204 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:29:45.0873 2204 TapiSrv - ok
08:29:45.0920 2204 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:29:45.0920 2204 Tcpip - ok
08:29:45.0951 2204 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:29:45.0951 2204 TDPIPE - ok
08:29:45.0982 2204 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:29:45.0982 2204 TDTCP - ok
08:29:46.0014 2204 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:29:46.0014 2204 TermDD - ok
08:29:46.0029 2204 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:29:46.0029 2204 TermService - ok
08:29:46.0076 2204 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:29:46.0076 2204 Themes - ok
08:29:46.0123 2204 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:29:46.0123 2204 TlntSvr - ok
08:29:46.0139 2204 TosIde - ok
08:29:46.0186 2204 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:29:46.0186 2204 TrkWks - ok
08:29:46.0232 2204 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:29:46.0248 2204 Udfs - ok
08:29:46.0248 2204 ultra - ok
08:29:46.0279 2204 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:29:46.0279 2204 Update - ok
08:29:46.0311 2204 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:29:46.0311 2204 upnphost - ok
08:29:46.0326 2204 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:29:46.0326 2204 UPS - ok
08:29:46.0373 2204 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:29:46.0404 2204 USBAAPL - ok
08:29:46.0436 2204 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:29:46.0482 2204 usbaudio - ok
08:29:46.0529 2204 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:29:46.0529 2204 usbccgp - ok
08:29:46.0576 2204 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:29:46.0576 2204 usbehci - ok
08:29:46.0592 2204 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:29:46.0592 2204 usbhub - ok
08:29:46.0639 2204 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:29:46.0639 2204 usbohci - ok
08:29:46.0670 2204 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:29:46.0670 2204 usbprint - ok
08:29:46.0701 2204 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:29:46.0701 2204 usbscan - ok
08:29:46.0764 2204 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:29:46.0764 2204 USBSTOR - ok
08:29:46.0811 2204 USBTINSP (f9288b919ea3065ad65f33d971604696) C:\WINDOWS\system32\DRIVERS\tinspusb.sys
08:29:46.0811 2204 USBTINSP - ok
08:29:46.0842 2204 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
08:29:46.0889 2204 usbvideo - ok
08:29:46.0951 2204 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:29:46.0951 2204 VgaSave - ok
08:29:46.0951 2204 ViaIde - ok
08:29:46.0998 2204 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:29:47.0014 2204 VolSnap - ok
08:29:47.0092 2204 vpnagent (cb7859f7029ac19e9b9c76aa0e5e79d2) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
08:29:47.0139 2204 vpnagent - ok
08:29:47.0186 2204 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\WINDOWS\system32\DRIVERS\vpnva.sys
08:29:47.0186 2204 vpnva - ok
08:29:47.0248 2204 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:29:47.0248 2204 VSS - ok
08:29:47.0295 2204 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:29:47.0311 2204 W32Time - ok
08:29:47.0326 2204 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:29:47.0326 2204 Wanarp - ok
08:29:47.0342 2204 WDICA - ok
08:29:47.0357 2204 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:29:47.0357 2204 wdmaud - ok
08:29:47.0373 2204 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:29:47.0389 2204 WebClient - ok
08:29:47.0467 2204 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:29:47.0482 2204 winmgmt - ok
08:29:47.0545 2204 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
08:29:47.0607 2204 WinRM - ok
08:29:47.0670 2204 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:29:47.0670 2204 WmdmPmSN - ok
08:29:47.0732 2204 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:29:47.0764 2204 Wmi - ok
08:29:47.0842 2204 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:29:47.0842 2204 WmiApSrv - ok
08:29:47.0982 2204 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:29:48.0014 2204 WMPNetworkSvc - ok
08:29:48.0045 2204 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:29:48.0061 2204 WS2IFSL - ok
08:29:48.0092 2204 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:29:48.0092 2204 wscsvc - ok
08:29:48.0123 2204 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:29:48.0139 2204 WSTCODEC - ok
08:29:48.0186 2204 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:29:48.0186 2204 wuauserv - ok
08:29:48.0232 2204 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:29:48.0232 2204 WudfPf - ok
08:29:48.0248 2204 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:29:48.0248 2204 WudfRd - ok
08:29:48.0279 2204 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:29:48.0279 2204 WudfSvc - ok
08:29:48.0326 2204 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:29:48.0326 2204 WZCSVC - ok
08:29:48.0373 2204 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:29:48.0373 2204 xmlprov - ok
08:29:48.0420 2204 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:29:48.0451 2204 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
08:29:48.0451 2204 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
08:29:48.0467 2204 Boot (0x1200) (2ec6581adbfd94f217b216749224a196) \Device\Harddisk0\DR0\Partition0
08:29:48.0467 2204 \Device\Harddisk0\DR0\Partition0 - ok
08:29:48.0467 2204 ============================================================
08:29:48.0467 2204 Scan finished
08:29:48.0467 2204 ============================================================
08:29:48.0482 0580 Detected object count: 1
08:29:48.0482 0580 Actual detected object count: 1
08:30:02.0498 0580 \Device\Harddisk0\DR0\# - copied to quarantine
08:30:02.0498 0580 \Device\Harddisk0\DR0 - copied to quarantine
08:30:02.0576 0580 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:30:02.0576 0580 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:30:02.0607 0580 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
08:30:02.0639 0580 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
08:30:02.0670 0580 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:30:03.0982 0580 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:30:03.0998 0580 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
08:30:04.0014 0580 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:30:04.0014 0580 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:30:04.0295 0580 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:30:04.0326 0580 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:30:04.0342 0580 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:30:04.0342 0580 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
08:30:04.0389 0580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
08:30:04.0389 0580 \Device\Harddisk0\DR0 - ok
08:30:04.0389 0580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
08:30:14.0373 1864 Deinitialize success
Here is(are) the new log file(s). the program required reboot to cure the virus please lat me know the next step. Thanks for your help thus far.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Owner at 8:37:34 on 2012-08-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.819 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GoZone\GoZone_iSync.exe
C:\Program Files\ActiHealth\AHClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\networ~1.lnk - c:\program files\actihealth\AHClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ecommunity.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {086EA26E-CCE0-11D5-A801-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverainst.cab
DPF: {16EA5913-C33B-11D5-A7F9-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soveractl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://chnsslvpn.ecommunity.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343054564421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://ecomkron.ecommunity.com/InternalSite/WhlCompMgr.cab
DPF: {A9983B43-CE52-11CF-AE75-00A0248802BA} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/viewer.cab
DPF: {C09F02C3-0DEC-4C44-A098-E7D4437C750C} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverahim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D} : NameServer = 192.168.1.1,192.168.15.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\x4tq2xv2.default\
FF - prefs.js: network.proxy.type - 4
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 171064]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-7-2 913792]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-1-19 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
S3 DMService;Whale Component Manager;c:\windows\downlo~1\DMService.exe [2011-10-18 428184]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-8 113120]
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2012-3-2 122752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2012-08-05 12:30:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-05 05:49:30 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ac7498c-8bd4-4788-b371-73e17606dc03}\mpengine.dll
2012-08-04 19:28:33 -------- d-----w- C:\tdsskiller
2012-08-04 14:28:15 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-04 14:18:26 -------- d-sha-r- C:\cmdcons
2012-08-04 14:16:30 98816 ----a-w- c:\windows\sed.exe
2012-08-04 14:16:30 518144 ----a-w- c:\windows\SWREG.exe
2012-08-04 14:16:30 256000 ----a-w- c:\windows\PEV.exe
2012-08-04 14:16:30 208896 ----a-w- c:\windows\MBR.exe
2012-07-30 22:47:30 -------- d-----w- c:\program files\iPod
2012-07-30 22:47:24 -------- d-----w- c:\program files\iTunes
2012-07-25 00:25:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-25 00:25:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-08-03 07:41:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 07:41:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 14:48:10 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 8:38:31.26 ===============
Hi again,
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 7 Update 5 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report & a fresh dds.txt log. How's the system doing?
Enuf2BDangerous
2012-08-06, 03:40
Blade81 here are the results from eset scan. ESET Scan detected Microsoft Security and said that may effect the scan so I turned off Microsoft - Hope that was the right thing to do the scan found 10 threats, thought you were going to tell me we are done looks like 7 files are quarantined by tdsskiller but your the expert - I only know enough to be dangerous. Thank you so much for all your help I guess the computer was in worse shape than I thought.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\Owner\My Documents\My Documents\Digital Locker Downloads\Free Video Converter\Setup_FreeVideoConverter(2).exe Win32/Toolbar.Widgi application
C:\Documents and Settings\Owner\My Documents\My Documents\Digital Locker Downloads\Free Video Converter\Setup_FreeVideoConverter.exe Win32/Toolbar.Widgi application
C:\TDSSKiller_Quarantine\05.08.2012_08.29.32\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\05.08.2012_08.29.32\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\05.08.2012_08.29.32\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\05.08.2012_08.29.32\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\TDSSKiller_Quarantine\05.08.2012_08.29.32\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\05.08.2012_08.29.32\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\05.08.2012_08.29.32\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan
I tested internet explorer and it doesn't do the redirect thing anymore. here is the DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.0
Run by Owner at 20:26:42 on 2012-08-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.853 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\GoZone\GoZone_iSync.exe
C:\Program Files\ActiHealth\AHClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\spider.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\gozone~1.lnk - c:\program files\gozone\GoZone_iSync.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\networ~1.lnk - c:\program files\actihealth\AHClient.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: ecommunity.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {086EA26E-CCE0-11D5-A801-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverainst.cab
DPF: {16EA5913-C33B-11D5-A7F9-00B0D0E4B6C3} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soveractl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://chnsslvpn.ecommunity.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343054564421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://ecomkron.ecommunity.com/InternalSite/WhlCompMgr.cab
DPF: {A9983B43-CE52-11CF-AE75-00A0248802BA} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/viewer.cab
DPF: {C09F02C3-0DEC-4C44-A098-E7D4437C750C} - hxxp://chehimweb1.chi.ecommunity.com/HIMPROD/soverahim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D} : NameServer = 192.168.1.1,192.168.15.1
TCP: Interfaces\{9F6184A6-AEFA-444F-96A0-DCA46EDD657D} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\x4tq2xv2.default\
FF - prefs.js: network.proxy.type - 4
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 171064]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-7-2 913792]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2010-1-19 20160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056]
S3 DMService;Whale Component Manager;c:\windows\downlo~1\DMService.exe [2011-10-18 428184]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-8 113120]
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\drivers\tinspusb.sys [2012-3-2 122752]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2012-08-05 23:34:27 -------- d-----w- c:\program files\ESET
2012-08-05 23:28:59 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-05 12:30:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-05 05:49:30 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4ac7498c-8bd4-4788-b371-73e17606dc03}\mpengine.dll
2012-08-04 19:28:33 -------- d-----w- C:\tdsskiller
2012-08-04 14:28:15 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-04 14:18:26 -------- d-sha-r- C:\cmdcons
2012-08-04 14:16:30 98816 ----a-w- c:\windows\sed.exe
2012-08-04 14:16:30 518144 ----a-w- c:\windows\SWREG.exe
2012-08-04 14:16:30 256000 ----a-w- c:\windows\PEV.exe
2012-08-04 14:16:30 208896 ----a-w- c:\windows\MBR.exe
2012-07-30 22:47:30 -------- d-----w- c:\program files\iPod
2012-07-30 22:47:24 -------- d-----w- c:\program files\iTunes
2012-07-25 00:25:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-25 00:25:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-08-05 23:28:32 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-05 23:28:32 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-03 07:41:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 07:41:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 14:48:10 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 20:27:23.34 ===============
Hi,
Good to hear redirecting has stopped :)
Delete C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BrothersoftExtremeCT.zip file.
C:\TDSSKiller_Quarantine folder can now be deleted too.
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Enuf2BDangerous
2012-08-06, 14:20
Blade81 THANK YOU!!! for all your help and your dedication. You are the best. :thanks:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.