Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP 64-bit Happili removal


  • Please log in to reply
1 reply to this topic

#1 NotHappili

NotHappili

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:11 PM

Posted 26 April 2012 - 12:52 PM

I am running Firefox on a Windows XP 64-bit machine and experiencing the Happili redirection while using Google. I have read other post and have run the MiniTool box,TDSSKiller, and the free version of Malwarebytes. The logs from these events are found below. What are the next steps?
Thanks

MiniToolBox by Farbar Version: 18-01-2012
Ran by chris.lyman (administrator) on 26-04-2012 at 11:32:53
Microsoft® Windows® XP Professional x64 Edition Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : pc058

Primary Dns Suffix . . . . . . . : spendloveresearch.com

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : spendloveresearch.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : spendloveresearch.com

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-1A-A0-3B-B7-58

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.58

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.8

DNS Servers . . . . . . . . . . . : 192.168.0.8

Lease Obtained. . . . . . . . . . : Monday, April 23, 2012 3:18:59 PM

Lease Expires . . . . . . . . . . : Tuesday, May 01, 2012 3:18:59 PM

Server: quansrv.spendloveresearch.com
Address: 192.168.0.8

Name: google.com
Addresses: 74.125.224.128, 74.125.224.142, 74.125.224.133, 74.125.224.136
74.125.224.129, 74.125.224.132, 74.125.224.131, 74.125.224.130, 74.125.224.137
74.125.224.134, 74.125.224.135



Pinging google.com [74.125.224.142] with 32 bytes of data:



Reply from 74.125.224.142: bytes=32 time=59ms TTL=54

Reply from 74.125.224.142: bytes=32 time=58ms TTL=54



Ping statistics for 74.125.224.142:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 58ms, Maximum = 59ms, Average = 58ms

Server: quansrv.spendloveresearch.com
Address: 192.168.0.8

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=131ms TTL=50

Reply from 98.139.183.24: bytes=32 time=132ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 131ms, Maximum = 132ms, Average = 131ms

Server: quansrv.spendloveresearch.com
Address: 192.168.0.8

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms


IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 1a a0 3b b7 58 ...... Broadcom NetXtreme 57xx Gigabit Controller
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.58 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.58 192.168.0.58 20
192.168.0.58 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.58 192.168.0.58 20
224.0.0.0 240.0.0.0 192.168.0.58 192.168.0.58 20
255.255.255.255 255.255.255.255 192.168.0.58 192.168.0.58 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog5 02 U:\Windows\SysWOW64\winrnr.dll [File Not found] ()
Catalog5 03 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 01 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 02 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 03 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 04 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
Catalog9 05 U:\Windows\SysWOW64\mswsock.dll [File Not found] ()
x64-Catalog5 01 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog5 02 U:\Windows\System32\winrnr.dll [File Not found] ()
x64-Catalog5 03 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 01 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 02 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 03 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 04 U:\Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 05 U:\Windows\System32\mswsock.dll [File Not found] ()



=========================== Installed Programs ============================

Adobe Connect Add-in
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.62)
Broadcom Gigabit Integrated Controller (Version: 10.50.03)
Dropbox (Version: 1.2.52)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
NVIDIA Drivers
Symantec AntiVirus Win64 (Version: 10.1.9000.9)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690-v2) (Version: 2)
Update for Windows XP (KB927891) (Version: 5)
Update for Windows XP (KB936357) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (Version: 10/22/2009 2.06.00)
Windows Driver Package - Put your company name here. (usbkey) USB (12/07/2006 6.0.0.0) (Version: 12/07/2006 6.0.0.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140744)
Windows Small Business Server 2008 ClientAgent (Version: 6.0.5601.0)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 4029.36 MB
Available physical RAM: 2121.16 MB
Total Pagefile: 5821.68 MB
Available Pagefile: 5024.49 MB
Total Virtual: 4095.88 MB
Available Virtual: 3998.94 MB

========================= Partitions: =====================================

1 Drive c: (home) (Fixed) (Total:149.01 GB) (Free:107.5 GB) NTFS
3 Drive p: (New Volume) (Network) (Total:831.38 GB) (Free:435.4 GB) NTFS
4 Drive s: (Storage) (Network) (Total:996.25 GB) (Free:182.08 GB) NTFS
5 Drive u: (Storage) (Network) (Total:996.25 GB) (Free:182.08 GB) NTFS

========================= Users: ========================================

User accounts for \\PC058

Administrator Guest SUPPORT_388945a0


**** End of log ****

11:34:35.0649 2976 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
11:34:36.0368 2976 ============================================================
11:34:36.0368 2976 Current date / time: 2012/04/26 11:34:36.0368
11:34:36.0368 2976 SystemInfo:
11:34:36.0368 2976
11:34:36.0368 2976 OS Version: 5.2.3790 ServicePack: 2.0
11:34:36.0368 2976 Product type: Workstation
11:34:36.0368 2976 ComputerName: PC058
11:34:36.0368 2976 UserName: chris.lyman
11:34:36.0368 2976 Windows directory: C:\WINDOWS
11:34:36.0368 2976 System windows directory: C:\WINDOWS
11:34:36.0368 2976 Running under WOW64
11:34:36.0368 2976 Processor architecture: Intel x64
11:34:36.0368 2976 Number of processors: 2
11:34:36.0368 2976 Page size: 0x1000
11:34:36.0368 2976 Boot type: Normal boot
11:34:36.0368 2976 ============================================================
11:34:36.0883 2976 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
11:34:36.0883 2976 ============================================================
11:34:36.0883 2976 \Device\Harddisk0\DR0:
11:34:36.0883 2976 MBR partitions:
11:34:36.0883 2976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A04800
11:34:36.0883 2976 ============================================================
11:34:36.0915 2976 C: <-> \Device\Harddisk0\DR0\Partition0
11:34:36.0915 2976 ============================================================
11:34:36.0915 2976 Initialize success
11:34:36.0915 2976 ============================================================
11:34:51.0368 0900 ============================================================
11:34:51.0368 0900 Scan started
11:34:51.0368 0900 Mode: Manual; TDLFS;
11:34:51.0368 0900 ============================================================
11:34:51.0664 0900 Abiosdsk - ok
11:34:51.0711 0900 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:34:51.0711 0900 ACPI - ok
11:34:51.0743 0900 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:34:51.0758 0900 ACPIEC - ok
11:34:51.0758 0900 adpu160m - ok
11:34:51.0758 0900 adpu320 - ok
11:34:51.0805 0900 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
11:34:51.0805 0900 aec - ok
11:34:51.0836 0900 AeLookupSvc (ac7010dde9111a1c65d7391ada5c7257) C:\WINDOWS\System32\aelupsvc.dll
11:34:51.0836 0900 AeLookupSvc - ok
11:34:51.0883 0900 AFD (886c37d055020d0d02c35ac5b84e76ab) C:\WINDOWS\System32\drivers\afd.sys
11:34:51.0899 0900 AFD - ok
11:34:51.0899 0900 aic78u2 - ok
11:34:51.0899 0900 aic78xx - ok
11:34:51.0914 0900 Alerter (afa2cf7cb731ca177cccffffe5d88776) C:\WINDOWS\system32\alrsvc.dll
11:34:51.0914 0900 Alerter - ok
11:34:51.0946 0900 ALG (2d21ff6d4cd30e679f1a294d5ba3d97b) C:\WINDOWS\System32\alg.exe
11:34:51.0946 0900 ALG - ok
11:34:51.0946 0900 AliIde - ok
11:34:51.0946 0900 AmdIde - ok
11:34:51.0993 0900 AppMgmt (4f6b2de8bc199c542f174844bb64485a) C:\WINDOWS\System32\appmgmts.dll
11:34:52.0008 0900 AppMgmt - ok
11:34:52.0008 0900 arc - ok
11:34:52.0086 0900 aspnet_state (f9f0f095586009e5da0c32e648aa99fa) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
11:34:52.0086 0900 aspnet_state - ok
11:34:52.0118 0900 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:34:52.0118 0900 AsyncMac - ok
11:34:52.0149 0900 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:34:52.0149 0900 atapi - ok
11:34:52.0149 0900 Atdisk - ok
11:34:52.0164 0900 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:34:52.0180 0900 Atmarpc - ok
11:34:52.0211 0900 AudioSrv (0da015ab1ee54988572cfc4b7644556a) C:\WINDOWS\System32\audiosrv.dll
11:34:52.0211 0900 AudioSrv - ok
11:34:52.0243 0900 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:34:52.0243 0900 audstub - ok
11:34:52.0289 0900 b57nd (d3a88007eeadc15b76c814d8f1caa609) C:\WINDOWS\system32\DRIVERS\b57amd64.sys
11:34:52.0305 0900 b57nd - ok
11:34:52.0336 0900 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
11:34:52.0336 0900 Beep - ok
11:34:52.0383 0900 BITS (749c15323919984a6e08bad427d89936) C:\WINDOWS\system32\qmgr.dll
11:34:52.0399 0900 BITS - ok
11:34:52.0430 0900 Browser (3a8e1df1a159df863af4e5b84019a2bc) C:\WINDOWS\System32\browser.dll
11:34:52.0430 0900 Browser - ok
11:34:52.0539 0900 ccEvtMgr (e403a2d0f451500ff12638c19cffc87c) C:\Program Files (x86)\Common Files\Symantec Shared\ccEvtMgr.exe
11:34:52.0555 0900 ccEvtMgr - ok
11:34:52.0555 0900 ccSetMgr (64ca18128973124df92d516d50c03aef) C:\Program Files (x86)\Common Files\Symantec Shared\ccSetMgr.exe
11:34:52.0571 0900 ccSetMgr - ok
11:34:52.0602 0900 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
11:34:52.0602 0900 CdaC15BA - ok
11:34:52.0602 0900 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
11:34:52.0602 0900 CdaD10BA - ok
11:34:52.0649 0900 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
11:34:52.0649 0900 Cdfs - ok
11:34:52.0664 0900 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:34:52.0664 0900 Cdrom - ok
11:34:52.0664 0900 Changer - ok
11:34:52.0696 0900 CiSvc (46c54f209031afa0f100d0703fc346da) C:\WINDOWS\system32\cisvc.exe
11:34:52.0696 0900 CiSvc - ok
11:34:52.0727 0900 ClipSrv (74f11d0323666d9f615a2d3692590122) C:\WINDOWS\system32\clipsrv.exe
11:34:52.0727 0900 ClipSrv - ok
11:34:52.0805 0900 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:34:52.0805 0900 clr_optimization_v2.0.50727_32 - ok
11:34:52.0821 0900 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:34:52.0836 0900 clr_optimization_v2.0.50727_64 - ok
11:34:52.0836 0900 CmdIde - ok
11:34:52.0836 0900 COMSysApp - ok
11:34:52.0883 0900 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
11:34:52.0883 0900 crcdisk - ok
11:34:52.0930 0900 CryptSvc (8b0b3744c60936acae31012799db3982) C:\WINDOWS\System32\cryptsvc.dll
11:34:52.0930 0900 CryptSvc - ok
11:34:52.0993 0900 DcomLaunch (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
11:34:53.0024 0900 DcomLaunch - ok
11:34:53.0133 0900 DefWatch (213153e1ee098feef56098536b2a6dd7) C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
11:34:53.0133 0900 DefWatch - ok
11:34:53.0164 0900 Dhcp (de4c841dda8d5800515a5ca908580a36) C:\WINDOWS\System32\dhcpcsvc.dll
11:34:53.0164 0900 Dhcp - ok
11:34:53.0180 0900 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
11:34:53.0180 0900 Disk - ok
11:34:53.0180 0900 dmadmin - ok
11:34:53.0227 0900 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
11:34:53.0243 0900 dmboot - ok
11:34:53.0258 0900 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
11:34:53.0258 0900 dmio - ok
11:34:53.0258 0900 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
11:34:53.0258 0900 dmload - ok
11:34:53.0289 0900 dmserver (76f7e7922f428be040f800920bb8ff3b) C:\WINDOWS\System32\dmserver.dll
11:34:53.0289 0900 dmserver - ok
11:34:53.0321 0900 Dnscache (19c1612c4f5d828935d2270c7af13e6e) C:\WINDOWS\System32\dnsrslvr.dll
11:34:53.0321 0900 Dnscache - ok
11:34:53.0321 0900 dpti2o - ok
11:34:53.0414 0900 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:34:53.0430 0900 eeCtrl - ok
11:34:53.0461 0900 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:34:53.0461 0900 EraserUtilRebootDrv - ok
11:34:53.0493 0900 ERSvc (b063a36e4e027a9dbe2b019ebbbeae86) C:\WINDOWS\System32\ersvc.dll
11:34:53.0493 0900 ERSvc - ok
11:34:53.0539 0900 Eventlog (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
11:34:53.0555 0900 Eventlog - ok
11:34:53.0649 0900 EventSystem (cdef30a1dcffcaf6a4e8b7812ae79c95) C:\WINDOWS\system32\es.dll
11:34:53.0664 0900 EventSystem - ok
11:34:53.0711 0900 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
11:34:53.0727 0900 Fastfat - ok
11:34:53.0758 0900 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\drivers\Fdc.sys
11:34:53.0758 0900 Fdc - ok
11:34:53.0774 0900 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
11:34:53.0774 0900 Fips - ok
11:34:53.0774 0900 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:34:53.0774 0900 Flpydisk - ok
11:34:53.0789 0900 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:34:53.0805 0900 FltMgr - ok
11:34:53.0899 0900 FontCache3.0.0.0 (8a4dcd28d2be12946f6d5d308b0942a6) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
11:34:53.0899 0900 FontCache3.0.0.0 - ok
11:34:53.0899 0900 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:34:53.0899 0900 Fs_Rec - ok
11:34:53.0914 0900 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:34:53.0930 0900 Ftdisk - ok
11:34:54.0039 0900 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
11:34:54.0039 0900 GoogleDesktopManager-051210-111108 - ok
11:34:54.0086 0900 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:34:54.0086 0900 Gpc - ok
11:34:54.0118 0900 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:34:54.0133 0900 HDAudBus - ok
11:34:54.0211 0900 helpsvc (40e274b64843813a81c42687592339d7) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:34:54.0211 0900 helpsvc - ok
11:34:54.0227 0900 HidServ (9648ad494be12b39acc2db638e2340a0) C:\WINDOWS\System32\hidserv.dll
11:34:54.0227 0900 HidServ - ok
11:34:54.0243 0900 hidusb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:34:54.0243 0900 hidusb - ok
11:34:54.0305 0900 HTTP (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
11:34:54.0321 0900 HTTP - ok
11:34:54.0368 0900 HTTPFilter (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\System32\lsass.exe
11:34:54.0368 0900 HTTPFilter - ok
11:34:54.0368 0900 i2omgmt - ok
11:34:54.0414 0900 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:34:54.0414 0900 i8042prt - ok
11:34:54.0461 0900 IASJet - ok
11:34:54.0524 0900 iastor (07fb761600eff44af02c35b8b57e5863) C:\WINDOWS\system32\drivers\iastor.sys
11:34:54.0524 0900 iastor - ok
11:34:54.0664 0900 idsvc (501cf65702d7f64c38db360f7eb07adc) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:34:54.0696 0900 idsvc - ok
11:34:54.0711 0900 iirsp - ok
11:34:54.0743 0900 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:34:54.0743 0900 imapi - ok
11:34:54.0789 0900 ImapiService (9014c144cd95eee1f5884664a4bfb4d8) C:\WINDOWS\system32\imapi.exe
11:34:54.0805 0900 ImapiService - ok
11:34:54.0805 0900 IntelIde - ok
11:34:54.0821 0900 intelppm (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:34:54.0821 0900 intelppm - ok
11:34:54.0852 0900 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:34:54.0852 0900 Ip6Fw - ok
11:34:54.0852 0900 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:34:54.0868 0900 IpFilterDriver - ok
11:34:54.0868 0900 IpInIp - ok
11:34:54.0883 0900 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:34:54.0883 0900 IpNat - ok
11:34:54.0899 0900 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:34:54.0914 0900 IPSec - ok
11:34:54.0914 0900 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:34:54.0914 0900 IRENUM - ok
11:34:54.0946 0900 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:34:54.0946 0900 isapnp - ok
11:34:55.0055 0900 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files (x86)\Java\jre6\bin\jqs.exe
11:34:55.0071 0900 JavaQuickStarterService - ok
11:34:55.0071 0900 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:34:55.0071 0900 Kbdclass - ok
11:34:55.0117 0900 kbdhid (f96d8cec38efd64aaf41976d214fc54e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:34:55.0117 0900 kbdhid - ok
11:34:55.0164 0900 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
11:34:55.0180 0900 kmixer - ok
11:34:55.0211 0900 KSecDD (e9bc44a069593b8bfce33610a0196d6b) C:\WINDOWS\system32\drivers\KSecDD.sys
11:34:55.0227 0900 KSecDD - ok
11:34:55.0227 0900 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
11:34:55.0227 0900 ksthunk - ok
11:34:55.0274 0900 lanmanserver (4d8e9a805add244b5c511147a5d9bb8c) C:\WINDOWS\System32\srvsvc.dll
11:34:55.0274 0900 lanmanserver - ok
11:34:55.0321 0900 lanmanworkstation (bf4105d3eb357652a4ea73f170715acd) C:\WINDOWS\System32\wkssvc.dll
11:34:55.0336 0900 lanmanworkstation - ok
11:34:55.0508 0900 LiveUpdate (010fd2b41e75a98e3a4d23f44405f5c9) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
11:34:55.0586 0900 LiveUpdate - ok
11:34:55.0727 0900 LmHosts (80db42573f8ef6cbb6a7a0ff6966a352) C:\WINDOWS\System32\lmhsvc.dll
11:34:55.0727 0900 LmHosts - ok
11:34:55.0789 0900 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
11:34:55.0805 0900 LMIGuardianSvc - ok
11:34:55.0821 0900 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
11:34:55.0821 0900 LMIInfo - ok
11:34:55.0852 0900 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
11:34:55.0852 0900 LMIMaint - ok
11:34:55.0899 0900 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
11:34:55.0899 0900 lmimirr - ok
11:34:55.0899 0900 LMIRfsClientNP - ok
11:34:55.0930 0900 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:34:55.0930 0900 LMIRfsDriver - ok
11:34:55.0961 0900 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
11:34:55.0961 0900 LogMeIn - ok
11:34:56.0008 0900 Messenger (34ef8cbea95ef5108a1349fc22d87513) C:\WINDOWS\System32\msgsvc.dll
11:34:56.0008 0900 Messenger - ok
11:34:56.0024 0900 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
11:34:56.0024 0900 mnmdd - ok
11:34:56.0024 0900 mnmsrvc - ok
11:34:56.0071 0900 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
11:34:56.0071 0900 Modem - ok
11:34:56.0071 0900 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:34:56.0071 0900 Mouclass - ok
11:34:56.0086 0900 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:34:56.0086 0900 mouhid - ok
11:34:56.0086 0900 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
11:34:56.0102 0900 MountMgr - ok
11:34:56.0102 0900 mraid35x - ok
11:34:56.0133 0900 MRxDAV (3d33208e5a7414d8633d34d24f119173) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:34:56.0149 0900 MRxDAV - ok
11:34:56.0227 0900 MRxSmb (9385e695b33068b90cf419186ecaa3de) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:34:56.0242 0900 MRxSmb - ok
11:34:56.0274 0900 MSDTC (d42976785ba169c2361f97cc6a20681f) C:\WINDOWS\system32\msdtc.exe
11:34:56.0274 0900 MSDTC - ok
11:34:56.0274 0900 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
11:34:56.0274 0900 Msfs - ok
11:34:56.0274 0900 MSIServer - ok
11:34:56.0305 0900 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:34:56.0305 0900 MSKSSRV - ok
11:34:56.0305 0900 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:34:56.0305 0900 MSPCLOCK - ok
11:34:56.0305 0900 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
11:34:56.0305 0900 MSPQM - ok
11:34:56.0321 0900 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:34:56.0321 0900 mssmbios - ok
11:34:56.0336 0900 Mup (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
11:34:56.0336 0900 Mup - ok
11:34:56.0524 0900 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~2\COMMON~1\SYMANT~1\VIRUSD~1\20120420.002\eng64.sys
11:34:56.0524 0900 NAVENG - ok
11:34:56.0633 0900 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~2\COMMON~1\SYMANT~1\VIRUSD~1\20120420.002\ex64.sys
11:34:56.0711 0900 NAVEX15 - ok
11:34:56.0883 0900 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
11:34:56.0899 0900 NDIS - ok
11:34:56.0930 0900 NdisTapi (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:34:56.0930 0900 NdisTapi - ok
11:34:56.0930 0900 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:34:56.0930 0900 Ndisuio - ok
11:34:56.0946 0900 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:34:56.0946 0900 NdisWan - ok
11:34:56.0992 0900 NDProxy (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
11:34:56.0992 0900 NDProxy - ok
11:34:56.0992 0900 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:34:56.0992 0900 NetBIOS - ok
11:34:57.0024 0900 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:34:57.0024 0900 NetBT - ok
11:34:57.0071 0900 NetDDE (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
11:34:57.0071 0900 NetDDE - ok
11:34:57.0071 0900 NetDDEdsdm (fb13279d8c89add5b0f7497c45bcf1c3) C:\WINDOWS\system32\netdde.exe
11:34:57.0086 0900 NetDDEdsdm - ok
11:34:57.0117 0900 Netlogon (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:34:57.0117 0900 Netlogon - ok
11:34:57.0149 0900 Netman (f28fd9dba68a85d6ee4225a83f127d2b) C:\WINDOWS\System32\netman.dll
11:34:57.0164 0900 Netman - ok
11:34:57.0289 0900 NetTcpPortSharing (8bc776595238ab62072aa6beb17ddf59) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:34:57.0289 0900 NetTcpPortSharing - ok
11:34:57.0336 0900 Nla (ba13c3c32a69dc37653c9543e065950e) C:\WINDOWS\System32\mswsock.dll
11:34:57.0367 0900 Nla - ok
11:34:57.0446 0900 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
11:34:57.0446 0900 Npfs - ok
11:34:57.0477 0900 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
11:34:57.0571 0900 Ntfs - ok
11:34:57.0617 0900 NtLmSsp (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:34:57.0617 0900 NtLmSsp - ok
11:34:57.0680 0900 NtmsSvc (a398462077f68a41b4dff9fb7e8fc7b8) C:\WINDOWS\system32\ntmssvc.dll
11:34:57.0711 0900 NtmsSvc - ok
11:34:57.0727 0900 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
11:34:57.0727 0900 Null - ok
11:34:57.0899 0900 nv (27cf7a0b49374d0237c488a4c0aa3e7e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:34:58.0024 0900 nv - ok
11:34:58.0102 0900 NVSvc (62fab1f015f879826e54b1fa074c6d49) C:\WINDOWS\system32\nvsvc64.exe
11:34:58.0102 0900 NVSvc - ok
11:34:58.0196 0900 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:34:58.0196 0900 odserv - ok
11:34:58.0258 0900 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:34:58.0274 0900 ose - ok
11:34:58.0336 0900 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\DRIVERS\parport.sys
11:34:58.0336 0900 Parport - ok
11:34:58.0367 0900 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
11:34:58.0383 0900 PartMgr - ok
11:34:58.0399 0900 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
11:34:58.0414 0900 PCI - ok
11:34:58.0414 0900 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:34:58.0414 0900 PCIIde - ok
11:34:58.0446 0900 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:34:58.0446 0900 Pcmcia - ok
11:34:58.0446 0900 PDCOMP - ok
11:34:58.0461 0900 PDFRAME - ok
11:34:58.0461 0900 PDRELI - ok
11:34:58.0461 0900 PDRFRAME - ok
11:34:58.0539 0900 PlugPlay (1e07ee3f50dff2fe9b0a9d196e82698f) C:\WINDOWS\system32\services.exe
11:34:58.0539 0900 PlugPlay - ok
11:34:58.0586 0900 PolicyAgent (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:34:58.0586 0900 PolicyAgent - ok
11:34:58.0617 0900 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:34:58.0633 0900 PptpMiniport - ok
11:34:58.0633 0900 ProtectedStorage (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:34:58.0633 0900 ProtectedStorage - ok
11:34:58.0633 0900 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
11:34:58.0633 0900 PSched - ok
11:34:58.0649 0900 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:34:58.0649 0900 Ptilink - ok
11:34:58.0664 0900 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
11:34:58.0664 0900 PxHlpa64 - ok
11:34:58.0696 0900 radpms (58435613c2537715a9423597ec6635cc) C:\WINDOWS\system32\DRIVERS\radpms.sys
11:34:58.0696 0900 radpms - ok
11:34:58.0711 0900 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:34:58.0711 0900 RasAcd - ok
11:34:58.0758 0900 RasAuto (3f573d0c001b982c3180860366783bc0) C:\WINDOWS\System32\rasauto.dll
11:34:58.0758 0900 RasAuto - ok
11:34:58.0774 0900 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:34:58.0789 0900 Rasl2tp - ok
11:34:58.0821 0900 RasMan (47f7838f77a42f85c763899ab1b77d14) C:\WINDOWS\System32\rasmans.dll
11:34:58.0821 0900 RasMan - ok
11:34:58.0852 0900 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:34:58.0852 0900 RasPppoe - ok
11:34:58.0852 0900 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:34:58.0852 0900 Raspti - ok
11:34:58.0867 0900 Rdbss (251a8b39645c5b3dc7dcbbd03a3140cb) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:34:58.0883 0900 Rdbss - ok
11:34:58.0883 0900 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:34:58.0883 0900 RDPCDD - ok
11:34:58.0946 0900 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:34:58.0961 0900 rdpdr - ok
11:34:59.0008 0900 RDPWD (e87df32229d27afbd9ea4efc70bd0daa) C:\WINDOWS\system32\drivers\RDPWD.sys
11:34:59.0008 0900 RDPWD - ok
11:34:59.0039 0900 RDSessMgr (a72be0b07655141ab4eabecf0d66528a) C:\WINDOWS\system32\sessmgr.exe
11:34:59.0055 0900 RDSessMgr - ok
11:34:59.0086 0900 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:34:59.0086 0900 redbook - ok
11:34:59.0117 0900 RemoteAccess (60c8a5d4954cce7d280369dff5068019) C:\WINDOWS\System32\mprdim.dll
11:34:59.0117 0900 RemoteAccess - ok
11:34:59.0149 0900 RemoteRegistry (b2d55ce8c7c946c625b687f75040ad3f) C:\WINDOWS\system32\regsvc.dll
11:34:59.0149 0900 RemoteRegistry - ok
11:34:59.0196 0900 RpcLocator (809785cf7be1b857f3b52d9b1af10817) C:\WINDOWS\system32\locator.exe
11:34:59.0196 0900 RpcLocator - ok
11:34:59.0242 0900 RpcSs (a6130365606f3d6332b014fc3da931aa) C:\WINDOWS\system32\rpcss.dll
11:34:59.0242 0900 RpcSs - ok
11:34:59.0289 0900 SamSs (1a782d5ca033f553f0be54546ebf3b4f) C:\WINDOWS\system32\lsass.exe
11:34:59.0289 0900 SamSs - ok
11:34:59.0430 0900 SAVRT (9c007db372a052b4b42b4f484825726c) C:\Program Files (x86)\Symantec AntiVirus\Savrt64x86.sys
11:34:59.0430 0900 SAVRT - ok
11:34:59.0446 0900 SAVRTPEL (a87e0af01dfa34fb82739646a123b1df) C:\Program Files (x86)\Symantec AntiVirus\Savrtpel64x86.sys
11:34:59.0461 0900 SAVRTPEL - ok
11:34:59.0492 0900 SCardSvr (a2069ffa2a6febb3818f180373c84a89) C:\WINDOWS\System32\SCardSvr.exe
11:34:59.0492 0900 SCardSvr - ok
11:34:59.0524 0900 Schedule (71cd398385835c08613c65e5bf91e7fa) C:\WINDOWS\system32\schedsvc.dll
11:34:59.0539 0900 Schedule - ok
11:34:59.0602 0900 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:34:59.0602 0900 Secdrv - ok
11:34:59.0617 0900 seclogon (b4e054549321372d995e4db9a5304e77) C:\WINDOWS\System32\seclogon.dll
11:34:59.0617 0900 seclogon - ok
11:34:59.0664 0900 SENS (222c0a6c354d6a90700956c60574a09a) C:\WINDOWS\system32\sens.dll
11:34:59.0664 0900 SENS - ok
11:34:59.0696 0900 serenum (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:34:59.0696 0900 serenum - ok
11:34:59.0711 0900 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
11:34:59.0711 0900 Serial - ok
11:34:59.0727 0900 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:34:59.0727 0900 Sfloppy - ok
11:34:59.0789 0900 SharedAccess (d71a8153d3cf0ed527f6ba1f087faa22) C:\WINDOWS\system32\ipnathlp.dll
11:34:59.0805 0900 SharedAccess - ok
11:34:59.0852 0900 ShellHWDetection (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
11:34:59.0852 0900 ShellHWDetection - ok
11:34:59.0867 0900 Simbad - ok
11:34:59.0899 0900 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
11:34:59.0914 0900 splitter - ok
11:34:59.0946 0900 Spooler (206fd327b4aad3aeaa8e0d7d03f2044a) C:\WINDOWS\system32\spoolsv.exe
11:34:59.0961 0900 Spooler - ok
11:34:59.0992 0900 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
11:35:00.0008 0900 sr - ok
11:35:00.0039 0900 srservice (7b6da719973755bd091131e53ad6ec23) C:\WINDOWS\system32\srsvc.dll
11:35:00.0055 0900 srservice - ok
11:35:00.0117 0900 Srv (2a08328562d0ba596b699eeb90b511d1) C:\WINDOWS\system32\DRIVERS\srv.sys
11:35:00.0133 0900 Srv - ok
11:35:00.0149 0900 SSDPSRV (94ad81c8ee2385eddb08c7e34fedb7a8) C:\WINDOWS\System32\ssdpsrv.dll
11:35:00.0149 0900 SSDPSRV - ok
11:35:00.0211 0900 STHDA (cffad9bf30ddfdfb6d12891a862126cf) C:\WINDOWS\system32\drivers\sthda64.sys
11:35:00.0242 0900 STHDA - ok
11:35:00.0305 0900 stisvc (f6d4f452db507820f726525a1425f0cc) C:\WINDOWS\system32\wiaservc.dll
11:35:00.0321 0900 stisvc - ok
11:35:00.0383 0900 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
11:35:00.0383 0900 stllssvr - ok
11:35:00.0446 0900 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:35:00.0446 0900 swenum - ok
11:35:00.0477 0900 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
11:35:00.0492 0900 swmidi - ok
11:35:00.0524 0900 swprv (2e54746998139cb708b83974f1ac09f3) C:\WINDOWS\System32\swprv.dll
11:35:00.0539 0900 swprv - ok
11:35:00.0680 0900 Symantec AntiVirus (26b3e57f33d3f6fe7e88beac82aeb12a) C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
11:35:00.0758 0900 Symantec AntiVirus - ok
11:35:00.0836 0900 symc8xx - ok
11:35:00.0867 0900 SymEvent (3711a3459d1c4d7d161178bc120664ab) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
11:35:00.0867 0900 SymEvent - ok
11:35:00.0867 0900 symmpi - ok
11:35:00.0867 0900 sym_hi - ok
11:35:00.0867 0900 sym_u3 - ok
11:35:00.0899 0900 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
11:35:00.0899 0900 sysaudio - ok
11:35:00.0946 0900 SysmonLog (d3fffea8c94ba3c1ceac9694ac390472) C:\WINDOWS\system32\smlogsvc.exe
11:35:00.0961 0900 SysmonLog - ok
11:35:00.0992 0900 szkg5 - ok
11:35:01.0149 0900 szserver (8fdaf81240a4057162cad255f02a844e) C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
11:35:01.0149 0900 szserver - ok
11:35:01.0180 0900 TapiSrv (fafefc85fc929b81571bff315c93e299) C:\WINDOWS\System32\tapisrv.dll
11:35:01.0196 0900 TapiSrv - ok
11:35:01.0242 0900 Tcpip (34d970b38e9e835009e1ad07c5422b58) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:35:01.0274 0900 Tcpip - ok
11:35:01.0305 0900 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:35:01.0305 0900 TDPIPE - ok
11:35:01.0336 0900 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
11:35:01.0336 0900 TDTCP - ok
11:35:01.0352 0900 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:35:01.0352 0900 TermDD - ok
11:35:01.0383 0900 TermService (f4849a4962779132b02ca4bbf696f434) C:\WINDOWS\System32\termsrv.dll
11:35:01.0399 0900 TermService - ok
11:35:01.0430 0900 Themes (15de8eae99a0f4e313e83aba5b849faa) C:\WINDOWS\System32\shsvcs.dll
11:35:01.0430 0900 Themes - ok
11:35:01.0461 0900 TlntSvr (0fdf294d30ca53391485132854151b26) C:\WINDOWS\system32\tlntsvr.exe
11:35:01.0461 0900 TlntSvr - ok
11:35:01.0461 0900 TosIde - ok
11:35:01.0492 0900 TrkWks (483ffcd8e5080198d87eeed44246e6a9) C:\WINDOWS\system32\trkwks.dll
11:35:01.0492 0900 TrkWks - ok
11:35:01.0539 0900 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
11:35:01.0539 0900 Udfs - ok
11:35:01.0555 0900 ultra - ok
11:35:01.0586 0900 UMWdf (c306cea0f1477240a5d9a7e61db2f3e1) C:\WINDOWS\system32\wdfmgr.exe
11:35:01.0586 0900 UMWdf - ok
11:35:01.0602 0900 Update (1446762923434d2a9c315325cf4770c8) C:\WINDOWS\system32\DRIVERS\update.sys
11:35:01.0617 0900 Update - ok
11:35:01.0664 0900 upnphost (78c605cb6e0ce966d3347ff7caf3f8ac) C:\WINDOWS\System32\upnphost.dll
11:35:01.0664 0900 upnphost - ok
11:35:01.0680 0900 UPS (3ec1501aa03cecd66ed093428fbc8b0e) C:\WINDOWS\System32\ups.exe
11:35:01.0696 0900 UPS - ok
11:35:01.0727 0900 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:35:01.0727 0900 usbccgp - ok
11:35:01.0758 0900 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:35:01.0758 0900 usbehci - ok
11:35:01.0774 0900 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:35:01.0789 0900 usbhub - ok
11:35:01.0821 0900 USBSTOR (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:35:01.0821 0900 USBSTOR - ok
11:35:01.0821 0900 usbuhci (4b7b4a2cc997c482a0aa7ca663af62a0) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:35:01.0821 0900 usbuhci - ok
11:35:01.0852 0900 vds (b1e327aea4ecf42ddf7c579b0fb0de4c) C:\WINDOWS\System32\vds.exe
11:35:01.0867 0900 vds - ok
11:35:01.0899 0900 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
11:35:01.0899 0900 vga - ok
11:35:01.0914 0900 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
11:35:01.0914 0900 VgaSave - ok
11:35:01.0930 0900 ViaIde - ok
11:35:01.0946 0900 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
11:35:01.0946 0900 VolSnap - ok
11:35:02.0024 0900 VSS (0a05de966b412d6289632ac05fc6ada2) C:\WINDOWS\System32\vssvc.exe
11:35:02.0102 0900 VSS - ok
11:35:02.0211 0900 W32Time (6fe371026674baf189f7a81746a67c87) C:\WINDOWS\system32\w32time.dll
11:35:02.0227 0900 W32Time - ok
11:35:02.0274 0900 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:35:02.0274 0900 Wanarp - ok
11:35:02.0274 0900 WDICA - ok
11:35:02.0305 0900 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
11:35:02.0321 0900 wdmaud - ok
11:35:02.0321 0900 WebClient (fe8590fa0367a29bc7ed7bfc4962ad1c) C:\WINDOWS\System32\webclnt.dll
11:35:02.0336 0900 WebClient - ok
11:35:02.0336 0900 WinHttpAutoProxySvc - ok
11:35:02.0383 0900 winmgmt (881271d649e778690a365d73b8958509) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:35:02.0383 0900 winmgmt - ok
11:35:02.0446 0900 WmdmPmSN (4d32f7bdbf325792ae28d5380ddf6bcf) C:\WINDOWS\SysWOW64\mspmsnsv.dll
11:35:02.0446 0900 WmdmPmSN - ok
11:35:02.0524 0900 Wmi (b51966db20d5c700228dfe222fdf9e67) C:\WINDOWS\System32\advapi32.dll
11:35:02.0539 0900 Wmi - ok
11:35:02.0571 0900 WmiApSrv (56980be8b5a6861b5d9175eaba8ac7dc) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:35:02.0571 0900 WmiApSrv - ok
11:35:02.0617 0900 wscsvc (82960ce97c1898c28d7ae62ba6721d27) C:\WINDOWS\system32\wscsvc.dll
11:35:02.0617 0900 wscsvc - ok
11:35:02.0649 0900 wuauserv (ef7576af44b484f7a3e6072d633bab34) C:\WINDOWS\system32\wuauserv.dll
11:35:02.0649 0900 wuauserv - ok
11:35:02.0696 0900 WZCSVC (f4ec5c736bba9a27f9c36412c930b386) C:\WINDOWS\System32\wzcsvc.dll
11:35:02.0711 0900 WZCSVC - ok
11:35:02.0727 0900 xmlprov (a1aba5a0b4f1ff9b83c50f92f8c080a2) C:\WINDOWS\System32\xmlprov.dll
11:35:02.0742 0900 xmlprov - ok
11:35:02.0758 0900 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:35:02.0852 0900 \Device\Harddisk0\DR0 - ok
11:35:02.0852 0900 Boot (0x1200) (1ebfc236b481c6e6683c5422a8c71004) \Device\Harddisk0\DR0\Partition0
11:35:02.0867 0900 \Device\Harddisk0\DR0\Partition0 - ok
11:35:02.0867 0900 ============================================================
11:35:02.0867 0900 Scan finished
11:35:02.0867 0900 ============================================================
11:35:02.0867 3632 Detected object count: 0
11:35:02.0867 3632 Actual detected object count: 0

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.26.04

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18702
chris.lyman :: PC058 [administrator]

4/26/2012 11:39:21 AM
mbam-log-2012-04-26 (11-39-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226465
Time elapsed: 1 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\chris.lyman\Desktop\sVchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:11 PM

Posted 26 April 2012 - 05:28 PM

Reinstall firefox and let me know if you still face redirects


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users