Author Topic: [Resolved K] Happili virus redirecting  (Read 2464 times)

0 Members and 1 Guest are viewing this topic.

Offline samantha

  • Bronze Member
  • Posts: 15
[Resolved K] Happili virus redirecting
« on: April 23, 2012, 02:36:22 pm »
Thank you so much for all your time and effort. I appreciate it.

The Happili virus showed up yesterday. I have tried to run a TrendMicro Scan, but it keeps stopping at 16%. I have also run HiJackThis(which didn't appear to find anything, but I had trouble understanding the log) and Malwarebytes (which found no infected files).

I have disabled TrendMicro. Here are the two logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Laura Lopata at 16:27:06 on 2012-04-23
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1160 [GMT -4:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=4080616
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [JavaSoft] rundll32.exe "c:\documents and settings\laura lopata\local settings\application data\javasoft\jhwcocth.dll",CreateTzanShell
uRun: [Amazon] rundll32.exe "c:\documents and settings\laura lopata\local settings\application data\apple computer\amazon\vnyytt.dll",DllRegisterServer
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [<NO NAME>]
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
dRun: [Amazon] rundll32.exe "c:\documents and settings\laura lopata\local settings\application data\apple computer\amazon\vnyytt.dll",DllRegisterServer
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285954766156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4ADF0647-31E9-402F-936E-0ACA2F884A74} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-2-22 36624]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-2-22 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-2-22 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-2-22 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-2-22 689416]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-16 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
.
=============== Created Last 30 ================
.
2012-04-20 00:22:01   --------   d-----w-   c:\documents and settings\laura lopata\local settings\application data\JavaSoft
.
==================== Find3M  ====================
.
2012-03-01 11:01:32   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-03-01 11:01:32   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16   177664   ----a-w-   c:\windows\system32\wintrust.dll
2012-02-29 14:10:16   148480   ----a-w-   c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40   385024   ------w-   c:\windows\system32\html.iec
2012-02-03 09:22:18   1860096   ----a-w-   c:\windows\system32\win32k.sys
2011-07-12 17:41:12   23148744   ----a-w-   c:\program files\KindleForPC-installer.exe
2011-07-11 20:08:36   14604786   ----a-w-   c:\program files\ysitebuilder.exe
.
============= FINISH: 16:28:51.49 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/23/2008 6:40:55 PM
System Uptime: 4/23/2012 1:42:48 PM (3 hours ago)
.
Motherboard: Dell Inc. |  | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz | Microprocessor | 777/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 22.229 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\6E0CDC1354FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\6E0CDC1354FC000
Service: NIC1394
.
==== System Restore Points ===================
.
RP719: 1/24/2012 7:27:52 PM - System Checkpoint
RP720: 1/25/2012 7:29:46 PM - System Checkpoint
RP721: 1/27/2012 12:25:52 PM - System Checkpoint
RP722: 1/28/2012 12:40:39 PM - System Checkpoint
RP723: 1/29/2012 12:59:59 PM - System Checkpoint
RP724: 1/30/2012 1:01:52 PM - System Checkpoint
RP725: 1/31/2012 1:08:42 PM - System Checkpoint
RP726: 2/1/2012 6:51:03 PM - System Checkpoint
RP727: 2/2/2012 7:03:01 PM - System Checkpoint
RP728: 2/3/2012 7:43:11 PM - System Checkpoint
RP729: 2/4/2012 8:11:53 PM - System Checkpoint
RP730: 2/6/2012 1:36:15 PM - System Checkpoint
RP731: 2/7/2012 9:16:01 PM - System Checkpoint
RP732: 2/9/2012 1:13:59 PM - System Checkpoint
RP733: 2/10/2012 2:48:51 PM - System Checkpoint
RP734: 2/11/2012 8:16:23 PM - System Checkpoint
RP735: 2/12/2012 8:54:24 PM - System Checkpoint
RP736: 2/14/2012 5:04:54 PM - System Checkpoint
RP737: 2/15/2012 5:32:03 PM - System Checkpoint
RP738: 2/16/2012 3:00:47 AM - Software Distribution Service 3.0
RP739: 2/17/2012 9:05:30 AM - System Checkpoint
RP740: 2/18/2012 1:28:59 PM - System Checkpoint
RP741: 2/20/2012 9:27:58 AM - Software Distribution Service 3.0
RP742: 2/21/2012 1:39:37 PM - System Checkpoint
RP743: 2/23/2012 1:34:06 PM - System Checkpoint
RP744: 2/24/2012 4:00:20 PM - System Checkpoint
RP745: 2/25/2012 6:51:31 PM - System Checkpoint
RP746: 2/26/2012 7:09:34 PM - System Checkpoint
RP747: 2/27/2012 7:53:49 PM - System Checkpoint
RP748: 2/28/2012 9:12:33 PM - System Checkpoint
RP749: 2/29/2012 9:14:26 PM - System Checkpoint
RP750: 3/1/2012 9:53:55 PM - System Checkpoint
RP751: 3/2/2012 10:41:13 PM - System Checkpoint
RP752: 3/4/2012 5:24:43 PM - System Checkpoint
RP753: 3/5/2012 5:45:55 PM - System Checkpoint
RP754: 3/6/2012 7:10:39 PM - System Checkpoint
RP755: 3/7/2012 7:19:16 PM - System Checkpoint
RP756: 3/8/2012 7:45:51 PM - System Checkpoint
RP757: 3/9/2012 8:45:52 PM - System Checkpoint
RP758: 3/10/2012 10:01:58 PM - System Checkpoint
RP759: 3/11/2012 10:49:50 PM - System Checkpoint
RP760: 3/12/2012 11:49:50 PM - System Checkpoint
RP761: 3/14/2012 12:49:50 AM - System Checkpoint
RP762: 3/14/2012 3:00:32 AM - Software Distribution Service 3.0
RP763: 3/15/2012 9:07:22 AM - System Checkpoint
RP764: 3/16/2012 9:13:23 AM - System Checkpoint
RP765: 3/17/2012 7:13:44 PM - System Checkpoint
RP766: 3/18/2012 8:19:17 PM - System Checkpoint
RP767: 3/19/2012 9:01:25 PM - System Checkpoint
RP768: 3/20/2012 9:59:54 PM - System Checkpoint
RP769: 3/21/2012 10:08:35 PM - System Checkpoint
RP770: 3/22/2012 11:00:02 PM - System Checkpoint
RP771: 3/23/2012 11:59:54 PM - System Checkpoint
RP772: 3/25/2012 12:59:17 AM - System Checkpoint
RP773: 3/26/2012 12:59:55 AM - System Checkpoint
RP774: 3/27/2012 1:59:53 AM - System Checkpoint
RP775: 3/28/2012 3:00:02 AM - System Checkpoint
RP776: 3/29/2012 4:00:02 AM - System Checkpoint
RP777: 3/30/2012 5:00:02 AM - System Checkpoint
RP778: 4/2/2012 7:07:10 PM - System Checkpoint
RP779: 4/3/2012 8:06:17 PM - System Checkpoint
RP780: 4/4/2012 9:06:17 PM - System Checkpoint
RP781: 4/6/2012 3:01:38 PM - System Checkpoint
RP782: 4/7/2012 6:23:37 PM - System Checkpoint
RP783: 4/9/2012 10:04:58 AM - System Checkpoint
RP784: 4/10/2012 12:41:42 PM - System Checkpoint
RP785: 4/11/2012 3:00:45 AM - Software Distribution Service 3.0
RP786: 4/12/2012 3:18:12 AM - System Checkpoint
RP787: 4/13/2012 2:43:26 PM - System Checkpoint
RP788: 4/16/2012 4:50:13 PM - System Checkpoint
RP789: 4/17/2012 5:10:57 PM - System Checkpoint
RP790: 4/18/2012 6:32:01 PM - System Checkpoint
RP791: 4/19/2012 7:10:58 PM - System Checkpoint
RP792: 4/20/2012 7:13:36 PM - System Checkpoint
RP793: 4/21/2012 7:42:01 PM - System Checkpoint
RP794: 4/22/2012 8:36:02 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 8.2.1
Adobe Shockwave Player 11.5
Amazon Kindle
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
Canon PIXMA iP4000R
Color Schemer v3
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
Google Desktop
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet 1010 Series
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
iTunes
Java(TM) 6 Update 17
Jetcast 3.0.2
Lotus SmartSuite Release 9
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NetWaiting
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Picaboo X
PowerDVD
QuickTime
RealPlayer
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic CinePlayer Decoder Pack
Trend Micro Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6h
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
Yahoo! SiteBuilder
.
==== End Of File ===========================
« Last Edit: May 26, 2012, 01:59:32 pm by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7254
Re: [Resolved K] Happili virus redirecting
« Reply #1 on: April 23, 2012, 02:48:15 pm »
Hello samantha and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Step 1

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.

  • Doubleclick on to run the application.

  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature  and Detect TDLFS file system, then click OK





  • Select "Scan"
  • If an infected file is detected, the default action will be Cure, click on Continue.





  • If a suspicious file is detected, the default action will be Skip, click on Continue.





  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post those two logs in your reply,

Kevin


« Last Edit: April 23, 2012, 03:29:57 pm by kevinf80 »

Offline samantha

  • Bronze Member
  • Posts: 15
Re: [Resolved K] Happili virus redirecting
« Reply #2 on: April 24, 2012, 01:54:42 pm »
Here you go, Kevin. Thank you so much again:


15:09:48.0709 3244   TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
15:09:49.0272 3244   ============================================================
15:09:49.0272 3244   Current date / time: 2012/04/24 15:09:49.0272
15:09:49.0272 3244   SystemInfo:
15:09:49.0272 3244   
15:09:49.0272 3244   OS Version: 5.1.2600 ServicePack: 3.0
15:09:49.0272 3244   Product type: Workstation
15:09:49.0272 3244   ComputerName: LAURA
15:09:49.0272 3244   UserName: Laura Lopata
15:09:49.0272 3244   Windows directory: C:\WINDOWS
15:09:49.0272 3244   System windows directory: C:\WINDOWS
15:09:49.0272 3244   Processor architecture: Intel x86
15:09:49.0272 3244   Number of processors: 2
15:09:49.0272 3244   Page size: 0x1000
15:09:49.0272 3244   Boot type: Normal boot
15:09:49.0272 3244   ============================================================
15:09:52.0537 3244   Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:09:52.0537 3244   ============================================================
15:09:52.0537 3244   \Device\Harddisk0\DR0:
15:09:52.0537 3244   MBR partitions:
15:09:52.0537 3244   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x129ED876
15:09:52.0537 3244   ============================================================
15:09:52.0600 3244   C: <-> \Device\Harddisk0\DR0\Partition0
15:09:52.0600 3244   ============================================================
15:09:52.0600 3244   Initialize success
15:09:52.0600 3244   ============================================================
15:10:16.0537 1864   ============================================================
15:10:16.0537 1864   Scan started
15:10:16.0537 1864   Mode: Manual;
15:10:16.0537 1864   ============================================================
15:10:17.0381 1864   Abiosdsk - ok
15:10:17.0428 1864   abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:10:17.0428 1864   abp480n5 - ok
15:10:17.0491 1864   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:10:17.0506 1864   ACPI - ok
15:10:17.0553 1864   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:10:17.0553 1864   ACPIEC - ok
15:10:17.0584 1864   adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:10:17.0584 1864   adpu160m - ok
15:10:17.0631 1864   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:10:17.0647 1864   aec - ok
15:10:17.0694 1864   AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:10:17.0694 1864   AFD - ok
15:10:17.0741 1864   agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:10:17.0741 1864   agp440 - ok
15:10:17.0756 1864   agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:10:17.0772 1864   agpCPQ - ok
15:10:17.0803 1864   Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:10:17.0803 1864   Aha154x - ok
15:10:17.0834 1864   aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:10:17.0834 1864   aic78u2 - ok
15:10:17.0866 1864   aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:10:17.0866 1864   aic78xx - ok
15:10:17.0897 1864   Alerter         (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:10:17.0912 1864   Alerter - ok
15:10:17.0928 1864   ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:10:17.0928 1864   ALG - ok
15:10:17.0959 1864   AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:10:17.0959 1864   AliIde - ok
15:10:18.0006 1864   alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:10:18.0006 1864   alim1541 - ok
15:10:18.0022 1864   amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:10:18.0037 1864   amdagp - ok
15:10:18.0053 1864   amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:10:18.0053 1864   amsint - ok
15:10:18.0100 1864   ApfiltrService  (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
15:10:18.0116 1864   ApfiltrService - ok
15:10:18.0209 1864   Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:10:18.0209 1864   Apple Mobile Device - ok
15:10:18.0256 1864   AppMgmt         (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:10:18.0287 1864   AppMgmt - ok
15:10:18.0319 1864   Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:10:18.0334 1864   Arp1394 - ok
15:10:18.0366 1864   asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:10:18.0366 1864   asc - ok
15:10:18.0397 1864   asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:10:18.0397 1864   asc3350p - ok
15:10:18.0428 1864   asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:10:18.0428 1864   asc3550 - ok
15:10:18.0475 1864   ASFIPmon        (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
15:10:18.0475 1864   ASFIPmon - ok
15:10:18.0600 1864   aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:10:18.0647 1864   aspnet_state - ok
15:10:18.0662 1864   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:10:18.0678 1864   AsyncMac - ok
15:10:18.0694 1864   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:10:18.0709 1864   atapi - ok
15:10:18.0709 1864   Atdisk - ok
15:10:18.0756 1864   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:10:18.0772 1864   Atmarpc - ok
15:10:18.0819 1864   AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:10:18.0819 1864   AudioSrv - ok
15:10:18.0866 1864   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:10:18.0866 1864   audstub - ok
15:10:18.0928 1864   b57w2k          (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:10:18.0928 1864   b57w2k - ok
15:10:18.0944 1864   BASFND          (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
15:10:18.0959 1864   BASFND - ok
15:10:19.0084 1864   BCM43XX         (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
15:10:19.0131 1864   BCM43XX - ok
15:10:19.0178 1864   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:10:19.0178 1864   Beep - ok
15:10:19.0256 1864   BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:10:19.0287 1864   BITS - ok
15:10:19.0381 1864   Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:10:19.0397 1864   Bonjour Service - ok
15:10:19.0444 1864   Browser         (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:10:19.0444 1864   Browser - ok
15:10:19.0475 1864   cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:10:19.0491 1864   cbidf - ok
15:10:19.0506 1864   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:10:19.0506 1864   cbidf2k - ok
15:10:19.0537 1864   cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:10:19.0537 1864   cd20xrnt - ok
15:10:19.0553 1864   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:10:19.0569 1864   Cdaudio - ok
15:10:19.0600 1864   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:10:19.0600 1864   Cdfs - ok
15:10:19.0631 1864   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:10:19.0631 1864   Cdrom - ok
15:10:19.0647 1864   Changer - ok
15:10:19.0678 1864   CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:10:19.0678 1864   CiSvc - ok
15:10:19.0694 1864   ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:10:19.0709 1864   ClipSrv - ok
15:10:19.0787 1864   clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:10:19.0819 1864   clr_optimization_v2.0.50727_32 - ok
15:10:19.0850 1864   CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:10:19.0850 1864   CmBatt - ok
15:10:19.0881 1864   CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:10:19.0881 1864   CmdIde - ok
15:10:19.0912 1864   Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:10:19.0912 1864   Compbatt - ok
15:10:19.0928 1864   COMSysApp - ok
15:10:19.0959 1864   Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:10:19.0959 1864   Cpqarray - ok
15:10:20.0006 1864   CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:10:20.0006 1864   CryptSvc - ok
15:10:20.0053 1864   dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:10:20.0069 1864   dac2w2k - ok
15:10:20.0084 1864   dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:10:20.0084 1864   dac960nt - ok
15:10:20.0147 1864   DcomLaunch      (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:10:20.0178 1864   DcomLaunch - ok
15:10:20.0209 1864   Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:10:20.0225 1864   Dhcp - ok
15:10:20.0241 1864   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:10:20.0256 1864   Disk - ok
15:10:20.0256 1864   dmadmin - ok
15:10:20.0334 1864   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:10:20.0366 1864   dmboot - ok
15:10:20.0397 1864   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:10:20.0397 1864   dmio - ok
15:10:20.0444 1864   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:10:20.0444 1864   dmload - ok
15:10:20.0475 1864   dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:10:20.0475 1864   dmserver - ok
15:10:20.0506 1864   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:10:20.0506 1864   DMusic - ok
15:10:20.0537 1864   Dnscache        (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:10:20.0553 1864   Dnscache - ok
15:10:20.0584 1864   Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:10:20.0600 1864   Dot3svc - ok
15:10:20.0631 1864   Dot4            (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:10:20.0647 1864   Dot4 - ok
15:10:20.0678 1864   Dot4Print       (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:10:20.0694 1864   Dot4Print - ok
15:10:20.0694 1864   dot4usb         (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
15:10:20.0709 1864   dot4usb - ok
15:10:20.0741 1864   dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:10:20.0756 1864   dpti2o - ok
15:10:20.0787 1864   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:10:20.0787 1864   drmkaud - ok
15:10:20.0834 1864   DXEC01          (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
15:10:20.0850 1864   DXEC01 - ok
15:10:20.0897 1864   E100B           (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:10:20.0912 1864   E100B - ok
15:10:20.0944 1864   EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:10:20.0959 1864   EapHost - ok
15:10:20.0991 1864   ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:10:20.0991 1864   ERSvc - ok
15:10:21.0037 1864   Eventlog        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:10:21.0053 1864   Eventlog - ok
15:10:21.0100 1864   EventSystem     (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:10:21.0116 1864   EventSystem - ok
15:10:21.0162 1864   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:10:21.0178 1864   Fastfat - ok
15:10:21.0225 1864   FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:10:21.0225 1864   FastUserSwitchingCompatibility - ok
15:10:21.0256 1864   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:10:21.0272 1864   Fdc - ok
15:10:21.0287 1864   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:10:21.0303 1864   Fips - ok
15:10:21.0334 1864   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:10:21.0334 1864   Flpydisk - ok
15:10:21.0366 1864   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:10:21.0381 1864   FltMgr - ok
15:10:21.0459 1864   FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:10:21.0459 1864   FontCache3.0.0.0 - ok
15:10:21.0506 1864   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:10:21.0506 1864   Fs_Rec - ok
15:10:21.0537 1864   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:10:21.0553 1864   Ftdisk - ok
15:10:21.0600 1864   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:10:21.0600 1864   GEARAspiWDM - ok
15:10:21.0709 1864   GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:10:21.0725 1864   GoogleDesktopManager-051210-111108 - ok
15:10:21.0756 1864   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:10:21.0756 1864   Gpc - ok
15:10:21.0803 1864   guardian2       (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
15:10:21.0803 1864   guardian2 - ok
15:10:21.0866 1864   gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:10:21.0881 1864   gupdate - ok
15:10:21.0897 1864   gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:10:21.0897 1864   gupdatem - ok
15:10:21.0959 1864   gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:10:21.0975 1864   gusvc - ok
15:10:22.0006 1864   HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:10:22.0022 1864   HDAudBus - ok
15:10:22.0084 1864   helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:10:22.0084 1864   helpsvc - ok
15:10:22.0100 1864   HidServ - ok
15:10:22.0131 1864   hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:10:22.0147 1864   hkmsvc - ok
15:10:22.0178 1864   hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:10:22.0194 1864   hpn - ok
15:10:22.0241 1864   HSFHWAZL        (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
15:10:22.0256 1864   HSFHWAZL - ok
15:10:22.0756 1864   HSF_DPV         (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:10:22.0819 1864   HSF_DPV - ok
15:10:22.0866 1864   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:10:22.0881 1864   HTTP - ok
15:10:22.0928 1864   HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:10:22.0928 1864   HTTPFilter - ok
15:10:22.0975 1864   i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:10:22.0975 1864   i2omgmt - ok
15:10:23.0006 1864   i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:10:23.0006 1864   i2omp - ok
15:10:23.0037 1864   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:10:23.0037 1864   i8042prt - ok
15:10:23.0506 1864   ialm            (200cca76cd0e0f7eec78fa56c29b4d67) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
15:10:23.0741 1864   ialm - ok
15:10:23.0959 1864   idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:10:24.0006 1864   idsvc - ok
15:10:24.0116 1864   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:10:24.0131 1864   Imapi - ok
15:10:24.0178 1864   ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:10:24.0194 1864   ImapiService - ok
15:10:24.0225 1864   ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:10:24.0241 1864   ini910u - ok
15:10:24.0256 1864   IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:10:24.0256 1864   IntelIde - ok
15:10:24.0303 1864   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:10:24.0303 1864   intelppm - ok
15:10:24.0334 1864   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:10:24.0334 1864   Ip6Fw - ok
15:10:24.0366 1864   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:10:24.0366 1864   IpFilterDriver - ok
15:10:24.0397 1864   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:10:24.0397 1864   IpInIp - ok
15:10:24.0428 1864   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:10:24.0444 1864   IpNat - ok
15:10:24.0569 1864   iPod Service    (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
15:10:24.0584 1864   iPod Service - ok
15:10:24.0631 1864   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:10:24.0631 1864   IPSec - ok
15:10:24.0662 1864   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:10:24.0662 1864   IRENUM - ok
15:10:24.0709 1864   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:10:24.0709 1864   isapnp - ok
15:10:24.0787 1864   JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
15:10:24.0787 1864   JavaQuickStarterService - ok
15:10:24.0803 1864   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:10:24.0803 1864   Kbdclass - ok
15:10:24.0850 1864   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:10:24.0866 1864   kmixer - ok
15:10:24.0912 1864   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:10:24.0928 1864   KSecDD - ok
15:10:24.0959 1864   lanmanserver    (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:10:24.0975 1864   lanmanserver - ok
15:10:25.0037 1864   lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:10:25.0053 1864   lanmanworkstation - ok
15:10:25.0053 1864   lbrtfdc - ok
15:10:25.0100 1864   LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:10:25.0116 1864   LmHosts - ok
15:10:25.0147 1864   mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:10:25.0147 1864   mdmxsdk - ok
15:10:25.0178 1864   Messenger       (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:10:25.0194 1864   Messenger - ok
15:10:25.0225 1864   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:10:25.0225 1864   mnmdd - ok
15:10:25.0272 1864   mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:10:25.0272 1864   mnmsrvc - ok
15:10:25.0287 1864   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:10:25.0303 1864   Modem - ok
15:10:25.0303 1864   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:10:25.0319 1864   Mouclass - ok
15:10:25.0334 1864   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:10:25.0350 1864   MountMgr - ok
15:10:25.0381 1864   mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:10:25.0397 1864   mraid35x - ok
15:10:25.0428 1864   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:10:25.0444 1864   MRxDAV - ok
15:10:25.0522 1864   MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:10:25.0553 1864   MRxSmb - ok
15:10:25.0584 1864   MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:10:25.0600 1864   MSDTC - ok
15:10:25.0647 1864   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:10:25.0647 1864   Msfs - ok
15:10:25.0647 1864   MSIServer - ok
15:10:25.0678 1864   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:10:25.0678 1864   MSKSSRV - ok
15:10:25.0709 1864   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:10:25.0709 1864   MSPCLOCK - ok
15:10:25.0725 1864   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:10:25.0725 1864   MSPQM - ok
15:10:25.0756 1864   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:10:25.0756 1864   mssmbios - ok
15:10:25.0803 1864   Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:10:25.0819 1864   Mup - ok
15:10:25.0881 1864   napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:10:25.0912 1864   napagent - ok
15:10:25.0944 1864   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:10:25.0959 1864   NDIS - ok
15:10:25.0991 1864   NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:10:25.0991 1864   NdisTapi - ok
15:10:26.0037 1864   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:10:26.0053 1864   Ndisuio - ok
15:10:26.0069 1864   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:10:26.0084 1864   NdisWan - ok
15:10:26.0131 1864   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:10:26.0131 1864   NDProxy - ok
15:10:26.0147 1864   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:10:26.0147 1864   NetBIOS - ok
15:10:26.0178 1864   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:10:26.0178 1864   NetBT - ok
15:10:26.0225 1864   NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:10:26.0241 1864   NetDDE - ok
15:10:26.0256 1864   NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:10:26.0256 1864   NetDDEdsdm - ok
15:10:26.0287 1864   Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:10:26.0287 1864   Netlogon - ok
15:10:26.0319 1864   Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:10:26.0334 1864   Netman - ok
15:10:26.0444 1864   NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:10:26.0459 1864   NetTcpPortSharing - ok
15:10:26.0491 1864   NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:10:26.0491 1864   NIC1394 - ok
15:10:26.0553 1864   Nla             (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:10:26.0569 1864   Nla - ok
15:10:26.0616 1864   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:10:26.0616 1864   Npfs - ok
15:10:26.0694 1864   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:10:26.0741 1864   Ntfs - ok
15:10:26.0741 1864   NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:10:26.0741 1864   NtLmSsp - ok
15:10:26.0803 1864   NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:10:26.0850 1864   NtmsSvc - ok
15:10:26.0881 1864   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:10:26.0881 1864   Null - ok
15:10:27.0084 1864   nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:10:27.0178 1864   nv - ok
15:10:27.0209 1864   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:10:27.0209 1864   NwlnkFlt - ok
15:10:27.0225 1864   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:10:27.0241 1864   NwlnkFwd - ok
15:10:27.0272 1864   ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:10:27.0272 1864   ohci1394 - ok
15:10:27.0366 1864   ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:10:27.0381 1864   ose - ok
15:10:27.0412 1864   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:10:27.0428 1864   Parport - ok
15:10:27.0459 1864   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:10:27.0459 1864   PartMgr - ok
15:10:27.0491 1864   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:10:27.0491 1864   ParVdm - ok
15:10:27.0522 1864   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:10:27.0537 1864   PCI - ok
15:10:27.0537 1864   PCIDump - ok
15:10:27.0584 1864   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:10:27.0600 1864   PCIIde - ok
15:10:27.0631 1864   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
15:10:27.0647 1864   Pcmcia - ok
15:10:27.0662 1864   PDCOMP - ok
15:10:27.0678 1864   PDFRAME - ok
15:10:27.0678 1864   PDRELI - ok
15:10:27.0694 1864   PDRFRAME - ok
15:10:27.0741 1864   perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:10:27.0741 1864   perc2 - ok
15:10:27.0772 1864   perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:10:27.0772 1864   perc2hib - ok
15:10:27.0834 1864   PlugPlay        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:10:27.0834 1864   PlugPlay - ok
15:10:27.0881 1864   Pml Driver HPZ12 (364e30f27be1e6ded83e81c4de93e808) C:\WINDOWS\system32\HPZipm12.exe
15:10:27.0897 1864   Pml Driver HPZ12 - ok
15:10:27.0928 1864   PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:10:27.0928 1864   PolicyAgent - ok
15:10:27.0959 1864   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:10:27.0975 1864   PptpMiniport - ok
15:10:27.0975 1864   ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:10:27.0991 1864   ProtectedStorage - ok
15:10:28.0006 1864   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:10:28.0006 1864   PSched - ok
15:10:28.0053 1864   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:10:28.0053 1864   Ptilink - ok
15:10:28.0100 1864   ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:10:28.0100 1864   ql1080 - ok
15:10:28.0116 1864   Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:10:28.0116 1864   Ql10wnt - ok
15:10:28.0131 1864   ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:10:28.0147 1864   ql12160 - ok
15:10:28.0162 1864   ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:10:28.0162 1864   ql1240 - ok
15:10:28.0194 1864   ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:10:28.0194 1864   ql1280 - ok
15:10:28.0209 1864   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:10:28.0209 1864   RasAcd - ok
15:10:28.0256 1864   RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:10:28.0256 1864   RasAuto - ok
15:10:28.0287 1864   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:10:28.0303 1864   Rasl2tp - ok
15:10:28.0350 1864   RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:10:28.0366 1864   RasMan - ok
15:10:28.0381 1864   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:10:28.0381 1864   RasPppoe - ok
15:10:28.0397 1864   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:10:28.0397 1864   Raspti - ok
15:10:28.0444 1864   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:10:28.0459 1864   Rdbss - ok
15:10:28.0506 1864   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:10:28.0506 1864   RDPCDD - ok
15:10:28.0553 1864   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:10:28.0569 1864   rdpdr - ok
15:10:28.0616 1864   RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:10:28.0631 1864   RDPWD - ok
15:10:28.0678 1864   RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:10:28.0694 1864   RDSessMgr - ok
15:10:28.0725 1864   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:10:28.0741 1864   redbook - ok
15:10:28.0772 1864   RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:10:28.0787 1864   RemoteAccess - ok
15:10:28.0819 1864   RemoteRegistry  (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:10:28.0834 1864   RemoteRegistry - ok
15:10:28.0866 1864   RpcLocator      (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:10:28.0881 1864   RpcLocator - ok
15:10:28.0944 1864   RpcSs           (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:10:28.0959 1864   RpcSs - ok
15:10:28.0991 1864   RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:10:29.0022 1864   RSVP - ok
15:10:29.0053 1864   SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:10:29.0053 1864   SamSs - ok
15:10:29.0100 1864   SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:10:29.0100 1864   SCardSvr - ok
15:10:29.0131 1864   Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:10:29.0162 1864   Schedule - ok
15:10:29.0209 1864   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:10:29.0209 1864   Secdrv - ok
15:10:29.0241 1864   seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:10:29.0241 1864   seclogon - ok
15:10:29.0272 1864   SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:10:29.0287 1864   SENS - ok
15:10:29.0334 1864   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:10:29.0334 1864   serenum - ok
15:10:29.0366 1864   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:10:29.0366 1864   Serial - ok
15:10:29.0553 1864   SfCtlCom        (58c52cf9dd452817b9f4ba0781014836) C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
15:10:29.0569 1864   SfCtlCom - ok
15:10:29.0584 1864   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:10:29.0600 1864   Sfloppy - ok
15:10:29.0678 1864   SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:10:29.0694 1864   SharedAccess - ok
15:10:29.0741 1864   ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:10:29.0756 1864   ShellHWDetection - ok
15:10:29.0756 1864   Simbad - ok
15:10:29.0803 1864   sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:10:29.0803 1864   sisagp - ok
15:10:29.0834 1864   Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:10:29.0850 1864   Sparrow - ok
15:10:29.0866 1864   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:10:29.0881 1864   splitter - ok
15:10:29.0912 1864   Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:10:29.0928 1864   Spooler - ok
15:10:29.0944 1864   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:10:29.0975 1864   sr - ok
15:10:30.0022 1864   srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:10:30.0037 1864   srservice - ok
15:10:30.0084 1864   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:10:30.0116 1864   Srv - ok
15:10:30.0162 1864   SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:10:30.0178 1864   SSDPSRV - ok
15:10:30.0209 1864   STacSV          (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe
15:10:30.0225 1864   STacSV - ok
15:10:30.0350 1864   STHDA           (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
15:10:30.0381 1864   STHDA - ok
15:10:30.0412 1864   stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:10:30.0444 1864   stisvc - ok
15:10:30.0506 1864   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:10:30.0506 1864   swenum - ok
15:10:30.0553 1864   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:10:30.0553 1864   swmidi - ok
15:10:30.0553 1864   SwPrv - ok
15:10:30.0616 1864   symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:10:30.0616 1864   symc810 - ok
15:10:30.0662 1864   symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:10:30.0662 1864   symc8xx - ok
15:10:30.0694 1864   sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:10:30.0694 1864   sym_hi - ok
15:10:30.0709 1864   sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:10:30.0709 1864   sym_u3 - ok
15:10:30.0756 1864   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:10:30.0756 1864   sysaudio - ok
15:10:30.0803 1864   SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:10:30.0819 1864   SysmonLog - ok
15:10:30.0881 1864   TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:10:30.0897 1864   TapiSrv - ok
15:10:30.0959 1864   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:10:30.0991 1864   Tcpip - ok
15:10:31.0037 1864   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:10:31.0037 1864   TDPIPE - ok
15:10:31.0053 1864   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:10:31.0069 1864   TDTCP - ok
15:10:31.0100 1864   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:10:31.0100 1864   TermDD - ok
15:10:31.0162 1864   TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:10:31.0194 1864   TermService - ok
15:10:31.0241 1864   Themes          (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:10:31.0241 1864   Themes - ok
15:10:31.0287 1864   TlntSvr         (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:10:31.0303 1864   TlntSvr - ok
15:10:31.0350 1864   tmactmon        (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
15:10:31.0350 1864   tmactmon - ok
15:10:31.0475 1864   TMBMServer      (b365e817e398ff2ac5706eab232ef6c1) C:\Program Files\Trend Micro\BM\TMBMSRV.exe
15:10:31.0491 1864   TMBMServer - ok
15:10:31.0553 1864   tmcfw           (fcfa40e475ff5549f5cd335f4046aba4) C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
15:10:31.0569 1864   tmcfw - ok
15:10:31.0616 1864   tmcomm          (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
15:10:31.0616 1864   tmcomm - ok
15:10:31.0662 1864   tmevtmgr        (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
15:10:31.0678 1864   tmevtmgr - ok
15:10:31.0772 1864   TmPfw           (255328cf08d602368b69ff1f55ebd93e) C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
15:10:31.0787 1864   TmPfw - ok
15:10:31.0834 1864   tmpreflt        (379c4f99994a56b66e11d1e32bb22a1c) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
15:10:31.0834 1864   tmpreflt - ok
15:10:31.0928 1864   TmProxy         (0fec6c50b2be07c57651573cdd1c721f) C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
15:10:31.0944 1864   TmProxy - ok
15:10:31.0991 1864   tmtdi           (44c262c1b2412ded35078b6166d2acc2) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
15:10:31.0991 1864   tmtdi - ok
15:10:32.0022 1864   tmxpflt         (717e406972bbc07f8fb2a989416cab73) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
15:10:32.0037 1864   tmxpflt - ok
15:10:32.0069 1864   TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:10:32.0069 1864   TosIde - ok
15:10:32.0116 1864   TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:10:32.0131 1864   TrkWks - ok
15:10:32.0178 1864   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:10:32.0194 1864   Udfs - ok
15:10:32.0209 1864   ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:10:32.0209 1864   ultra - ok
15:10:32.0272 1864   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:10:32.0303 1864   Update - ok
15:10:32.0334 1864   upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:10:32.0366 1864   upnphost - ok
15:10:32.0397 1864   UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:10:32.0412 1864   UPS - ok
15:10:32.0444 1864   USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:10:32.0444 1864   USBAAPL - ok
15:10:32.0459 1864   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:10:32.0459 1864   usbehci - ok
15:10:32.0506 1864   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:10:32.0506 1864   usbhub - ok
15:10:32.0553 1864   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:10:32.0569 1864   usbprint - ok
15:10:32.0600 1864   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:10:32.0600 1864   usbscan - ok
15:10:32.0616 1864   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:10:32.0616 1864   USBSTOR - ok
15:10:32.0662 1864   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:10:32.0662 1864   usbuhci - ok
15:10:32.0709 1864   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:10:32.0709 1864   VgaSave - ok
15:10:32.0741 1864   viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:10:32.0756 1864   viaagp - ok
15:10:32.0772 1864   ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:10:32.0787 1864   ViaIde - ok
15:10:32.0819 1864   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:10:32.0819 1864   VolSnap - ok
15:10:33.0584 1864   vsapint         (642eb152cb980ad9181b2161066be629) C:\WINDOWS\system32\DRIVERS\vsapint.sys
15:10:33.0616 1864   vsapint - ok
15:10:33.0741 1864   VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:10:33.0756 1864   VSS - ok
15:10:33.0803 1864   w32time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:10:33.0819 1864   w32time - ok
15:10:33.0897 1864   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:10:33.0897 1864   Wanarp - ok
15:10:33.0912 1864   WaveFDE - ok
15:10:33.0928 1864   WDICA - ok
15:10:33.0944 1864   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:10:33.0959 1864   wdmaud - ok
15:10:34.0006 1864   WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:10:34.0006 1864   WebClient - ok
15:10:34.0100 1864   winachsf        (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:10:34.0147 1864   winachsf - ok
15:10:34.0225 1864   winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:10:34.0241 1864   winmgmt - ok
15:10:34.0256 1864   wltrysvc - ok
15:10:34.0303 1864   WmdmPmSN        (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
15:10:34.0319 1864   WmdmPmSN - ok
15:10:34.0412 1864   Wmi             (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:10:34.0444 1864   Wmi - ok
15:10:34.0506 1864   WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:10:34.0522 1864   WmiAcpi - ok
15:10:34.0569 1864   WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:10:34.0569 1864   WmiApSrv - ok
15:10:34.0616 1864   wscsvc          (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:10:34.0616 1864   wscsvc - ok
15:10:34.0662 1864   wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:10:34.0662 1864   wuauserv - ok
15:10:34.0741 1864   WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:10:34.0787 1864   WZCSVC - ok
15:10:34.0819 1864   xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:10:34.0866 1864   xmlprov - ok
15:10:34.0912 1864   MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:10:35.0209 1864   \Device\Harddisk0\DR0 - ok
15:10:35.0209 1864   Boot (0x1200)   (0b7b0689d6bb2ba3ca8515227b0c9de9) \Device\Harddisk0\DR0\Partition0
15:10:35.0225 1864   \Device\Harddisk0\DR0\Partition0 - ok
15:10:35.0225 1864   ============================================================
15:10:35.0225 1864   Scan finished
15:10:35.0225 1864   ============================================================
15:10:35.0256 1204   Detected object count: 0
15:10:35.0256 1204   Actual detected object count: 0



Internet Explorer 8.0.6001.18702
Laura Lopata :: LAURA [administrator]

4/24/2012 3:20:15 PM
mbam-log-2012-04-24 (15-20-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223708
Time elapsed: 24 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Laura Lopata\Local Settings\Temp\0.7336927749068326 (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laura Lopata\Local Settings\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Quarantined and deleted successfully.

(end)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7254
Re: [Resolved K] Happili virus redirecting
« Reply #3 on: April 24, 2012, 02:01:12 pm »
Hiya samantha,

Continue with the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important

  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.

  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

  • Instructions for running Combofix available Here if required.

  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin



Offline samantha

  • Bronze Member
  • Posts: 15
Re: [Resolved K] Happili virus redirecting
« Reply #4 on: April 24, 2012, 08:16:03 pm »
Kevin,

Had to run this twice as the first time the log did not pop up:

ComboFix 12-04-24.05 - Laura Lopata 04/24/2012  21:44:41.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1639 [GMT -4:00]
Running from: c:\documents and settings\Laura Lopata\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\sdra64.exe
.
---- Previous Run -------
.
c:\documents and settings\Laura Lopata\Local Settings\Application Data\Apple Computer\Amazon\vnyytt.dll
c:\documents and settings\Laura Lopata\Local Settings\Application Data\JavaSoft\jhwcocth.dll
c:\documents and settings\Laura Lopata\Local Settings\Application Data\mqqsdhti.exe
c:\documents and settings\Laura Lopata\My Documents\~WRL1241.tmp
c:\documents and settings\Laura Lopata\My Documents\~WRL1415.tmp
c:\documents and settings\Laura Lopata\My Documents\~WRL3683.tmp
c:\documents and settings\Laura Lopata\My Documents\~WRL4057.tmp
c:\documents and settings\Laura Lopata\Start Menu\Programs\Windows XP Fix
c:\documents and settings\Laura Lopata\Start Menu\Programs\Windows XP Fix\Uninstall Windows XP Fix.lnk
c:\documents and settings\Laura Lopata\Start Menu\Programs\Windows XP Fix\Windows XP Fix.lnk
c:\documents and settings\Laura Lopata\Start Menu\Programs\Windows XP Repair
c:\documents and settings\Laura Lopata\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
c:\documents and settings\Laura Lopata\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\sdra64.exe
c:\windows\system32\service
c:\windows\system32\service\05072011_TIS17_SfFniAU.log
c:\windows\system32\service\07062010_TIS17_SfFniAU.log
c:\windows\system32\service\10012012_TIS17_SfFniAU.log
c:\windows\system32\service\10022011_TIS17_SfFniAU.log
c:\windows\system32\service\15072010_TIS17_SfFniAU.log
c:\windows\system32\service\23042012_TIS17_SfFniAU.log
c:\windows\system32\service\23092011_TIS17_SfFniAU.log
c:\windows\system32\service\26022012_TIS17_SfFniAU.log
c:\windows\system32\test
c:\windows\system32\urttemp
c:\windows\system32\urttemp\fusion.dll
c:\windows\system32\urttemp\mscoree.dll
c:\windows\system32\urttemp\mscoree.dll.local
c:\windows\system32\urttemp\mscorsn.dll
c:\windows\system32\urttemp\mscorwks.dll
c:\windows\system32\urttemp\msvcr71.dll
c:\windows\system32\urttemp\regtlib.exe
c:\windows\winhelp.ini
C:\xcrashdump.dat
.
-- Previous Run --
.
Infected copy of c:\windows\regedit.exe was found and disinfected
Restored copy from - c:\i386\REGEDIT.EXE
.
--------
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-25 to 2012-04-25  )))))))))))))))))))))))))))))))
.
.
2012-04-24 19:50 . 2012-04-24 19:50   --------   d-----w-   c:\documents and settings\Laura Lopata\Local Settings\Application Data\Spruce
2012-04-20 00:22 . 2012-04-25 01:15   --------   d-----w-   c:\documents and settings\Laura Lopata\Local Settings\Application Data\JavaSoft
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 19:09 . 2012-04-24 19:07   1283   ----a-w-   C:\tdsskiller.zip
2012-04-04 19:56 . 2011-07-08 16:01   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2004-08-11 22:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-11 22:00   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-11 22:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-11 22:00   177664   ----a-w-   c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-11 22:00   148480   ----a-w-   c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-11 22:00   385024   ------w-   c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-11 22:00   1860096   ----a-w-   c:\windows\system32\win32k.sys
2011-07-12 17:41 . 2011-07-12 17:41   23148744   ----a-w-   c:\program files\KindleForPC-installer.exe
2011-07-11 20:08 . 2011-07-11 20:08   14604786   ----a-w-   c:\program files\ysitebuilder.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-24 68856]
"WinCheck"="c:\documents and settings\Laura Lopata\Local Settings\Application Data\Spruce\WinCheck\WinCheck.exe" [2012-04-24 46592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-30 30192]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-28 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-23 149280]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-16 50688]
Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [1997-5-14 25600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/22/2010 7:32 PM 36624]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2/22/2010 7:32 PM 339984]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2/22/2010 7:42 PM 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2/22/2010 7:42 PM 689416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 10:44 AM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/16/2008 3:07 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2010 10:44 AM 135664]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2/22/2010 7:41 PM 51792]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 14:44]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 14:44]
.
2012-04-24 c:\windows\Tasks\User_Feed_Synchronization-{9221F186-9D1B-4231-AF70-F0AE290A0E85}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-JavaSoft - c:\documents and settings\Laura Lopata\Local Settings\Application Data\JavaSoft\jhwcocth.dll
HKCU-Run-Amazon - c:\documents and settings\Laura Lopata\Local Settings\Application Data\Apple Computer\Amazon\vnyytt.dll
HKU-Default-Run-Amazon - c:\documents and settings\Laura Lopata\Local Settings\Application Data\Apple Computer\Amazon\vnyytt.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-24 22:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  JavaSoft = rundll32.exe "c:\documents and settings\Laura Lopata\Local Settings\Application Data\JavaSoft\jhwcocth.dll",CreateTzanShell?,?qt ??????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1312)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3016)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\StacSV.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
.
**************************************************************************
.
Completion time: 2012-04-24  22:10:37 - machine was rebooted
ComboFix-quarantined-files.txt  2012-04-25 02:10
.
Pre-Run: 28,910,313,472 bytes free
Post-Run: 28,835,799,040 bytes free
.
- - End Of File - - 9E661D628C7B2A82122976FC198722D4

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7254
Re: [Resolved K] Happili virus redirecting
« Reply #5 on: April 25, 2012, 12:45:30 am »
Continue as follows please :-

Step 1

Upload a File to Virustotal

Please visit Virustotal

  • Click the Browse... button
  • Navigate to the file c:\documents and settings\Laura Lopata\Local Settings\Application Data\JavaSoft\jhwcocth.dll or just copy/paste it in.
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

Step 2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here  Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see those two logs, also give an update on remaining issues/concerns..

Thanks,

Kevin




Offline samantha

  • Bronze Member
  • Posts: 15
Re: [Resolved K] Happili virus redirecting
« Reply #6 on: April 25, 2012, 01:05:35 pm »
Hmmm. Virustotal says it can't find the file and when I type it into Documents and settings by hand, I get a "cannot find file" pop up.

If it helps, I cannot find a file called Local Settings, my choice goes straight from Laura Lopata to Application Data to Sun to Java to three choices: Deployment, jrel.6.0_13 or jrel.6.0_17.

What am I missing?


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7254
Re: [Resolved K] Happili virus redirecting
« Reply #7 on: April 25, 2012, 01:30:28 pm »
Leave VirusTotal for now. Run ESET exactly as per the instructions, Also re-run DDS and post new DDS.txt, no need for Attch.txt

Kevin  :t

Offline samantha

  • Bronze Member
  • Posts: 15
Re: [Resolved K] Happili virus redirecting
« Reply #8 on: April 26, 2012, 10:53:05 am »
Thank you. Here is ESET:

C:\Documents and Settings\Laura Lopata\Application Data\Sun\Java\Deployment\cache\6.0\0\43296140-4ffba0e4   a variant of Java/TrojanDownloader.Agent.ME trojan
C:\Documents and Settings\Laura Lopata\Application Data\Sun\Java\Deployment\cache\6.0\19\33c334d3-47f6936c   Java/Exploit.CVE-2012-0507.Y trojan
C:\Documents and Settings\Laura Lopata\Local Settings\Application Data\Spruce\WinCheck\WinCheck.exe   a variant of MSIL/Adware.SanctionedMedia.A application
C:\Qoobox\Quarantine\C\Documents and Settings\Laura Lopata\Local Settings\Application Data\mqqsdhti.exe.vir   a variant of Win32/Kryptik.AESC trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Laura Lopata\Local Settings\Application Data\JavaSoft\jhwcocth.dll.vir   a variant of Win32/Boaxxe.D trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP795\A0226815.dll   a variant of Win32/Boaxxe.D trojan
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP795\A0226816.exe   a variant of Win32/Kryptik.AESC trojan
Operating memory   a variant of MSIL/Adware.SanctionedMedia.A application






And Here is DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Laura Lopata at 12:47:53 on 2012-04-26
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.801 [GMT -4:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Documents and Settings\Laura Lopata\Local Settings\Application Data\Spruce\WinCheck\WinCheck.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WinCheck] "c:\documents and settings\laura lopata\local settings\application data\spruce\wincheck\WinCheck.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285954766156
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4ADF0647-31E9-402F-936E-0ACA2F884A74} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-2-22 36624]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-2-22 339984]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-2-22 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-2-22 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-2-22 689416]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-16 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
.
=============== Created Last 30 ================
.
2012-04-26 13:06:51   --------   d-----w-   c:\program files\ESET
2012-04-25 00:47:24   --------   d-sha-r-   C:\cmdcons
2012-04-25 00:43:39   98816   ----a-w-   c:\windows\sed.exe
2012-04-25 00:43:39   518144   ----a-w-   c:\windows\SWREG.exe
2012-04-25 00:43:39   256000   ----a-w-   c:\windows\PEV.exe
2012-04-25 00:43:39   208896   ----a-w-   c:\windows\MBR.exe
2012-04-24 19:50:43   --------   d-----w-   c:\documents and settings\laura lopata\local settings\application data\Spruce
2012-04-20 00:22:01   --------   d-----w-   c:\documents and settings\laura lopata\local settings\application data\JavaSoft
.
==================== Find3M  ====================
.
2012-04-04 19:56:40   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-03-01 11:01:32   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16   177664   ----a-w-   c:\windows\system32\wintrust.dll
2012-02-29 14:10:16   148480   ----a-w-   c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40   385024   ------w-   c:\windows\system32\html.iec
2012-02-03 09:22:18   1860096   ----a-w-   c:\windows\system32\win32k.sys
2011-07-12 17:41:12   23148744   ----a-w-   c:\program files\KindleForPC-installer.exe
2011-07-11 20:08:36   14604786   ----a-w-   c:\program files\ysitebuilder.exe
.
============= FINISH: 12:49:32.37 ===============

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7254
Re: [Resolved K] Happili virus redirecting
« Reply #9 on: April 26, 2012, 02:12:06 pm »
Do the following Samantha:

Step 1

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2 
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WinCheck"=-
:Services
:Files
ipconfig /flushdns /c
c:\documents and settings\laura lopata\local settings\application data\spruce\wincheck
:Commands
[EmptyTemp]
[ClearAllRestorePoints]

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    Code: [Select]
    :dir
    c:\documents and settings\laura lopata\local settings\application data\Spruce /s
    c:\documents and settings\laura lopata\local settings\application data\JavaSoft /s
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    Step 3

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Let me see the following in your reply :-

    • Log from OTM
    • Log from System Look
    • Log from Malwarebytes

    Kevin..

Offline samantha

  • Bronze Member
  • Posts: 15
Re: [Resolved K] Happili virus redirecting
« Reply #10 on: April 27, 2012, 06:59:28 pm »
Here you go, Kevin:


All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WinCheck deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Laura Lopata\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Laura Lopata\Desktop\cmd.txt deleted successfully.
c:\documents and settings\laura lopata\local settings\application data\spruce\WinCheck folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56502 bytes
 
User: Laura Lopata
->Temp folder emptied: 1615685 bytes
->Temporary Internet Files folder emptied: 191963084 bytes
->Java cache emptied: 36328584 bytes
->Flash cache emptied: 4999911 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes


SystemLook 30.07.11 by jpshortstuff
Log created at 20:34 on 27/04/2012 by Laura Lopata
Administrator - Elevation successful

========== dir ==========

c:\documents and settings\laura lopata\local settings\application data\Spruce - Parameters: "/s"

---Files---
None found.

No folders found.

c:\documents and settings\laura lopata\local settings\application data\JavaSoft - Parameters: "/s"

---Files---
None found.

No folders found.

-= EOF =-






Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.27.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Laura Lopata :: LAURA [administrator]

4/27/2012 8:35:57 PM
mbam-log-2012-04-27 (20-35-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205573
Time elapsed: 15 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Spruce (Adware.Spruce) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7254
Re: [Resolved K] Happili virus redirecting
« Reply #11 on: April 28, 2012, 12:44:32 am »
Hiya Samantha,

You`ve only posted a partial OTM log, can re-post the full one please. Also re-run DDS and post new DDS.txt, no need for Attach.txt....

Also give me an update on any remaining issues or concerns.

Thanks,

Kevin.  :t

Offline samantha

  • Bronze Member
  • Posts: 15
Re: [Resolved K] Happili virus redirecting
« Reply #12 on: April 28, 2012, 07:59:17 pm »
Good evening, Kevin.

My apologies about the OTM file. I re ran it as what I sent you in the log was what I had saved. I hope this is correct.

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WinCheck not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Laura Lopata\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Laura Lopata\Desktop\cmd.txt deleted successfully.
File/Folder c:\documents and settings\laura lopata\local settings\application data\spruce\wincheck not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Laura Lopata
->Temp folder emptied: 29729 bytes
->Temporary Internet Files folder emptied: 1106084 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.00 mb
 
 
Restore points cleared and new OTM Restore Point set!
 
OTM by OldTimer - Version 3.1.19.0 log created on 04282012_214531

Files moved on Reboot...

Registry entries deleted on Reboot...


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Laura Lopata at 21:51:43 on 2012-04-28
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1336 [GMT -4:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StatusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285954766156
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4ADF0647-31E9-402F-936E-0ACA2F884A74} : DhcpNameServer = 192.168.1.1 192.168.1.1
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-2-22 36624]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-2-22 339984]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-2-22 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-2-22 689416]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-16 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-2-22 51792]
.
=============== Created Last 30 ================
.
2012-04-29 01:47:35   --------   d-----w-   c:\windows\system32\Service
2012-04-27 23:59:25   --------   d-----w-   C:\_OTM
2012-04-26 13:06:51   --------   d-----w-   c:\program files\ESET
2012-04-25 00:47:24   --------   d-sha-r-   C:\cmdcons
2012-04-25 00:43:39   98816   ----a-w-   c:\windows\sed.exe
2012-04-25 00:43:39   518144   ----a-w-   c:\windows\SWREG.exe
2012-04-25 00:43:39   256000   ----a-w-   c:\windows\PEV.exe
2012-04-25 00:43:39   208896   ----a-w-   c:\windows\MBR.exe
2012-04-24 19:50:43   --------   d-----w-   c:\documents and settings\laura lopata\local settings\application data\Spruce
2012-04-20 00:22:01   --------   d-----w-   c:\documents and settings\laura lopata\local settings\application data\JavaSoft
.
==================== Find3M  ====================
.
2012-04-04 19:56:40   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-03-01 11:01:32   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16   177664   ----a-w-   c:\windows\system32\wintrust.dll
2012-02-29 14:10:16   148480   ----a-w-   c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40   385024   ------w-   c:\windows\system32\html.iec
2012-02-03 09:22:18   1860096   ----a-w-   c:\windows\system32\win32k.sys
2011-07-12 17:41:12   23148744   ----a-w-   c:\program files\KindleForPC-installer.exe
2011-07-11 20:08:36   14604786   ----a-w-   c:\program files\ysitebuilder.exe
.
============= FINISH: 21:53:21.34 ===============

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7254
Re: [Resolved K] Happili virus redirecting
« Reply #13 on: April 29, 2012, 02:14:17 am »
Hiya Samantha,

Re-run OTM, Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]
:Files
c:\documents and settings\laura lopata\local settings\application data\Spruce
c:\documents and settings\laura lopata\local settings\application data\JavaSoft
:Commands
[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Go here http://www.filehippo.com/updatechecker/ and run the FileHippo Update Checker, update all applications as suggested by the checker, Please ignore any suggested Beta updates..

Let me see the log from OTM, also let me know if you have any remaining issues or concerns... If all is OK we`ll clean up and set you free..

Thanks,

Kevin...

Offline samantha

  • Bronze Member
  • Posts: 15
Re: [Resolved K] Happili virus redirecting
« Reply #14 on: April 30, 2012, 07:32:50 pm »
What do you think?

All processes killed
========== FILES ==========
File/Folder c:\documents and settings\laura lopata\local settings\application data\Spruce not found.
File/Folder c:\documents and settings\laura lopata\local settings\application data\JavaSoft not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Laura Lopata
->Temp folder emptied: 29769 bytes
->Temporary Internet Files folder emptied: 1670785 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.00 mb
 
 
OTM by OldTimer - Version 3.1.19.0 log created on 04302012_210022

Files moved on Reboot...

Registry entries deleted on Reboot...