Jump to content


Photo
- - - - -

Infected (I sometimes see Happili.com re-directs on Google searches)


  • This topic is locked This topic is locked
45 replies to this topic

#1 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 09 April 2012 - 10:00 PM

Hi all,

So, I was noticing these weird 'happili' re-directs while browsing some search results the other day. After running both MBAM and AntiVir scans, the following was found:

TR/Crypt.ZPACK.Gen8
TR/Medfos.A.101

I allowed MBAM to quarantine its findings.

Since then, I've run both scans again and they've reported 0 malicious results. Unfortunately, I am still experiencing the 'happili' re-direct.

Also, I can't run DDS and have never been able to (despite turning _Everything_ on my system off [internet, a/v, etc.]) -- it always stops 3/4 of the way.

What should I do next?

Thank you for your time!
Thomas

#2 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 11 April 2012 - 07:33 PM

Hi all,

Please forgive me if I'm not supposed to be re-pinging a ticket but do let me know if anyone help me out with this.

Thanks for your time!
Thomas

#3 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 12 April 2012 - 07:46 AM

Posted Image

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste". typically C:\ For example, Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 12 April 2012 - 05:34 PM

Hi there!

Thanks for helping me. The link you provided to TDDSKiller.exe wasn't working, so I grabbed it from here: http://support.kaspe...iruses/utility. Below is the log of the scan I ran with it:

***

18:31:04.0406 3080 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
18:31:04.0546 3080 ============================================================
18:31:04.0546 3080 Current date / time: 2012/04/12 18:31:04.0546
18:31:04.0546 3080 SystemInfo:
18:31:04.0546 3080
18:31:04.0546 3080 OS Version: 5.1.2600 ServicePack: 3.0
18:31:04.0546 3080 Product type: Workstation
18:31:04.0546 3080 ComputerName: COMPUTER
18:31:04.0546 3080 Windows directory: C:\WINDOWS
18:31:04.0546 3080 System windows directory: C:\WINDOWS
18:31:04.0546 3080 Processor architecture: Intel x86
18:31:04.0546 3080 Number of processors: 2
18:31:04.0546 3080 Page size: 0x1000
18:31:04.0546 3080 Boot type: Normal boot
18:31:04.0562 3080 ============================================================
18:31:06.0062 3080 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:31:06.0078 3080 \Device\Harddisk0\DR0:
18:31:06.0078 3080 MBR used
18:31:06.0078 3080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9512343
18:31:06.0109 3080 Initialize success
18:31:06.0109 3080 ============================================================
18:31:27.0906 2292 ============================================================
18:31:27.0906 2292 Scan started
18:31:27.0906 2292 Mode: Manual;
18:31:27.0906 2292 ============================================================
18:31:28.0156 2292 Abiosdsk - ok
18:31:28.0187 2292 abp480n5 - ok
18:31:28.0234 2292 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
18:31:28.0250 2292 ac97intc - ok
18:31:28.0296 2292 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:31:28.0296 2292 ACPI - ok
18:31:28.0312 2292 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:31:28.0328 2292 ACPIEC - ok
18:31:28.0343 2292 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:31:28.0375 2292 adpu160m - ok
18:31:28.0406 2292 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
18:31:28.0437 2292 adpu320 - ok
18:31:28.0484 2292 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys
18:31:28.0500 2292 aeaudio - ok
18:31:28.0531 2292 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:31:28.0546 2292 aec - ok
18:31:28.0609 2292 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:31:28.0625 2292 AegisP - ok
18:31:28.0671 2292 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:31:28.0671 2292 AFD - ok
18:31:28.0796 2292 Aha154x - ok
18:31:28.0843 2292 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:31:28.0859 2292 aic78u2 - ok
18:31:28.0875 2292 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:31:28.0890 2292 aic78xx - ok
18:31:28.0921 2292 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:31:28.0937 2292 Alerter - ok
18:31:28.0953 2292 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:31:28.0953 2292 ALG - ok
18:31:28.0968 2292 AliIde - ok
18:31:28.0984 2292 amsint - ok
18:31:29.0109 2292 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:31:29.0125 2292 AntiVirSchedulerService - ok
18:31:29.0171 2292 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:31:29.0171 2292 AntiVirService - ok
18:31:29.0265 2292 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:31:29.0281 2292 Apple Mobile Device - ok
18:31:29.0328 2292 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:31:29.0343 2292 AppMgmt - ok
18:31:29.0359 2292 asc - ok
18:31:29.0359 2292 asc3350p - ok
18:31:29.0375 2292 asc3550 - ok
18:31:29.0484 2292 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:31:29.0515 2292 aspnet_state - ok
18:31:29.0656 2292 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:31:29.0671 2292 AsyncMac - ok
18:31:29.0687 2292 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:31:29.0687 2292 atapi - ok
18:31:29.0703 2292 Atdisk - ok
18:31:29.0750 2292 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:31:29.0765 2292 Atmarpc - ok
18:31:29.0812 2292 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:31:29.0828 2292 AudioSrv - ok
18:31:29.0875 2292 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:31:29.0890 2292 audstub - ok
18:31:30.0000 2292 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:31:30.0015 2292 avgio - ok
18:31:30.0015 2292 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:31:30.0031 2292 avgntflt - ok
18:31:30.0062 2292 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:31:30.0109 2292 avipbb - ok
18:31:30.0156 2292 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:31:30.0171 2292 b57w2k - ok
18:31:30.0203 2292 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:31:30.0218 2292 Beep - ok
18:31:30.0343 2292 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:31:30.0468 2292 BITS - ok
18:31:30.0578 2292 Blfp (9976971b7092f5bff20073ab31ba1598) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
18:31:30.0593 2292 Blfp - ok
18:31:30.0671 2292 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files\Bonjour\mDNSResponder.exe
18:31:30.0734 2292 Bonjour Service - ok
18:31:30.0765 2292 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:31:30.0781 2292 Browser - ok
18:31:30.0828 2292 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:31:30.0843 2292 cbidf2k - ok
18:31:30.0890 2292 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:31:30.0906 2292 CCDECODE - ok
18:31:30.0921 2292 cd20xrnt - ok
18:31:30.0953 2292 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:31:30.0984 2292 Cdaudio - ok
18:31:31.0078 2292 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:31:31.0093 2292 Cdfs - ok
18:31:31.0109 2292 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:31:31.0140 2292 Cdrom - ok
18:31:31.0140 2292 Changer - ok
18:31:31.0171 2292 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:31:31.0171 2292 CiSvc - ok
18:31:31.0203 2292 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:31:31.0218 2292 ClipSrv - ok
18:31:31.0296 2292 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:31:31.0328 2292 clr_optimization_v2.0.50727_32 - ok
18:31:31.0390 2292 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:31:31.0406 2292 clr_optimization_v4.0.30319_32 - ok
18:31:31.0453 2292 CmdIde - ok
18:31:31.0468 2292 COMSysApp - ok
18:31:31.0484 2292 Cpqarray - ok
18:31:31.0531 2292 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:31:31.0546 2292 CryptSvc - ok
18:31:31.0562 2292 dac2w2k - ok
18:31:31.0562 2292 dac960nt - ok
18:31:31.0609 2292 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:31:31.0625 2292 DcomLaunch - ok
18:31:31.0687 2292 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:31:31.0687 2292 Dhcp - ok
18:31:31.0765 2292 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:31:31.0765 2292 Disk - ok
18:31:31.0781 2292 dmadmin - ok
18:31:31.0828 2292 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:31:31.0890 2292 dmboot - ok
18:31:31.0937 2292 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:31:31.0937 2292 dmio - ok
18:31:31.0968 2292 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:31:31.0968 2292 dmload - ok
18:31:32.0000 2292 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:31:32.0015 2292 dmserver - ok
18:31:32.0031 2292 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:31:32.0046 2292 DMusic - ok
18:31:32.0093 2292 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:31:32.0093 2292 Dnscache - ok
18:31:32.0156 2292 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:31:32.0187 2292 Dot3svc - ok
18:31:32.0234 2292 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:31:32.0250 2292 dpti2o - ok
18:31:32.0281 2292 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:31:32.0296 2292 drmkaud - ok
18:31:32.0312 2292 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:31:32.0328 2292 E100B - ok
18:31:32.0421 2292 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:31:32.0437 2292 EapHost - ok
18:31:32.0453 2292 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:31:32.0484 2292 ERSvc - ok
18:31:32.0531 2292 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:31:32.0531 2292 Eventlog - ok
18:31:32.0593 2292 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:31:32.0609 2292 EventSystem - ok
18:31:32.0640 2292 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:31:32.0640 2292 Fastfat - ok
18:31:32.0703 2292 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:31:32.0703 2292 FastUserSwitchingCompatibility - ok
18:31:32.0750 2292 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:31:32.0765 2292 Fdc - ok
18:31:32.0812 2292 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:31:32.0828 2292 Fips - ok
18:31:32.0843 2292 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:31:32.0859 2292 Flpydisk - ok
18:31:32.0890 2292 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:31:32.0890 2292 FltMgr - ok
18:31:32.0984 2292 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:31:33.0000 2292 FontCache3.0.0.0 - ok
18:31:33.0078 2292 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:31:33.0109 2292 Fs_Rec - ok
18:31:33.0109 2292 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:31:33.0125 2292 Ftdisk - ok
18:31:33.0140 2292 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:31:33.0171 2292 GEARAspiWDM - ok
18:31:33.0234 2292 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:31:33.0250 2292 Gpc - ok
18:31:33.0296 2292 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:31:33.0328 2292 helpsvc - ok
18:31:33.0343 2292 HidServ - ok
18:31:33.0406 2292 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:31:33.0421 2292 HidUsb - ok
18:31:33.0468 2292 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:31:33.0500 2292 hkmsvc - ok
18:31:33.0500 2292 hpn - ok
18:31:33.0562 2292 hpqwmi (e7e0cf2e13994dab2ce10dfef25bf610) C:\Program Files\HPQ\Shared\hpqwmi.exe
18:31:33.0578 2292 hpqwmi - ok
18:31:33.0625 2292 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:31:33.0640 2292 HTTP - ok
18:31:33.0687 2292 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:31:33.0703 2292 HTTPFilter - ok
18:31:33.0765 2292 i2omgmt - ok
18:31:33.0765 2292 i2omp - ok
18:31:33.0812 2292 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:31:33.0843 2292 i8042prt - ok
18:31:33.0890 2292 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
18:31:33.0921 2292 i81x - ok
18:31:33.0968 2292 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
18:31:33.0984 2292 iAimFP0 - ok
18:31:34.0000 2292 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
18:31:34.0015 2292 iAimFP1 - ok
18:31:34.0031 2292 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
18:31:34.0046 2292 iAimFP2 - ok
18:31:34.0062 2292 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
18:31:34.0093 2292 iAimFP3 - ok
18:31:34.0156 2292 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
18:31:34.0171 2292 iAimFP4 - ok
18:31:34.0187 2292 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
18:31:34.0203 2292 iAimFP5 - ok
18:31:34.0203 2292 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
18:31:34.0218 2292 iAimFP6 - ok
18:31:34.0234 2292 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
18:31:34.0234 2292 iAimFP7 - ok
18:31:34.0250 2292 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
18:31:34.0265 2292 iAimTV0 - ok
18:31:34.0281 2292 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
18:31:34.0296 2292 iAimTV1 - ok
18:31:34.0312 2292 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
18:31:34.0328 2292 iAimTV3 - ok
18:31:34.0359 2292 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
18:31:34.0375 2292 iAimTV4 - ok
18:31:34.0406 2292 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
18:31:34.0421 2292 iAimTV5 - ok
18:31:34.0437 2292 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
18:31:34.0453 2292 iAimTV6 - ok
18:31:34.0500 2292 ialm (16f8de7a7f9023aac04dec6a8a264441) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:31:34.0546 2292 ialm - ok
18:31:34.0687 2292 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:31:34.0828 2292 idsvc - ok
18:31:34.0937 2292 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:31:34.0953 2292 Imapi - ok
18:31:35.0000 2292 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:31:35.0000 2292 ImapiService - ok
18:31:35.0031 2292 ini910u - ok
18:31:35.0062 2292 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:31:35.0078 2292 IntelIde - ok
18:31:35.0093 2292 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:31:35.0109 2292 intelppm - ok
18:31:35.0140 2292 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:31:35.0140 2292 Ip6Fw - ok
18:31:35.0171 2292 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:31:35.0203 2292 IpFilterDriver - ok
18:31:35.0218 2292 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:31:35.0250 2292 IpInIp - ok
18:31:35.0281 2292 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:31:35.0281 2292 IpNat - ok
18:31:35.0375 2292 iPod Service (b84a28b3984185eda8867541af14cddb) C:\Program Files\iPod\bin\iPodService.exe
18:31:35.0390 2292 iPod Service - ok
18:31:35.0406 2292 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:31:35.0437 2292 IPSec - ok
18:31:35.0453 2292 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:31:35.0453 2292 IRENUM - ok
18:31:35.0500 2292 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:31:35.0515 2292 isapnp - ok
18:31:35.0640 2292 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
18:31:35.0656 2292 JavaQuickStarterService - ok
18:31:35.0718 2292 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:31:35.0734 2292 Kbdclass - ok
18:31:35.0796 2292 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:31:35.0828 2292 kmixer - ok
18:31:35.0859 2292 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:31:35.0859 2292 KSecDD - ok
18:31:35.0890 2292 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:31:35.0890 2292 lanmanserver - ok
18:31:35.0921 2292 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:31:35.0921 2292 lanmanworkstation - ok
18:31:35.0937 2292 lbrtfdc - ok
18:31:35.0984 2292 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:31:36.0000 2292 LmHosts - ok
18:31:36.0031 2292 mbamchameleon (7ffd29fafcde7aaf89b689b6e156d5b0) C:\WINDOWS\system32\drivers\mbamchameleon.sys
18:31:36.0031 2292 mbamchameleon - ok
18:31:36.0062 2292 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:31:36.0078 2292 Messenger - ok
18:31:36.0125 2292 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:31:36.0140 2292 mnmdd - ok
18:31:36.0171 2292 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:31:36.0203 2292 mnmsrvc - ok
18:31:36.0234 2292 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:31:36.0250 2292 Modem - ok
18:31:36.0281 2292 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:31:36.0281 2292 Mouclass - ok
18:31:36.0390 2292 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:31:36.0421 2292 mouhid - ok
18:31:36.0484 2292 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:31:36.0500 2292 MountMgr - ok
18:31:36.0500 2292 mraid35x - ok
18:31:36.0546 2292 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:31:36.0546 2292 MRxDAV - ok
18:31:36.0609 2292 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:31:36.0609 2292 MRxSmb - ok
18:31:36.0671 2292 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:31:36.0687 2292 MSDTC - ok
18:31:36.0703 2292 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:31:36.0718 2292 Msfs - ok
18:31:36.0718 2292 MSIServer - ok
18:31:36.0765 2292 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:31:36.0781 2292 MSKSSRV - ok
18:31:36.0812 2292 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:31:36.0828 2292 MSPCLOCK - ok
18:31:36.0859 2292 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:31:36.0890 2292 MSPQM - ok
18:31:36.0921 2292 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:31:36.0921 2292 mssmbios - ok
18:31:36.0968 2292 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:31:37.0000 2292 MSTEE - ok
18:31:37.0015 2292 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:31:37.0031 2292 Mup - ok
18:31:37.0046 2292 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:31:37.0078 2292 NABTSFEC - ok
18:31:37.0156 2292 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:31:37.0218 2292 napagent - ok
18:31:37.0296 2292 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:31:37.0296 2292 NDIS - ok
18:31:37.0328 2292 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:31:37.0343 2292 NdisIP - ok
18:31:37.0375 2292 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:31:37.0375 2292 NdisTapi - ok
18:31:37.0406 2292 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:31:37.0421 2292 Ndisuio - ok
18:31:37.0468 2292 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:31:37.0484 2292 NdisWan - ok
18:31:37.0515 2292 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:31:37.0531 2292 NDProxy - ok
18:31:37.0546 2292 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:31:37.0546 2292 NetBIOS - ok
18:31:37.0562 2292 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:31:37.0593 2292 NetBT - ok
18:31:37.0640 2292 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:31:37.0656 2292 NetDDE - ok
18:31:37.0671 2292 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:31:37.0671 2292 NetDDEdsdm - ok
18:31:37.0718 2292 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:31:37.0718 2292 Netlogon - ok
18:31:37.0812 2292 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:31:37.0828 2292 Netman - ok
18:31:37.0937 2292 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:31:37.0953 2292 NetTcpPortSharing - ok
18:31:38.0015 2292 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:31:38.0031 2292 Nla - ok
18:31:38.0125 2292 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:31:38.0125 2292 Npfs - ok
18:31:38.0171 2292 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:31:38.0171 2292 Ntfs - ok
18:31:38.0187 2292 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:31:38.0187 2292 NtLmSsp - ok
18:31:38.0234 2292 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:31:38.0265 2292 NtmsSvc - ok
18:31:38.0312 2292 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:31:38.0328 2292 Null - ok
18:31:38.0343 2292 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:31:38.0359 2292 NwlnkFlt - ok
18:31:38.0375 2292 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:31:38.0390 2292 NwlnkFwd - ok
18:31:38.0562 2292 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:31:38.0593 2292 odserv - ok
18:31:38.0640 2292 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:31:38.0656 2292 ose - ok
18:31:38.0734 2292 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
18:31:38.0734 2292 P3 - ok
18:31:38.0765 2292 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:31:38.0781 2292 Parport - ok
18:31:38.0843 2292 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:31:38.0843 2292 PartMgr - ok
18:31:38.0875 2292 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:31:38.0890 2292 ParVdm - ok
18:31:38.0921 2292 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:31:38.0921 2292 PCI - ok
18:31:38.0937 2292 PCIDump - ok
18:31:38.0953 2292 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:31:38.0953 2292 PCIIde - ok
18:31:38.0984 2292 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:31:39.0000 2292 Pcmcia - ok
18:31:39.0015 2292 PDCOMP - ok
18:31:39.0031 2292 PDFRAME - ok
18:31:39.0046 2292 PDRELI - ok
18:31:39.0062 2292 PDRFRAME - ok
18:31:39.0062 2292 perc2 - ok
18:31:39.0078 2292 perc2hib - ok
18:31:39.0125 2292 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:31:39.0140 2292 PlugPlay - ok
18:31:39.0171 2292 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:31:39.0187 2292 PolicyAgent - ok
18:31:39.0218 2292 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:31:39.0234 2292 PptpMiniport - ok
18:31:39.0250 2292 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:31:39.0250 2292 ProtectedStorage - ok
18:31:39.0265 2292 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:31:39.0296 2292 PSched - ok
18:31:39.0343 2292 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:31:39.0359 2292 Ptilink - ok
18:31:39.0375 2292 ql1080 - ok
18:31:39.0390 2292 Ql10wnt - ok
18:31:39.0406 2292 ql12160 - ok
18:31:39.0406 2292 ql1240 - ok
18:31:39.0421 2292 ql1280 - ok
18:31:39.0546 2292 RalinkRegistryWriter (cb6849a0f18a49e694762e93a58a853b) C:\Program Files\TP-LINK\TWCU\COMMON\RegistryWriter.exe
18:31:39.0562 2292 RalinkRegistryWriter - ok
18:31:39.0609 2292 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:31:39.0625 2292 RasAcd - ok
18:31:39.0671 2292 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:31:39.0703 2292 RasAuto - ok
18:31:39.0718 2292 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:31:39.0750 2292 Rasl2tp - ok
18:31:39.0796 2292 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:31:39.0812 2292 RasMan - ok
18:31:39.0875 2292 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:31:39.0890 2292 RasPppoe - ok
18:31:39.0906 2292 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:31:39.0921 2292 Raspti - ok
18:31:39.0937 2292 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:31:39.0937 2292 Rdbss - ok
18:31:39.0968 2292 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:31:39.0984 2292 RDPCDD - ok
18:31:40.0031 2292 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:31:40.0062 2292 rdpdr - ok
18:31:40.0109 2292 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:31:40.0109 2292 RDPWD - ok
18:31:40.0187 2292 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:31:40.0218 2292 RDSessMgr - ok
18:31:40.0265 2292 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:31:40.0281 2292 redbook - ok
18:31:40.0328 2292 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:31:40.0343 2292 RemoteAccess - ok
18:31:40.0406 2292 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:31:40.0437 2292 RemoteRegistry - ok
18:31:40.0468 2292 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:31:40.0484 2292 RpcLocator - ok
18:31:40.0546 2292 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:31:40.0546 2292 RpcSs - ok
18:31:40.0578 2292 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:31:40.0609 2292 RSVP - ok
18:31:40.0703 2292 rt2870 (f1fcf23c4a2c777fe77e3e703654eb66) C:\WINDOWS\system32\DRIVERS\rt2870.sys
18:31:40.0718 2292 rt2870 - ok
18:31:40.0750 2292 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:31:40.0750 2292 SamSs - ok
18:31:40.0765 2292 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:31:40.0796 2292 SCardSvr - ok
18:31:40.0875 2292 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:31:40.0906 2292 Schedule - ok
18:31:40.0937 2292 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:31:40.0968 2292 Secdrv - ok
18:31:41.0015 2292 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:31:41.0031 2292 seclogon - ok
18:31:41.0078 2292 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:31:41.0078 2292 SENS - ok
18:31:41.0093 2292 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:31:41.0109 2292 serenum - ok
18:31:41.0140 2292 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:31:41.0156 2292 Serial - ok
18:31:41.0187 2292 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:31:41.0203 2292 Sfloppy - ok
18:31:41.0265 2292 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:31:41.0281 2292 SharedAccess - ok
18:31:41.0328 2292 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:31:41.0328 2292 ShellHWDetection - ok
18:31:41.0375 2292 Simbad - ok
18:31:41.0437 2292 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:31:41.0453 2292 SLIP - ok
18:31:41.0531 2292 smwdm (86d17b6760dd2b09e932ff101714e0dc) C:\WINDOWS\system32\drivers\smwdm.sys
18:31:41.0562 2292 smwdm - ok
18:31:41.0640 2292 SoundMAX Agent Service (default) (3978f082274f723ad5a0a8058c2417dd) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
18:31:41.0656 2292 SoundMAX Agent Service (default) - ok
18:31:41.0687 2292 Sparrow - ok
18:31:41.0718 2292 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:31:41.0734 2292 splitter - ok
18:31:41.0765 2292 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:31:41.0781 2292 Spooler - ok
18:31:41.0796 2292 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:31:41.0828 2292 sr - ok
18:31:41.0875 2292 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:31:41.0890 2292 srservice - ok
18:31:41.0937 2292 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:31:41.0953 2292 Srv - ok
18:31:42.0000 2292 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:31:42.0000 2292 SSDPSRV - ok
18:31:42.0062 2292 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:31:42.0078 2292 ssmdrv - ok
18:31:42.0093 2292 Steam Client Service - ok
18:31:42.0156 2292 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:31:42.0218 2292 stisvc - ok
18:31:42.0515 2292 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:31:42.0578 2292 streamip - ok
18:31:42.0656 2292 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:31:42.0671 2292 swenum - ok
18:31:42.0781 2292 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:31:42.0828 2292 SwitchBoard - ok
18:31:42.0843 2292 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:31:42.0859 2292 swmidi - ok
18:31:42.0875 2292 SwPrv - ok
18:31:42.0921 2292 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:31:42.0937 2292 symc810 - ok
18:31:42.0937 2292 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:31:42.0953 2292 symc8xx - ok
18:31:42.0984 2292 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
18:31:43.0015 2292 Symmpi - ok
18:31:43.0046 2292 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:31:43.0078 2292 sym_hi - ok
18:31:43.0093 2292 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:31:43.0109 2292 sym_u3 - ok
18:31:43.0125 2292 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:31:43.0140 2292 sysaudio - ok
18:31:43.0203 2292 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:31:43.0218 2292 SysmonLog - ok
18:31:43.0265 2292 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:31:43.0281 2292 TapiSrv - ok
18:31:43.0359 2292 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:31:43.0359 2292 Tcpip - ok
18:31:43.0578 2292 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:31:43.0593 2292 TDPIPE - ok
18:31:43.0671 2292 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:31:43.0687 2292 TDTCP - ok
18:31:43.0718 2292 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:31:43.0734 2292 TermDD - ok
18:31:43.0796 2292 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:31:43.0812 2292 TermService - ok
18:31:43.0859 2292 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:31:43.0859 2292 Themes - ok
18:31:43.0906 2292 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:31:43.0921 2292 TlntSvr - ok
18:31:43.0937 2292 TosIde - ok
18:31:43.0968 2292 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:31:43.0984 2292 TrkWks - ok
18:31:44.0031 2292 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:31:44.0046 2292 Udfs - ok
18:31:44.0078 2292 ultra - ok
18:31:44.0093 2292 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:31:44.0140 2292 Update - ok
18:31:44.0171 2292 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:31:44.0218 2292 upnphost - ok
18:31:44.0250 2292 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:31:44.0265 2292 UPS - ok
18:31:44.0328 2292 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:31:44.0343 2292 USBAAPL - ok
18:31:44.0421 2292 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:31:44.0468 2292 usbaudio - ok
18:31:44.0515 2292 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:31:44.0531 2292 usbccgp - ok
18:31:44.0578 2292 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:31:44.0609 2292 usbehci - ok
18:31:44.0640 2292 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:31:44.0656 2292 usbhub - ok
18:31:44.0703 2292 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:31:44.0734 2292 usbscan - ok
18:31:44.0765 2292 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:31:44.0796 2292 USBSTOR - ok
18:31:44.0812 2292 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:31:44.0843 2292 usbuhci - ok
18:31:44.0859 2292 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:31:44.0890 2292 usbvideo - ok
18:31:44.0921 2292 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:31:44.0937 2292 VgaSave - ok
18:31:44.0968 2292 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:31:44.0968 2292 ViaIde - ok
18:31:45.0000 2292 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:31:45.0000 2292 VolSnap - ok
18:31:45.0062 2292 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:31:45.0109 2292 VSS - ok
18:31:45.0187 2292 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:31:45.0218 2292 W32Time - ok
18:31:45.0296 2292 wampapache (53ea061ecc67223a430f153c3682ad54) c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
18:31:45.0296 2292 wampapache - ok
18:31:45.0343 2292 wampmysqld - ok
18:31:45.0390 2292 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:31:45.0421 2292 Wanarp - ok
18:31:45.0421 2292 WDICA - ok
18:31:45.0453 2292 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:31:45.0468 2292 wdmaud - ok
18:31:45.0500 2292 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:31:45.0515 2292 WebClient - ok
18:31:45.0609 2292 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:31:45.0625 2292 winmgmt - ok
18:31:45.0703 2292 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
18:31:45.0718 2292 WmdmPmSN - ok
18:31:45.0781 2292 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:31:45.0796 2292 Wmi - ok
18:31:45.0843 2292 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:31:45.0875 2292 WmiAcpi - ok
18:31:45.0906 2292 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:31:45.0937 2292 WmiApSrv - ok
18:31:46.0078 2292 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:31:46.0156 2292 WPFFontCache_v0400 - ok
18:31:46.0203 2292 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:31:46.0218 2292 wscsvc - ok
18:31:46.0265 2292 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:31:46.0281 2292 WSTCODEC - ok
18:31:46.0343 2292 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:31:46.0375 2292 wuauserv - ok
18:31:46.0421 2292 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:31:46.0468 2292 WZCSVC - ok
18:31:46.0515 2292 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:31:46.0562 2292 xmlprov - ok
18:31:46.0609 2292 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:31:46.0750 2292 \Device\Harddisk0\DR0 - ok
18:31:46.0750 2292 Boot (0x1200) (75c511d092483384b37846ac3c1e6821) \Device\Harddisk0\DR0\Partition0
18:31:46.0750 2292 \Device\Harddisk0\DR0\Partition0 - ok
18:31:46.0750 2292 ============================================================
18:31:46.0750 2292 Scan finished
18:31:46.0765 2292 ============================================================
18:31:46.0765 0152 Detected object count: 0
18:31:46.0765 0152 Actual detected object count: 0

#5 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 12 April 2012 - 05:43 PM

Thanks for the link. It looks like they moved it again.

Please do not attach the scan results from Combofx. Use copy/paste.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.


Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 13 April 2012 - 05:38 PM

Hi there,

Again, thanks for your help. I tried running CF multiple times to no avail. It always freezes out while it's scanning. I disconnected myself from the internet, disabled Antivir, etc., etc... no luck. Tried this about 3 times and manually shut down the computer after the 1 hour mark of scanning.

What should I do next?

Thanks,
Thomas

#7 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 13 April 2012 - 05:40 PM

Restart in Safe Mode and Try running it in Safe Mode
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 13 April 2012 - 05:41 PM

Okay -- will do right now.

Thomas

#9 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 13 April 2012 - 07:02 PM

Hello,

I rebooted in safe mode (twice) and tried running it.. same thing! :\

Thomas

#10 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 14 April 2012 - 12:32 PM

Tried it again this morning.. still no good!

Thomas

#11 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 14 April 2012 - 07:41 PM

Try it now
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 15 April 2012 - 02:57 PM

Hi there,

Still no good. Should I try starting in safe mode + running it from the chameleon folder, then?

Thomas

#13 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 April 2012 - 04:39 PM

Click the Posted Image button. > Run - copy and paste this command in the box ComboFix /nombr then click OK.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 15 April 2012 - 08:27 PM

Okay, that seems to have worked! Here's the log I get at the end:

---

ComboFix 12-04-12.03 - Administrator 04/15/2012 20:54:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1532 [GMT -4:00]
Running from: c:\program files\Malwarebytes' Anti-Malware\Chameleon\ComboFix.exe
Command switches used :: /nombr
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\msssc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-12 22:30 . 2012-04-15 15:31 24064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-03-30 06:14 . 2012-03-30 06:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{A0A1B70A-7A2F-11E1-826D-B8AC6F996F26}
2012-03-24 22:42 . 2012-03-24 22:42 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2012-03-24 22:42 . 2012-03-24 22:42 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-03-24 22:42 . 2012-03-24 22:42 -------- d-----w- c:\program files\TP-LINK
2012-03-24 22:42 . 2009-06-17 13:40 650624 ----a-w- c:\windows\system32\drivers\rt2870.sys
2012-03-24 22:42 . 2009-06-17 13:40 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2012-03-24 22:42 . 2012-03-24 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TP-LINK Driver
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 11:01 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2004-08-04 07:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 07:56 43520 ------w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2010-12-10 18:26 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-04 07:56 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-03 09:22 . 2004-08-04 06:17 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-16 03:40 . 2011-04-01 23:12 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-03 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-01 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"LayoutM"="KLayMgr.exe" [2004-08-17 45056]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TP-LINK Wireless Utility.lnk - c:\program files\TP-LINK\TWCU\COMMON\TWCU.exe [2012-3-24 1298432]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.17\\bin\\httpd.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2011\\fm.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/16/2011 10:35 PM 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/12/2012 6:30 PM 24064]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274765018-2503423405-4002033684-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-25 05:31]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-274765018-2503423405-4002033684-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-25 05:31]
.
2011-09-30 c:\windows\Tasks\Lecture 12.job
- c:\documents and settings\Administrator\Desktop\School\Fall 2011\HCI521\Lecture Videos and Notes\Lecture 12.mov [2011-09-30 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1f0zh2nm.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-Adobe Connect Add-in - c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 21:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-274765018-2503423405-4002033684-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,9f,9e,87,83,95,ad,4d,a8,dc,80,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,9f,9e,87,83,95,ad,4d,a8,dc,80,\
.
Completion time: 2012-04-15 21:02:44
ComboFix-quarantined-files.txt 2012-04-16 01:02
.
Pre-Run: 12,048,674,816 bytes free
Post-Run: 12,245,405,696 bytes free
.
- - End Of File - - 0512C702CAABB73FB129F206D3F49C75

#15 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 16 April 2012 - 08:05 AM

Now try running combofix normally
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 16 April 2012 - 07:10 PM

I tried running combofix directly from the chameleon folder following that and it froze out again (I let it run about 40 mins).

Thomas

#17 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 16 April 2012 - 07:13 PM

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste".
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#18 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 16 April 2012 - 07:54 PM

I updated and then ran the scan. As for my computer, I noticed the hapili re-direct while Google searching yesterday.

---

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: COMPUTER [administrator]

4/16/2012 8:15:15 PM
mbam-log-2012-04-16 (20-15-15).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285856
Time elapsed: 38 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#19 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 16 April 2012 - 07:57 PM

I'm not seeing it.

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#20 tkatavic

tkatavic

    New Member

  • Members
  • Pip
  • 43 posts

Posted 18 April 2012 - 04:55 PM

Tried running it in both normal and safe mode with AntiVir guard disabled. Still freezing up like ComboFix. :\




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users