News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
June 19, 2013, 23:36:25
linktree cexx.org - Support Forums  >  Spyware-Related Stuff  >  Spyware - Help!
linktree Topic: I cannot use programs that require Java-Hijack this log attached.
Pages: [1]   Go Down
« previous next »
  Print  
Topic: I cannot use programs that require Java-Hijack this log attached.  (Read 1337 times)
0 Members and 1 Guest are viewing this topic.
« on: June 01, 2012, 20:54:53 »
doriR Offline
Newbie

 *

Karma: 0
Posts: 13
Please help
I have tried the typical, uninstall, re-install, etc., and this is the message I get: Could not start the Java Machine, Program will now exit.

Here is my Hijack this log, because I also have something running in the background al lthe time. I know I need to install some protection on this computer, because the guy that helped me re-install everything after my crash liked Symantec, but I think it let something get through...

Logfile of HijackThis v1.99.1
Scan saved at 9:45:16 PM, on 6/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Logged
« Reply #1 on: June 01, 2012, 21:22:59 »
dvk01 Offline
Administrator WWW
Karma: 6
Posts: 308

First clear your Java cache as shown http://www.java.com/en/download/help/5000020300.xml
Then follow advice here and post the logs those programs make in your next reply to this topic
Logged
Derek
Microsoft MVP/Consumer Security
The Spykiller | Security and Privacy | Hedgehog Rescue
« Reply #2 on: June 02, 2012, 22:02:47 »
doriR Offline
Newbie

 *

Karma: 0
Posts: 13
Here are the logs, I hope I did this right.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.4.1
Run by Administrator at 22:30:13 on 2012-06-02
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2558.435 [GMT -7:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\freecell.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=17
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1329109709281
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.0.1 68.94.156.1
TCP: Interfaces\{72AAC8C9-0653-428C-B68D-FEF2241A4D64} : DhcpNameServer = 192.168.0.1 68.94.156.1
Notify: NavLogon - c:\windows\system32\NavLogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\08tzhfv2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=17
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120601.005\naveng.sys [2012-6-1 87928]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120601.005\navex15.sys [2012-6-1 1589752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-28 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-2-16 1691480]
S3 azt2320;Aztech 2320 Audio Driver (WDM);c:\windows\system32\drivers\aztw2320.sys [2012-2-14 36992]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2012-2-14 96256]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 129976]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]
.
=============== Created Last 30 ================
.
2012-06-01 05:34:26   --------   d-----w-   c:\program files\Oracle
2012-06-01 05:34:19   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-06-01 05:12:13   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Sun
2012-06-01 04:54:19   772504   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-06-01 04:48:21   --------   d-----w-   c:\windows\system32\appmgmt
2012-05-15 08:01:34   --------   d-----w-   c:\program files\Diablo III
2012-05-15 08:01:34   --------   d-----w-   c:\program files\common files\Blizzard Entertainment
2012-05-15 08:01:34   --------   d-----w-   c:\documents and settings\all users\application data\Blizzard Entertainment
2012-05-15 07:43:46   --------   d-----w-   c:\documents and settings\all users\application data\Battle.net
2012-05-10 03:43:58   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Google
.
==================== Find3M  ====================
.
2012-05-04 22:43:31   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 22:43:31   419488   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-05-04 22:43:30   4140192   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
2012-04-11 13:14:41   2148352   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06   1862272   ----a-w-   c:\windows\system32\win32k.sys
2012-04-11 12:35:51   2026496   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-04-05 01:47:02   687504   ----a-w-   c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3750640AS rev.3.AAE -> Harddisk0\DR0 -> \Device\00000032
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x896BE4B1]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x896c593c]; MOV EAX, [0x896c5ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8A837AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\0000006b[0x8A839B78]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8A837030]
\Driver\nvata[0x8A2C8738] -> IRP_MJ_CREATE -> 0x896BE4B1
error: Read  The request is not supported.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
\Device\0000006a -> \??\IDE#DiskST3750640AS_____________________________3.AAE___#202020202020202020202020513330444445424A#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:31:55.18 ===============
Logged
« Reply #3 on: June 03, 2012, 00:36:24 »
dvk01 Offline
Administrator WWW
Karma: 6
Posts: 308
2 things jump out
one a possible rootkit infection & 2 , you have java 7 installed and many sites just don't recognize java 7 and won't work with it and threy still only work with Java 6. u32

lets see if curing the rootkit will sort out the problem


step1.

Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
Logged
Derek
Microsoft MVP/Consumer Security
The Spykiller | Security and Privacy | Hedgehog Rescue
« Reply #4 on: June 03, 2012, 11:14:32 »
doriR Offline
Newbie

 *

Karma: 0
Posts: 13
Here is the Log, I tried a java game and it worked. What is the best thing to get to block these types of infections? I also need ideas on just basic stuff to do to protect myself? Is there a certain post to read that offers the best advice? I need to be pointed in the right direction.

11:52:25.0531 3976   TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
11:52:26.0625 3976   ============================================================
11:52:26.0625 3976   Current date / time: 2012/06/03 11:52:26.0625
11:52:26.0625 3976   SystemInfo:
11:52:26.0625 3976   
11:52:26.0625 3976   OS Version: 5.1.2600 ServicePack: 3.0
11:52:26.0625 3976   Product type: Workstation
11:52:26.0625 3976   ComputerName: HOME-1FD209EFB3
11:52:26.0625 3976   UserName: Administrator
11:52:26.0625 3976   Windows directory: C:\WINDOWS
11:52:26.0625 3976   System windows directory: C:\WINDOWS
11:52:26.0625 3976   Processor architecture: Intel x86
11:52:26.0625 3976   Number of processors: 2
11:52:26.0625 3976   Page size: 0x1000
11:52:26.0625 3976   Boot type: Normal boot
11:52:26.0625 3976   ============================================================
11:52:33.0968 3976   Drive \Device\Harddisk0\DR0 - Size: 0xAEA8BD5E00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:52:34.0000 3976   ============================================================
11:52:34.0000 3976   \Device\Harddisk0\DR0:
11:52:34.0031 3976   MBR partitions:
11:52:34.0031 3976   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x57541401
11:52:34.0031 3976   ============================================================
11:52:34.0156 3976   C: <-> \Device\Harddisk0\DR0\Partition0
11:52:34.0156 3976   ============================================================
11:52:34.0156 3976   Initialize success
11:52:34.0156 3976   ============================================================
11:53:33.0218 2820   ============================================================
11:53:33.0218 2820   Scan started
11:53:33.0218 2820   Mode: Manual;
11:53:33.0218 2820   ============================================================
11:53:33.0296 2820   Abiosdsk - ok
11:53:33.0296 2820   abp480n5 - ok
11:53:33.0375 2820   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:53:33.0406 2820   ACPI - ok
11:53:33.0437 2820   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:53:33.0437 2820   ACPIEC - ok
11:53:33.0750 2820   AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:53:33.0843 2820   AdobeFlashPlayerUpdateSvc - ok
11:53:33.0843 2820   adpu160m - ok
11:53:33.0937 2820   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:53:34.0000 2820   aec - ok
11:53:34.0187 2820   AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:53:34.0203 2820   AFD - ok
11:53:34.0265 2820   AFS2K           (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
11:53:34.0265 2820   AFS2K - ok
11:53:34.0265 2820   Aha154x - ok
11:53:34.0281 2820   aic78u2 - ok
11:53:34.0281 2820   aic78xx - ok
11:53:34.0312 2820   Alerter         (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:53:34.0312 2820   Alerter - ok
11:53:34.0343 2820   ALG             (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:53:34.0343 2820   ALG - ok
11:53:34.0359 2820   AliIde - ok
11:53:34.0421 2820   Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
11:53:34.0531 2820   Ambfilt - ok
11:53:34.0562 2820   amsint - ok
11:53:34.0609 2820   Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:53:34.0625 2820   Apple Mobile Device - ok
11:53:34.0656 2820   AppMgmt         (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
11:53:34.0656 2820   AppMgmt - ok
11:53:34.0703 2820   Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:53:34.0703 2820   Arp1394 - ok
11:53:34.0703 2820   asc - ok
11:53:34.0718 2820   asc3350p - ok
11:53:34.0718 2820   asc3550 - ok
11:53:34.0750 2820   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:53:34.0750 2820   AsyncMac - ok
11:53:34.0812 2820   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:53:34.0812 2820   atapi - ok
11:53:34.0859 2820   Atdisk - ok
11:53:34.0875 2820   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:53:34.0890 2820   Atmarpc - ok
11:53:34.0921 2820   AudioSrv        (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:53:34.0937 2820   AudioSrv - ok
11:53:34.0968 2820   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:53:34.0984 2820   audstub - ok
11:53:35.0031 2820   azt2320         (73c5a32199187c780abb93090cf068f1) C:\WINDOWS\system32\drivers\aztw2320.sys
11:53:35.0046 2820   azt2320 - ok
11:53:35.0078 2820   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:53:35.0093 2820   Beep - ok
11:53:35.0109 2820   BITS            (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:53:35.0171 2820   BITS - ok
11:53:35.0218 2820   Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:53:35.0250 2820   Bonjour Service - ok
11:53:35.0296 2820   Browser         (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:53:35.0296 2820   Browser - ok
11:53:35.0328 2820   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:53:35.0328 2820   cbidf2k - ok
11:53:35.0375 2820   ccEvtMgr        (c8d7452eb1dfc5e1ff044be28c4b07e1) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
11:53:35.0375 2820   ccEvtMgr - ok
11:53:35.0390 2820   ccPwdSvc        (ef8116f41b92ab7a577cfda867cfa542) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
11:53:35.0406 2820   ccPwdSvc - ok
11:53:35.0421 2820   ccSetMgr        (13248340757445ef3e158d99d6181fcc) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
11:53:35.0421 2820   ccSetMgr - ok
11:53:35.0421 2820   cd20xrnt - ok
11:53:35.0437 2820   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:53:35.0453 2820   Cdaudio - ok
11:53:35.0484 2820   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:53:35.0484 2820   Cdfs - ok
11:53:35.0500 2820   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:53:35.0515 2820   Cdrom - ok
11:53:35.0515 2820   Changer - ok
11:53:35.0515 2820   CiSvc           (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:53:35.0531 2820   CiSvc - ok
11:53:35.0531 2820   ClipSrv         (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:53:35.0546 2820   ClipSrv - ok
11:53:35.0546 2820   CmdIde - ok
11:53:35.0546 2820   COMSysApp - ok
11:53:35.0562 2820   Cpqarray - ok
11:53:35.0703 2820   CryptSvc        (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:53:35.0703 2820   CryptSvc - ok
11:53:35.0875 2820   ctlsb16         (e2b1aedb62845581d848037f0a614ee6) C:\WINDOWS\system32\drivers\ctlsb16.sys
11:53:35.0968 2820   ctlsb16 - ok
11:53:35.0968 2820   dac2w2k - ok
11:53:35.0968 2820   dac960nt - ok
11:53:36.0406 2820   DcomLaunch      (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:53:36.0515 2820   DcomLaunch - ok
11:53:36.0640 2820   DefWatch        (cc564a31a2e9f7ddb6de55848c3c0a0b) C:\Program Files\Symantec AntiVirus\DefWatch.exe
11:53:36.0656 2820   DefWatch - ok
11:53:36.0890 2820   Dhcp            (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:53:36.0968 2820   Dhcp - ok
11:53:37.0125 2820   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:53:37.0140 2820   Disk - ok
11:53:37.0140 2820   dmadmin - ok
11:53:37.0265 2820   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:53:37.0328 2820   dmboot - ok
11:53:37.0500 2820   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:53:37.0578 2820   dmio - ok
11:53:37.0625 2820   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:53:37.0625 2820   dmload - ok
11:53:37.0703 2820   dmserver        (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:53:37.0781 2820   dmserver - ok
11:53:37.0921 2820   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:53:37.0968 2820   DMusic - ok
11:53:38.0093 2820   Dnscache        (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:53:38.0093 2820   Dnscache - ok
11:53:38.0421 2820   Dot3svc         (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:53:38.0578 2820   Dot3svc - ok
11:53:38.0593 2820   dpti2o - ok
11:53:38.0593 2820   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:53:38.0609 2820   drmkaud - ok
11:53:38.0718 2820   EapHost         (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:53:38.0765 2820   EapHost - ok
11:53:39.0218 2820   eeCtrl          (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:53:39.0328 2820   eeCtrl - ok
11:53:39.0640 2820   EraserUtilDrv11210 (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
11:53:39.0687 2820   EraserUtilDrv11210 - ok
11:53:39.0812 2820   ERSvc           (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:53:39.0828 2820   ERSvc - ok
11:53:39.0906 2820   Eventlog        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:53:39.0984 2820   Eventlog - ok
11:53:40.0406 2820   EventSystem     (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:53:40.0453 2820   EventSystem - ok
11:53:40.0703 2820   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:53:40.0781 2820   Fastfat - ok
11:53:40.0812 2820   FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:53:40.0828 2820   FastUserSwitchingCompatibility - ok
11:53:40.0843 2820   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:53:40.0843 2820   Fdc - ok
11:53:40.0859 2820   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:53:40.0859 2820   Fips - ok
11:53:40.0875 2820   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:53:40.0875 2820   Flpydisk - ok
11:53:41.0171 2820   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:53:41.0234 2820   FltMgr - ok
11:53:41.0593 2820   ForceWare Intelligent Application Manager (IAM) (5f964bd0c8a6b5b74af7f8a2cdb6bb14) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
11:53:41.0656 2820   ForceWare Intelligent Application Manager (IAM) - ok
11:53:41.0687 2820   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:53:41.0687 2820   Fs_Rec - ok
11:53:41.0734 2820   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:53:41.0734 2820   Ftdisk - ok
11:53:41.0781 2820   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:53:41.0781 2820   GEARAspiWDM - ok
11:53:41.0812 2820   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:53:41.0828 2820   Gpc - ok
11:53:41.0859 2820   hamachi         (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
11:53:41.0906 2820   hamachi - ok
11:53:41.0968 2820   Hamachi2Svc     (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
11:53:42.0046 2820   Hamachi2Svc - ok
11:53:42.0125 2820   HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:53:42.0156 2820   HDAudBus - ok
11:53:42.0234 2820   helpsvc         (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:53:42.0234 2820   helpsvc - ok
11:53:42.0265 2820   HidServ         (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
11:53:42.0265 2820   HidServ - ok
11:53:42.0281 2820   hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:53:42.0296 2820   hidusb - ok
11:53:42.0375 2820   hkmsvc          (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:53:42.0375 2820   hkmsvc - ok
11:53:42.0375 2820   hpn - ok
11:53:42.0406 2820   HPZid412        (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:53:42.0421 2820   HPZid412 - ok
11:53:42.0437 2820   HPZipr12        (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:53:42.0437 2820   HPZipr12 - ok
11:53:42.0468 2820   HPZius12        (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:53:42.0468 2820   HPZius12 - ok
11:53:42.0515 2820   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:53:42.0515 2820   HTTP - ok
11:53:42.0531 2820   HTTPFilter      (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:53:42.0531 2820   HTTPFilter - ok
11:53:42.0531 2820   i2omgmt - ok
11:53:42.0531 2820   i2omp - ok
11:53:42.0562 2820   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:53:42.0578 2820   i8042prt - ok
11:53:42.0578 2820   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:53:42.0578 2820   Imapi - ok
11:53:42.0625 2820   ImapiService    (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:53:42.0640 2820   ImapiService - ok
11:53:42.0640 2820   ini910u - ok
11:53:42.0812 2820   IntcAzAudAddService (5d138adc44c43bf37634c8e528d75b1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:53:43.0218 2820   IntcAzAudAddService - ok
11:53:43.0312 2820   IntelIde - ok
11:53:43.0359 2820   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:53:43.0359 2820   intelppm - ok
11:53:43.0375 2820   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:53:43.0375 2820   Ip6Fw - ok
11:53:43.0406 2820   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:53:43.0406 2820   IpFilterDriver - ok
11:53:43.0437 2820   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:53:43.0437 2820   IpInIp - ok
11:53:43.0468 2820   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:53:43.0468 2820   IpNat - ok
11:53:43.0546 2820   iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
11:53:43.0578 2820   iPod Service - ok
11:53:43.0578 2820   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:53:43.0593 2820   IPSec - ok
11:53:43.0625 2820   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:53:43.0625 2820   IRENUM - ok
11:53:43.0640 2820   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:53:43.0656 2820   isapnp - ok
11:53:43.0750 2820   JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
11:53:43.0781 2820   JavaQuickStarterService - ok
11:53:43.0812 2820   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:53:43.0812 2820   Kbdclass - ok
11:53:43.0812 2820   kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:53:43.0812 2820   kbdhid - ok
11:53:43.0843 2820   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:53:43.0843 2820   kmixer - ok
11:53:43.0875 2820   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:53:43.0875 2820   KSecDD - ok
11:53:43.0906 2820   lanmanserver    (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:53:43.0906 2820   lanmanserver - ok
11:53:43.0968 2820   lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:53:43.0968 2820   lanmanworkstation - ok
11:53:43.0984 2820   lbrtfdc - ok
11:53:44.0031 2820   LmHosts         (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:53:44.0031 2820   LmHosts - ok
11:53:44.0078 2820   Messenger       (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:53:44.0078 2820   Messenger - ok
11:53:44.0093 2820   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:53:44.0093 2820   mnmdd - ok
11:53:44.0125 2820   mnmsrvc         (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:53:44.0140 2820   mnmsrvc - ok
11:53:44.0234 2820   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:53:44.0250 2820   Modem - ok
11:53:44.0531 2820   Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
11:53:44.0593 2820   Monfilt - ok
11:53:44.0625 2820   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:53:44.0625 2820   Mouclass - ok
11:53:44.0640 2820   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:53:44.0656 2820   mouhid - ok
11:53:44.0671 2820   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:53:44.0671 2820   MountMgr - ok
11:53:44.0750 2820   MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:53:44.0765 2820   MozillaMaintenance - ok
11:53:44.0765 2820   mraid35x - ok
11:53:44.0875 2820   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:53:44.0937 2820   MRxDAV - ok
11:53:44.0984 2820   MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:53:45.0015 2820   MRxSmb - ok
11:53:45.0046 2820   MSDTC           (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:53:45.0062 2820   MSDTC - ok
11:53:45.0078 2820   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:53:45.0078 2820   Msfs - ok
11:53:45.0093 2820   MSIServer - ok
11:53:45.0109 2820   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:53:45.0109 2820   MSKSSRV - ok
11:53:45.0156 2820   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:53:45.0156 2820   MSPCLOCK - ok
11:53:45.0171 2820   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:53:45.0187 2820   MSPQM - ok
11:53:45.0203 2820   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:53:45.0203 2820   mssmbios - ok
11:53:45.0250 2820   Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:53:45.0265 2820   Mup - ok
11:53:45.0312 2820   napagent        (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:53:45.0328 2820   napagent - ok
11:53:45.0421 2820   NAVENG          (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120601.005\naveng.sys
11:53:45.0421 2820   NAVENG - ok
11:53:45.0484 2820   NAVEX15         (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120601.005\navex15.sys
11:53:45.0500 2820   NAVEX15 - ok
11:53:45.0609 2820   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:53:45.0625 2820   NDIS - ok
11:53:45.0671 2820   NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:53:45.0671 2820   NdisTapi - ok
11:53:45.0703 2820   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:53:45.0703 2820   Ndisuio - ok
11:53:45.0718 2820   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:53:45.0718 2820   NdisWan - ok
11:53:45.0765 2820   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:53:45.0765 2820   NDProxy - ok
11:53:45.0781 2820   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:53:45.0796 2820   NetBIOS - ok
11:53:45.0812 2820   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:53:45.0828 2820   NetBT - ok
11:53:45.0859 2820   NetDDE          (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:53:45.0875 2820   NetDDE - ok
11:53:45.0875 2820   NetDDEdsdm      (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:53:45.0875 2820   NetDDEdsdm - ok
11:53:45.0906 2820   Netlogon        (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:53:45.0906 2820   Netlogon - ok
11:53:45.0921 2820   Netman          (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:53:45.0937 2820   Netman - ok
11:53:45.0937 2820   NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:53:45.0937 2820   NIC1394 - ok
11:53:46.0015 2820   Nla             (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:53:46.0015 2820   Nla - ok
11:53:46.0031 2820   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:53:46.0046 2820   Npfs - ok
11:53:46.0156 2820   nSvcIp          (3581422bc6ab5d31843f7952c69cd78f) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
11:53:46.0171 2820   nSvcIp - ok
11:53:46.0203 2820   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:53:46.0218 2820   Ntfs - ok
11:53:46.0218 2820   NtLmSsp         (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:53:46.0218 2820   NtLmSsp - ok
11:53:46.0250 2820   NtmsSvc         (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:53:46.0265 2820   NtmsSvc - ok
11:53:46.0312 2820   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:53:46.0312 2820   Null - ok
11:53:46.0593 2820   nv              (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:53:46.0953 2820   nv - ok
11:53:47.0015 2820   nvata           (dc1f9954b5eddd147af7e5c420be7b93) C:\WINDOWS\system32\DRIVERS\nvata.sys
11:53:47.0015 2820   nvata - ok
11:53:47.0031 2820   NVENETFD        (974551a956f3269f460d4b18101eec46) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
11:53:47.0046 2820   NVENETFD - ok
11:53:47.0046 2820   nvnetbus        (7fc2baf84006f28cb9f477a167fff9ba) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
11:53:47.0046 2820   nvnetbus - ok
11:53:47.0093 2820   NVSvc           (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe
11:53:47.0109 2820   NVSvc - ok
11:53:47.0125 2820   NVTCP           (1f5140a455e4fb9ce031ddefb9a1f427) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
11:53:47.0125 2820   NVTCP - ok
11:53:47.0156 2820   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:53:47.0156 2820   NwlnkFlt - ok
11:53:47.0156 2820   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:53:47.0171 2820   NwlnkFwd - ok
11:53:47.0171 2820   ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:53:47.0171 2820   ohci1394 - ok
11:53:47.0203 2820   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:53:47.0203 2820   Parport - ok
11:53:47.0203 2820   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:53:47.0218 2820   PartMgr - ok
11:53:47.0234 2820   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:53:47.0234 2820   ParVdm - ok
11:53:47.0265 2820   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:53:47.0265 2820   PCI - ok
11:53:47.0281 2820   PCIDump - ok
11:53:47.0296 2820   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:53:47.0296 2820   PCIIde - ok
11:53:47.0312 2820   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:53:47.0312 2820   Pcmcia - ok
11:53:47.0312 2820   PDCOMP - ok
11:53:47.0312 2820   PDFRAME - ok
11:53:47.0328 2820   PDRELI - ok
11:53:47.0328 2820   PDRFRAME - ok
11:53:47.0343 2820   perc2 - ok
11:53:47.0359 2820   perc2hib - ok
11:53:47.0390 2820   PlugPlay        (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:53:47.0406 2820   PlugPlay - ok
11:53:47.0453 2820   Pml Driver HPZ12 (fb03f341ff5380394bf2ee52f1979925) C:\WINDOWS\system32\HPZipm12.exe
11:53:47.0453 2820   Pml Driver HPZ12 - ok
11:53:47.0484 2820   PolicyAgent     (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:53:47.0484 2820   PolicyAgent - ok
11:53:47.0500 2820   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:53:47.0515 2820   PptpMiniport - ok
11:53:47.0515 2820   ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:53:47.0515 2820   ProtectedStorage - ok
11:53:47.0515 2820   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:53:47.0515 2820   PSched - ok
11:53:47.0531 2820   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:53:47.0531 2820   Ptilink - ok
11:53:47.0531 2820   ql1080 - ok
11:53:47.0546 2820   Ql10wnt - ok
11:53:47.0546 2820   ql12160 - ok
11:53:47.0562 2820   ql1240 - ok
11:53:47.0562 2820   ql1280 - ok
11:53:47.0593 2820   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:53:47.0593 2820   RasAcd - ok
11:53:47.0609 2820   RasAuto         (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:53:47.0625 2820   RasAuto - ok
11:53:47.0625 2820   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:53:47.0625 2820   Rasl2tp - ok
11:53:47.0671 2820   RasMan          (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:53:47.0671 2820   RasMan - ok
11:53:47.0671 2820   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:53:47.0671 2820   RasPppoe - ok
11:53:47.0687 2820   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:53:47.0687 2820   Raspti - ok
11:53:47.0703 2820   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:53:47.0718 2820   Rdbss - ok
11:53:47.0718 2820   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:53:47.0734 2820   RDPCDD - ok
11:53:47.0734 2820   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:53:47.0750 2820   rdpdr - ok
11:53:47.0781 2820   RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
11:53:47.0796 2820   RDPWD - ok
11:53:47.0812 2820   RDSessMgr       (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:53:47.0828 2820   RDSessMgr - ok
11:53:47.0828 2820   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:53:47.0843 2820   redbook - ok
11:53:47.0859 2820   RemoteAccess    (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:53:47.0875 2820   RemoteAccess - ok
11:53:47.0906 2820   RemoteRegistry  (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:53:47.0921 2820   RemoteRegistry - ok
11:53:47.0921 2820   RpcLocator      (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:53:47.0921 2820   RpcLocator - ok
11:53:47.0984 2820   RpcSs           (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:53:47.0984 2820   RpcSs - ok
11:53:48.0015 2820   RSVP            (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:53:48.0031 2820   RSVP - ok
11:53:48.0046 2820   SamSs           (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:53:48.0046 2820   SamSs - ok
11:53:48.0109 2820   SavRoam         (e20aed7668511d2848d64f2f3fa7c8e0) C:\Program Files\Symantec AntiVirus\SavRoam.exe
11:53:48.0109 2820   SavRoam - ok
11:53:48.0140 2820   SAVRT           (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
11:53:48.0140 2820   SAVRT - ok
11:53:48.0156 2820   SAVRTPEL        (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
11:53:48.0156 2820   SAVRTPEL - ok
11:53:48.0156 2820   SCardSvr        (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:53:48.0171 2820   SCardSvr - ok
11:53:48.0203 2820   Schedule        (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:53:48.0203 2820   Schedule - ok
11:53:48.0250 2820   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:53:48.0250 2820   Secdrv - ok
11:53:48.0281 2820   seclogon        (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:53:48.0281 2820   seclogon - ok
11:53:48.0328 2820   SENS            (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:53:48.0328 2820   SENS - ok
11:53:48.0328 2820   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:53:48.0343 2820   serenum - ok
11:53:48.0343 2820   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:53:48.0359 2820   Serial - ok
11:53:48.0375 2820   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:53:48.0375 2820   Sfloppy - ok
11:53:48.0421 2820   SharedAccess    (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:53:48.0437 2820   SharedAccess - ok
11:53:48.0484 2820   ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:53:48.0484 2820   ShellHWDetection - ok
11:53:48.0484 2820   Simbad - ok
11:53:48.0531 2820   SNDSrvc         (074001698482de1f6ddc7be92da67721) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
11:53:48.0546 2820   SNDSrvc - ok
11:53:48.0546 2820   Sparrow - ok
11:53:48.0609 2820   SPBBCDrv        (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
11:53:48.0625 2820   SPBBCDrv - ok
11:53:48.0656 2820   SPBBCSvc        (ea07435c72a8534c3a8e02d87246e546) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
11:53:48.0718 2820   SPBBCSvc - ok
11:53:48.0750 2820   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:53:48.0750 2820   splitter - ok
11:53:48.0796 2820   Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:53:48.0796 2820   Spooler - ok
11:53:48.0812 2820   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:53:48.0828 2820   sr - ok
11:53:48.0859 2820   srservice       (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:53:48.0875 2820   srservice - ok
11:53:48.0921 2820   Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:53:48.0937 2820   Srv - ok
11:53:48.0953 2820   SSDPSRV         (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:53:48.0953 2820   SSDPSRV - ok
11:53:48.0968 2820   Steam Client Service - ok
11:53:49.0000 2820   stisvc          (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:53:49.0015 2820   stisvc - ok
11:53:49.0062 2820   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:53:49.0062 2820   swenum - ok
11:53:49.0078 2820   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:53:49.0078 2820   swmidi - ok
11:53:49.0078 2820   SwPrv - ok
11:53:49.0156 2820   Symantec AntiVirus (07c8477743aa4a7db19ccd23598817b1) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
11:53:49.0328 2820   Symantec AntiVirus - ok
11:53:49.0406 2820   symc810 - ok
11:53:49.0406 2820   symc8xx - ok
11:53:49.0421 2820   SymEvent        (3feeb051c94f5005f56423619315273b) C:\Program Files\Symantec\SYMEVENT.SYS
11:53:49.0437 2820   SymEvent - ok
11:53:49.0437 2820   SYMREDRV        (8d668fe83a439e2166b7defff995cddc) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
11:53:49.0453 2820   SYMREDRV - ok
11:53:49.0468 2820   SYMTDI          (b825e10cd61046672fef234820842c42) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
11:53:49.0484 2820   SYMTDI - ok
11:53:49.0484 2820   sym_hi - ok
11:53:49.0484 2820   sym_u3 - ok
11:53:49.0531 2820   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:53:49.0531 2820   sysaudio - ok
11:53:49.0562 2820   SysmonLog       (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:53:49.0562 2820   SysmonLog - ok
11:53:49.0609 2820   TapiSrv         (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:53:49.0609 2820   TapiSrv - ok
11:53:49.0656 2820   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:53:49.0671 2820   Tcpip - ok
11:53:49.0687 2820   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:53:49.0703 2820   TDPIPE - ok
11:53:49.0718 2820   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:53:49.0718 2820   TDTCP - ok
11:53:49.0750 2820   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:53:49.0750 2820   TermDD - ok
11:53:49.0796 2820   TermService     (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:53:49.0812 2820   TermService - ok
11:53:49.0843 2820   Themes          (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:53:49.0843 2820   Themes - ok
11:53:49.0875 2820   TlntSvr         (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
11:53:49.0890 2820   TlntSvr - ok
11:53:49.0890 2820   TosIde - ok
11:53:49.0921 2820   TrkWks          (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:53:49.0937 2820   TrkWks - ok
11:53:49.0937 2820   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:53:49.0953 2820   Udfs - ok
11:53:49.0953 2820   ultra - ok
11:53:50.0000 2820   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:53:50.0000 2820   Update - ok
11:53:50.0031 2820   upnphost        (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:53:50.0046 2820   upnphost - ok
11:53:50.0062 2820   UPS             (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:53:50.0078 2820   UPS - ok
11:53:50.0109 2820   USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:53:50.0109 2820   USBAAPL - ok
11:53:50.0156 2820   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:53:50.0156 2820   usbccgp - ok
11:53:50.0203 2820   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:53:50.0218 2820   usbehci - ok
11:53:50.0250 2820   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:53:50.0265 2820   usbhub - ok
11:53:50.0281 2820   usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:53:50.0296 2820   usbohci - ok
11:53:50.0296 2820   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:53:50.0296 2820   usbprint - ok
11:53:50.0328 2820   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:53:50.0328 2820   usbscan - ok
11:53:50.0343 2820   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:53:50.0359 2820   USBSTOR - ok
11:53:50.0359 2820   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:53:50.0359 2820   VgaSave - ok
11:53:50.0359 2820   ViaIde - ok
11:53:50.0375 2820   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:53:50.0375 2820   VolSnap - ok
11:53:50.0390 2820   VSS             (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:53:50.0421 2820   VSS - ok
11:53:50.0421 2820   W32Time         (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:53:50.0437 2820   W32Time - ok
11:53:50.0453 2820   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:53:50.0468 2820   Wanarp - ok
11:53:50.0468 2820   WDICA - ok
11:53:50.0500 2820   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:53:50.0515 2820   wdmaud - ok
11:53:50.0515 2820   WebClient       (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:53:50.0531 2820   WebClient - ok
11:53:50.0593 2820   winmgmt         (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:53:50.0609 2820   winmgmt - ok
11:53:50.0640 2820   WmdmPmSN        (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
11:53:50.0640 2820   WmdmPmSN - ok
11:53:50.0687 2820   Wmi             (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:53:50.0687 2820   Wmi - ok
11:53:50.0703 2820   WmiApSrv        (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:53:50.0703 2820   WmiApSrv - ok
11:53:50.0750 2820   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:53:50.0750 2820   WS2IFSL - ok
11:53:50.0781 2820   wscsvc          (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:53:50.0796 2820   wscsvc - ok
11:53:50.0796 2820   wuauserv        (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:53:50.0796 2820   wuauserv - ok
11:53:50.0828 2820   WZCSVC          (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:53:50.0875 2820   WZCSVC - ok
11:53:50.0890 2820   xmlprov         (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:53:50.0906 2820   xmlprov - ok
11:53:50.0937 2820   MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:53:50.0953 2820   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:53:50.0953 2820   \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:53:50.0984 2820   Boot (0x1200)   (555e8f9b7c162e3c869a046aa8acb3bc) \Device\Harddisk0\DR0\Partition0
11:53:50.0984 2820   \Device\Harddisk0\DR0\Partition0 - ok
11:53:50.0984 2820   ============================================================
11:53:50.0984 2820   Scan finished
11:53:50.0984 2820   ============================================================
11:53:51.0000 0848   Detected object count: 1
11:53:51.0000 0848   Actual detected object count: 1
11:59:20.0203 0848   \Device\Harddisk0\DR0\# - copied to quarantine
11:59:20.0203 0848   \Device\Harddisk0\DR0 - copied to quarantine
11:59:20.0265 0848   \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:59:20.0281 0848   \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:59:20.0281 0848   \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:59:20.0296 0848   \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:59:20.0312 0848   \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:59:20.0312 0848   \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:59:20.0328 0848   \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:59:20.0343 0848   \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:59:20.0343 0848   \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:59:20.0343 0848   \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:59:20.0359 0848   \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:59:20.0359 0848   \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:59:20.0375 0848   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:59:20.0375 0848   \Device\Harddisk0\DR0 - ok
11:59:25.0984 0848   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:59:32.0234 0328   Deinitialize success

Thank you for all your help. I would never have figured this out.
Logged
« Reply #5 on: June 03, 2012, 12:21:08 »
dvk01 Offline
Administrator WWW
Karma: 6
Posts: 308
go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/online/ for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration  

Then pay an urgent visit to windows update & make sure you are fully updated,  that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
Logged
Derek
Microsoft MVP/Consumer Security
The Spykiller | Security and Privacy | Hedgehog Rescue
 
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Page created in 0.137 seconds with 20 queries.