Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Google redirect

(In Progress)
(!)

Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
13-Jan-2013, 04:36 PM #1
Google redirect
Here's hoping you guys can help me again. I'm back on my desktop since my laptop is nice and borked - constant startup repair and HDD fail. I'll post for help here if the Geek Squad can't fix that; I pay them enough to do it. But my desktop has a nice little google redirect malware. I'm running Win XP SP3. on this desktop. Here are the logfiles:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:29:04 PM, on 1/13/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1238500289\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Documents and Settings\USER\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1238500289\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\USER\Application Data\Dropbox\bin\Dropbox.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47...abblecubes.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47...amesLoader.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/BrowserCheck/w...enXInstall.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} (CsLauncher Class) - http://hb.getamped.com/start/CsLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9867 bytes

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by USER at 15:32:42 on 2013-01-13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1102 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\AOL\1238500289\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Documents and Settings\USER\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://webmail.aol.com/
uProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\19.9.0.9\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [HostManager] c:\program files\common files\aol\1238500289\ee\AOLSoftware.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Aeria Ignite] "c:\program files\aeria games\ignite\aeriaignite.exe" silent
StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://www.mathxl.com/BrowserCheck/wiz/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9D1D68A0-A2EF-48F4-B0DE-EE35C4FEDBEC} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\tdolf9i0.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\user\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2012-12-24 20:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1309000.009\symds.sys [2012-10-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1309000.009\symefa.sys [2012-10-1 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20130107.001\BHDrvx86.sys [2013-1-9 995488]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-3-26 13696]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1309000.009\ccsetx86.sys [2012-10-1 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1309000.009\ironx86.sys [2012-10-1 149624]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20130113.001\IDSXpx86.sys [2013-1-13 373728]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20130112.007\NAVENG.SYS [2013-1-12 92704]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20130112.007\NAVEX15.SYS [2013-1-12 1601184]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-01-13 12:42:26 -------- d-----w- c:\program files\Hidden World of Art
2013-01-12 13:34:48 -------- d-----w- c:\program files\Aquapolis
2013-01-11 23:29:21 -------- d-----w- c:\program files\Aeria Games
2013-01-10 00:42:02 -------- d-----w- c:\documents and settings\user\application data\Ladia Group
2013-01-09 01:41:24 -------- d-----w- c:\program files\Hidden World of Art 2 - Undercover Art Agent
2013-01-09 01:40:17 -------- d-----w- c:\program files\Ancient Rome
2012-12-29 00:50:35 -------- d-----w- c:\program files\Spirits of Mystery - The Dark Minotaur Collector's Edition
2012-12-29 00:41:52 -------- d-----w- c:\program files\Dropbox
2012-12-27 02:43:28 -------- d-----w- c:\windows\system32\XPSViewer
2012-12-27 02:42:46 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-12-27 02:41:50 117760 ------w- c:\windows\system32\prntvpt.dll
2012-12-27 02:41:49 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-12-27 02:41:49 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-12-27 02:41:49 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-12-27 02:41:49 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-12-27 02:41:49 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-12-27 02:41:48 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2012-12-27 02:41:48 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-12-27 02:41:47 -------- d-----w- C:\4e2b6120e1950dd50630124376d5b8
2012-12-27 02:31:46 -------- d-----w- C:\ffe579d1a632a84c36d3b24a9f98e580
2012-12-25 13:16:13 -------- d-----w- c:\documents and settings\user\local settings\application data\Aeria Games
2012-12-25 13:14:36 -------- d-----w- C:\ProgramData
2012-12-25 01:19:10 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-12-25 01:15:18 -------- d--h--r- C:\AHCache
2012-12-25 00:57:11 -------- d-----w- c:\documents and settings\user\local settings\application data\Akamai
2012-12-25 00:57:10 -------- d-----w- C:\AeriaGames
2012-12-20 17:09:05 -------- d-----w- c:\documents and settings\user\application data\Lonely Troops
2012-12-19 14:41:06 -------- d-----w- c:\documents and settings\user\local settings\application data\Big Fish
2012-12-19 14:40:17 -------- d-----w- c:\documents and settings\all users\application data\Big Fish
2012-12-19 14:39:42 -------- d-----w- c:\program files\Found - A Hidden Object Adventure - Free to Play
2012-12-15 14:26:05 -------- d-----w- c:\documents and settings\user\application data\FirstColony
2012-12-15 14:19:51 -------- d-----w- c:\program files\Forgotten Lands - First Colony
.
==================== Find3M ====================
.
2013-01-09 02:06:30 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 02:06:30 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 15:33:25.98 ===============

attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/26/2009 3:16:26 PM
System Uptime: 1/13/2013 2:19:02 PM (1 hours ago)
.
Motherboard: BIOSTAR Group | | P4M900-M7 FE
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | Socket 775 | 2199/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 383.724 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 19 GiB total, 18.58 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Service:
.
==== System Restore Points ===================
.
RP323: 10/27/2012 7:06:47 PM - System Checkpoint
RP324: 11/3/2012 8:27:10 PM - Installed Java(TM) 6 Update 37
RP325: 11/16/2012 6:37:15 PM - Software Distribution Service 3.0
RP326: 11/24/2012 10:12:01 PM - System Checkpoint
RP327: 11/25/2012 10:22:23 PM - System Checkpoint
RP328: 12/9/2012 1:33:45 PM - System Checkpoint
RP329: 12/12/2012 7:23:04 PM - System Checkpoint
RP330: 12/12/2012 9:05:01 PM - Software Distribution Service 3.0
RP331: 12/13/2012 9:43:23 PM - System Checkpoint
RP332: 12/16/2012 12:11:10 PM - System Checkpoint
RP333: 12/17/2012 8:18:04 PM - System Checkpoint
RP334: 12/18/2012 8:24:31 PM - System Checkpoint
RP335: 12/21/2012 12:30:19 PM - Software Distribution Service 3.0
RP336: 12/26/2012 9:31:39 PM - Software Distribution Service 3.0
RP337: 12/27/2012 6:44:57 PM - Printer Driver Microsoft XPS Document Writer Installed
RP338: 12/28/2012 11:06:09 PM - Software Distribution Service 3.0
RP339: 12/30/2012 10:49:56 AM - System Checkpoint
RP340: 1/2/2013 8:36:28 PM - System Checkpoint
RP341: 1/3/2013 8:02:03 PM - Software Distribution Service 3.0
RP342: 1/10/2013 7:46:12 PM - System Checkpoint
RP343: 1/10/2013 8:01:12 PM - Software Distribution Service 3.0
RP344: 1/12/2013 10:31:06 AM - System Checkpoint
RP345: 1/13/2013 12:05:54 PM - System Checkpoint
.
==== Installed Programs ======================
.
3 Days: Zoo Mystery
4 Elements
4 Elements II
A Gnome's Home: The Great Crystal Crusade
Abigail and the Kingdom of Fairs
Acrobat.com
Adelantado Trilogy: Book One
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Aeria Ignite
Aerie - Spirit of the Forest
AIM 7
Akamai NetSession Interface
Alchemist's Apprentice
All My Gods
Allora and The Broken Portal
Amusement World!
Ancient Rome
Antique Road Trip 2: Homecoming
AOL Coach Version 1.0(Build:20030807.3)
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Aquapolis
Art Mogul
Awakening: Moonfell Wood
Awakening: The Dreamless Castle
Awakening: The Goblin Kingdom
Awakening: The Skyward Castle
Awakening: The Skyward Castle Collector's Edition
Aztec Tribe
Aztec Tribe: New Land
Be Rich
Be Richer
Be Richest!
Bejeweled 3
Big City Adventure: New York City
Big Fish Games: Game Manager
Bonjour
Build-a-lot The Elizabethan Era - Standard Edition
Build a Lot
Build a Lot (pack)
Build a Lot 2 (pack)
Build a Lot 3 (pack)
Build a Lot 4 (pack)
Build In Time
Build It Green: Back to the Beach
Build It Miami Beach Resort
Building the Great Wall of China
Campgrounds
City of Fools
Club Paradise
Cosplay Fetish Academy v1.2
County Fair
Critical Update for Windows Media Player 11 (KB959772)
Dark Parables: Curse of Briar Rose
Dark Parables: Rise of the Snow Queen
Dark Parables: The Exiled Prince
Dark Parables: The Red Riding Hood Sisters Collector's Edition
Download Updater (AOL LLC)
Dragon Crossroads
Dragon Keeper
Dragon Keeper 2
Dream Builder: Amusement Park
Dream Chronicles(R) Trilogy 1 Bundle
Dream Inn: Driftwood
Dropbox
Egypt: Secret of five Gods
Empire Builder - Ancient Egypt
ESET Online Scanner v3
Farm Tribe
Farmscapes(TM)
Farmscapes(TM) Premium Edition
FileMaker Pro 10
Fishdom - Spooky Splash
Fishdom H2O: Hidden Odyssey ™
Flux Family Secrets - The Rabbit Hole
Flux Family Secrets: The Book of Oracles
Forgotten Lands: First Colony ™
Found: A Hidden Object Adventure - Free to Play
Full Tilt Poker.Net
Garden Defense
Gardenscapes
Gardenscapes: Mansion Makeover™
Gourmania
Gourmania 2: Great Expectations
Gourmania 3: Zoo Zoom
Governor of Poker
Governor of Poker 2 - Premium Edition
Grand Fantasia
Guardians of Beyond: Witchville
Guardians of Magic: Amanda's Awakening
Hallowed Legends: Templar Collector's Edition
HappyVille: Quest for Utopia
Hentai Anime Poker
Hidden Magic
Hidden Mysteries&reg;: Salem Secrets
Hidden Mysteries: Notre Dame - Secrets of Paris
Hidden Object Crosswords
Hidden World
Hidden World of Art
Hidden World of Art 2: Undercover Art Agent
High Definition Audio Driver Package - KB888111
HolyBeast
Hotel Mogul
Hotel Mogul Las Vegas
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
House of 1000 Doors: Family Secrets
House of 1000 Doors: The Palm of Zoroaster
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
I SPY ™ Mystery
Island Defense
Island Realms
Island Tribe
Island Tribe 2
Island Tribe 3
Island Tribe 4
Jack of all Tribes
Java Auto Updater
Java(TM) 6 Update 37
Jewel Legends: Tree of Life
Journey: The Heart of Gaia
Kingdom Chronicles Collector's Edition
LabelCreator Pro
LandGrabbers
Learn2 Player (Uninstall Only)
Legends of Atlantis: Exodus
Little Shop - Traveler's Pack
Little Shop of Treasures
Magic Encyclopedia
Magic Encyclopedia 2 Moonlight
Magic Encyclopedia: Illusions
Mall-A-Palooza
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Million Dollar Quest
MONOPOLY Build-a-lot Edition
Monster Mash
Monument Builder: Eiffel Tower
Monument Builders: Statue of Liberty
Mortimer Beckett and the Crimson Thief
Mortimer Beckett and the Lost King Collectors Edition(remove only)
Mortimer Beckett and the Secrets of Spooky Manor
Mortimer Beckett and the Time Paradox
Mother Nature
Move Media Player
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
Musicnotes Software Suite 1.5.3
My Kingdom For The Princess
My Kingdom for the Princess 2
My Kingdom for the Princess 3
My Life Story
My Life Story: Adventures
Mystery Legends - The Phantom of the Opera
Mystery Legends: The Phantom of the Opera Collector's Edition
Mystery P.I.: Stolen in San Francisco
Mystery P.I.: The Curious Case of Counterfeit Cove
Mystery P.I.: The New York Fortune
Natalie Brooks Mystery at Hillcrest High (Pack)
Natalie Brooks Secrets of Treasure House (Pack)
Natalie Brooks The Treasures of the Lost Kingdom
Nero 6 Enterprise Edition
New Yankee in King Arthur's Court
Northern Tale
Norton Internet Security
NVIDIA Drivers
Optimum Online net guide
Pandora
Paradise Beach
Pioneer Lands
Plan It Green
Plantasia
PowerDVD
Princess Isabella: A Witch's Curse
Princess Isabella: Return of the Curse
Professor Answers
Professor Teaches Access 2003
Professor Teaches Access 2007
Professor Teaches Excel 2003
Professor Teaches Excel 2007
Professor Teaches Outlook 2003
Professor Teaches Outlook 2007
Professor Teaches PowerPoint 2003
Professor Teaches PowerPoint 2007
Professor Teaches Publisher 2007
Professor Teaches Word 2003
Professor Teaches Word 2007
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Rescue Team
Rescue Team 2
Roads of Rome
Roads of Rome 2
Roads of Rome III
Romance of Rome
Royal Envoy 2 Collector's Edition
Royal Envoy Collectors Edition
Royal Trouble
Sailor Moon
Samantha Swift and the Fountains of Fate
Secret Diaries: Florence Ashford
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Segoe UI
Settlement Colossus
Sherlock Holmes and the Hound of the Baskervilles
Shop-n-Spree
Shop-N-Spree: Family Fortune
Shop-n-Spree: Shopping Paradise
Shop It Up!
Ski Resort Mogul
Skype Toolbars
Skype™ 5.10
Snark Busters
Snark Busters: All Revved up
Snark Busters: High Society
Sonya
Spelling Dictionaries Support For Adobe Reader 9
Spirits of Mystery: Amber Maiden
Spirits of Mystery: Amber Maiden Collector's Edition
Spirits of Mystery: Song of the Phoenix Collector's Edition
Spirits of Mystery: The Dark Minotaur Collector's Edition
Sprill and Ritchie Adventures in Time
Sprill The mystery of the bermuda triangle
Summer Resort Mogul
Summer Rush
Supermarket Management
Supermarket Management 2
Supermarket Mania
Tales of Lagoona: Orphans of the Ocean
The Clumsys 2: Butterfly Effect
The Fool
The Hidden Object Show Combo Pack
The Island Castaway
The Legend of Sanna
The Palace Builder
The Promised Land
The Timebuilders: Caveman's Prophecy
The Timebuilders: Pyramid Rising
The TimeBuilders: Pyramid Rising 2
The Witch and The Warrior
The Witch and the Warrior Strategy Guide
Time to Hurry: Nicole's Story
Totem Tribe Gold Extended Edition
Treasure Seekers: Follow the Ghosts
Treasure Seekers: The Enchanted Canvases
Treasure Seekers: The Time Has Come
Treasure Seekers: Visions of Gold ™
Typing Instructor Platinum
Unity Web Player
Unlikely Suspects
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vacation Mogul
Vacation Quest: Australia
Veronica Rivers: Portals to the Unknown ™
Virtual City
Virtual City 2: Paradise Resort
Walmart MP3 Music Downloads
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WordPerfect Family Pack 4
World of Tanks v.0.7.2
World of Zellians: Kingdom Builder ™
Yahoo! Messenger
Yard Sale Hidden Treasures: Lucky Junction
Youda Safari
Youda Survivor
.
==== Event Viewer Messages From Past Week ========
.
1/6/2013 3:45:56 PM, error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).
1/6/2013 3:45:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
1/6/2013 3:45:50 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
1/6/2013 3:45:50 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/12/2013 8:29:35 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
1/10/2013 9:21:56 PM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/10/2013 6:27:01 PM, error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================


I'll get GMER going in a bit and come back to paste the log if it works. Last time I needed help here, it didn't work so here's hoping.
Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
14-Jan-2013, 12:12 AM #2
GMER log here:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2013-01-13 22:44:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-00A7B0 rev.01.03B01
Running: 8mp8jtmw.exe; Driver: C:\DOCUME~1\USER\LOCALS~1\Temp\pgliqpoc.sys

---- System - GMER 1.0.15 ----
SSDT 8A0732B8 ZwAlertResumeThread
SSDT 8A0B5270 ZwAlertThread
SSDT 8A0C9260 ZwAllocateVirtualMemory
SSDT 8A0952C0 ZwAssignProcessToJobObject
SSDT 8A5F4680 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB5E9CD40]
SSDT 8A0E2260 ZwCreateMutant
SSDT 8A0DA220 ZwCreateSymbolicLinkObject
SSDT 8A0D7300 ZwCreateThread
SSDT 8A0DF260 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB5E9CFC0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB5E9D680]
SSDT 8A0CA308 ZwDuplicateObject
SSDT 8A0E9280 ZwFreeVirtualMemory
SSDT 8A071230 ZwImpersonateAnonymousToken
SSDT 8A073218 ZwImpersonateThread
SSDT 8A5EEA20 ZwLoadDriver
SSDT 8A0E82B8 ZwMapViewOfSection
SSDT 8A0D22B8 ZwOpenEvent
SSDT 8A09F2B0 ZwOpenProcess
SSDT 8A0CA228 ZwOpenProcessToken
SSDT 8A0D5230 ZwOpenSection
SSDT 8A0CB2C8 ZwOpenThread
SSDT 8A0DA310 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xB5E9DBF0]
SSDT 8A09A230 ZwResumeThread
SSDT 8A0E1270 ZwSetContextThread
SSDT 8A0E7220 ZwSetInformationProcess
SSDT 8A0DF320 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB5E9D910]
SSDT 8A0D2218 ZwSuspendProcess
SSDT 8A0D6218 ZwSuspendThread
SSDT 8A0C12E0 ZwTerminateProcess
SSDT 8A0D62B8 ZwTerminateThread
SSDT 8A0E8218 ZwUnmapViewOfSection
SSDT 8A0EA240 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504658 4 Bytes [20, EA, 5E, 8A]
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB86B0380, 0x346307, 0xE8000020]
? C:\DOCUME~1\USER\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
16-Jan-2013, 07:26 AM #3
bumping
Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
21-Jan-2013, 11:22 PM #4
bump again
Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
24-Jan-2013, 05:05 PM #5
Another bump.
Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
28-Jan-2013, 11:57 PM #6
bumping again. here's hoping
Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
01-Feb-2013, 07:46 AM #7
bump. again.
Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
07-Feb-2013, 07:37 AM #8
Bumping one more time.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,176 posts.
 
Join Date: Aug 2003
08-Feb-2013, 10:06 AM #9
Please go here and download the TDSSKiller.exe to your desktop.
  • Double-click to TDSSKiller.exe on your desktop to run it.
  • Click on Start Scan
  • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.
__________________
Microsoft MVP - Consumer Security
Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
10-Feb-2013, 11:45 AM #10
Sorry for the delay, the snowstorm up here really caused a lot of trouble.

10:43:02.0890 5364 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:43:04.0031 5364 ============================================================
10:43:04.0031 5364 Current date / time: 2013/02/10 10:43:04.0031
10:43:04.0031 5364 SystemInfo:
10:43:04.0031 5364
10:43:04.0031 5364 OS Version: 5.1.2600 ServicePack: 3.0
10:43:04.0031 5364 Product type: Workstation
10:43:04.0031 5364 ComputerName: COMPUTER
10:43:04.0031 5364 UserName: USER
10:43:04.0031 5364 Windows directory: C:\WINDOWS
10:43:04.0031 5364 System windows directory: C:\WINDOWS
10:43:04.0031 5364 Processor architecture: Intel x86
10:43:04.0031 5364 Number of processors: 2
10:43:04.0031 5364 Page size: 0x1000
10:43:04.0031 5364 Boot type: Normal boot
10:43:04.0031 5364 ============================================================
10:43:05.0875 5364 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:43:05.0906 5364 Drive \Device\Harddisk1\DR1 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:43:05.0906 5364 ============================================================
10:43:05.0906 5364 \Device\Harddisk0\DR0:
10:43:05.0906 5364 MBR partitions:
10:43:05.0906 5364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
10:43:05.0906 5364 \Device\Harddisk1\DR1:
10:43:05.0906 5364 MBR partitions:
10:43:05.0906 5364 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254A6C3
10:43:05.0906 5364 ============================================================
10:43:05.0921 5364 C: <-> \Device\Harddisk0\DR0\Partition1
10:43:05.0968 5364 E: <-> \Device\Harddisk1\DR1\Partition1
10:43:05.0968 5364 ============================================================
10:43:05.0968 5364 Initialize success
10:43:05.0968 5364 ============================================================
10:43:19.0734 5804 ============================================================
10:43:19.0734 5804 Scan started
10:43:19.0734 5804 Mode: Manual;
10:43:19.0734 5804 ============================================================
10:43:20.0531 5804 ================ Scan system memory ========================
10:43:20.0546 5804 System memory - ok
10:43:20.0546 5804 ================ Scan services =============================
10:43:20.0687 5804 Abiosdsk - ok
10:43:20.0703 5804 abp480n5 - ok
10:43:20.0750 5804 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:43:20.0750 5804 ACPI - ok
10:43:20.0781 5804 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:43:20.0781 5804 ACPIEC - ok
10:43:20.0859 5804 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:43:20.0859 5804 AdobeFlashPlayerUpdateSvc - ok
10:43:20.0875 5804 adpu160m - ok
10:43:20.0921 5804 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:43:20.0921 5804 aec - ok
10:43:20.0984 5804 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:43:21.0000 5804 AFD - ok
10:43:21.0046 5804 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
10:43:21.0046 5804 AFS2K - ok
10:43:21.0062 5804 Aha154x - ok
10:43:21.0078 5804 aic78u2 - ok
10:43:21.0093 5804 aic78xx - ok
10:43:21.0140 5804 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:43:21.0140 5804 Alerter - ok
10:43:21.0171 5804 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:43:21.0171 5804 ALG - ok
10:43:21.0171 5804 AliIde - ok
10:43:21.0203 5804 amsint - ok
10:43:21.0312 5804 [ FA518140883112C54871F824097D262D ] AOL ACS C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
10:43:21.0312 5804 AOL ACS - ok
10:43:21.0328 5804 AppMgmt - ok
10:43:21.0343 5804 asc - ok
10:43:21.0375 5804 asc3350p - ok
10:43:21.0390 5804 asc3550 - ok
10:43:21.0437 5804 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
10:43:21.0437 5804 ASCTRM - ok
10:43:21.0593 5804 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:43:21.0609 5804 aspnet_state - ok
10:43:21.0671 5804 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:43:21.0671 5804 AsyncMac - ok
10:43:21.0718 5804 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:43:21.0718 5804 atapi - ok
10:43:21.0718 5804 Atdisk - ok
10:43:21.0750 5804 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:43:21.0750 5804 Atmarpc - ok
10:43:21.0781 5804 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:43:21.0781 5804 AudioSrv - ok
10:43:21.0859 5804 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:43:21.0859 5804 audstub - ok
10:43:21.0937 5804 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:43:21.0937 5804 Beep - ok
10:43:22.0093 5804 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130116.013\BHDrvx86.sys
10:43:22.0125 5804 BHDrvx86 - ok
10:43:22.0187 5804 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:\WINDOWS\system32\drivers\BIOS.sys
10:43:22.0187 5804 BIOS - ok
10:43:22.0250 5804 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:43:22.0250 5804 BITS - ok
10:43:22.0343 5804 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:43:22.0343 5804 Bonjour Service - ok
10:43:22.0406 5804 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:43:22.0406 5804 Browser - ok
10:43:22.0437 5804 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
10:43:22.0437 5804 BVRPMPR5 - ok
10:43:22.0468 5804 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:43:22.0468 5804 cbidf2k - ok
10:43:22.0515 5804 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:43:22.0515 5804 CCDECODE - ok
10:43:22.0578 5804 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1309010.00E\ccSetx86.sys
10:43:22.0578 5804 ccSet_NIS - ok
10:43:22.0593 5804 cd20xrnt - ok
10:43:22.0640 5804 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:43:22.0640 5804 Cdaudio - ok
10:43:22.0687 5804 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:43:22.0687 5804 Cdfs - ok
10:43:22.0718 5804 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:43:22.0718 5804 Cdrom - ok
10:43:22.0718 5804 Changer - ok
10:43:22.0765 5804 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:43:22.0781 5804 CiSvc - ok
10:43:22.0812 5804 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:43:22.0812 5804 ClipSrv - ok
10:43:22.0843 5804 [ 7FA87325900183197BC9710D1CE4C9FA ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:43:22.0875 5804 clr_optimization_v2.0.50727_32 - ok
10:43:22.0890 5804 CmdIde - ok
10:43:22.0906 5804 COMSysApp - ok
10:43:22.0953 5804 Cpqarray - ok
10:43:23.0000 5804 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:43:23.0000 5804 CryptSvc - ok
10:43:23.0015 5804 dac2w2k - ok
10:43:23.0031 5804 dac960nt - ok
10:43:23.0093 5804 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:43:23.0109 5804 DcomLaunch - ok
10:43:23.0140 5804 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:43:23.0140 5804 Dhcp - ok
10:43:23.0171 5804 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:43:23.0171 5804 Disk - ok
10:43:23.0187 5804 dmadmin - ok
10:43:23.0234 5804 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:43:23.0250 5804 dmboot - ok
10:43:23.0281 5804 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:43:23.0281 5804 dmio - ok
10:43:23.0312 5804 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:43:23.0312 5804 dmload - ok
10:43:23.0343 5804 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:43:23.0343 5804 dmserver - ok
10:43:23.0390 5804 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:43:23.0390 5804 DMusic - ok
10:43:23.0437 5804 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:43:23.0437 5804 Dnscache - ok
10:43:23.0468 5804 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:43:23.0468 5804 Dot3svc - ok
10:43:23.0500 5804 dpti2o - ok
10:43:23.0531 5804 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:43:23.0531 5804 drmkaud - ok
10:43:23.0562 5804 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:43:23.0562 5804 EapHost - ok
10:43:23.0609 5804 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:43:23.0625 5804 eeCtrl - ok
10:43:23.0656 5804 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:43:23.0656 5804 EraserUtilRebootDrv - ok
10:43:23.0671 5804 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:43:23.0671 5804 ERSvc - ok
10:43:23.0718 5804 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:43:23.0718 5804 Eventlog - ok
10:43:23.0765 5804 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:43:23.0765 5804 EventSystem - ok
10:43:23.0796 5804 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:43:23.0796 5804 Fastfat - ok
10:43:23.0828 5804 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:43:23.0828 5804 FastUserSwitchingCompatibility - ok
10:43:23.0875 5804 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:43:23.0875 5804 Fdc - ok
10:43:23.0937 5804 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
10:43:23.0937 5804 FETNDIS - ok
10:43:23.0968 5804 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:43:23.0968 5804 Fips - ok
10:43:24.0031 5804 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:43:24.0046 5804 FLEXnet Licensing Service - ok
10:43:24.0062 5804 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:43:24.0062 5804 Flpydisk - ok
10:43:24.0093 5804 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:43:24.0093 5804 FltMgr - ok
10:43:24.0156 5804 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:43:24.0171 5804 FontCache3.0.0.0 - ok
10:43:24.0187 5804 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:43:24.0187 5804 Fs_Rec - ok
10:43:24.0203 5804 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:43:24.0203 5804 Ftdisk - ok
10:43:24.0250 5804 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:43:24.0250 5804 Gpc - ok
10:43:24.0265 5804 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:43:24.0265 5804 HDAudBus - ok
10:43:24.0343 5804 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:43:24.0343 5804 helpsvc - ok
10:43:24.0359 5804 HidServ - ok
10:43:24.0390 5804 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:43:24.0390 5804 hidusb - ok
10:43:24.0421 5804 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:43:24.0421 5804 hkmsvc - ok
10:43:24.0437 5804 hpn - ok
10:43:24.0468 5804 [ 2A8A2AA68185B47632188F1A8BE44170 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:43:24.0468 5804 HPZid412 - ok
10:43:24.0515 5804 [ 0A520679B0AD3F438E88B746D0C5BA6C ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:43:24.0515 5804 HPZipr12 - ok
10:43:24.0546 5804 [ 1D53F2B2051A3FCE2C8EF0E01B042E25 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:43:24.0546 5804 HPZius12 - ok
10:43:24.0578 5804 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:43:24.0593 5804 HTTP - ok
10:43:24.0625 5804 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:43:24.0625 5804 HTTPFilter - ok
10:43:24.0640 5804 i2omgmt - ok
10:43:24.0656 5804 i2omp - ok
10:43:24.0687 5804 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:43:24.0687 5804 i8042prt - ok
10:43:24.0812 5804 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:43:24.0843 5804 idsvc - ok
10:43:24.0921 5804 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130208.004\IDSxpx86.sys
10:43:24.0937 5804 IDSxpx86 - ok
10:43:24.0968 5804 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:43:24.0968 5804 Imapi - ok
10:43:25.0031 5804 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:43:25.0031 5804 ImapiService - ok
10:43:25.0046 5804 ini910u - ok
10:43:25.0218 5804 [ C464CF7A58C011A70188602B55C64E99 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:43:25.0328 5804 IntcAzAudAddService - ok
10:43:25.0343 5804 IntelIde - ok
10:43:25.0390 5804 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:43:25.0390 5804 intelppm - ok
10:43:25.0421 5804 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:43:25.0421 5804 Ip6Fw - ok
10:43:25.0453 5804 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:43:25.0453 5804 IpFilterDriver - ok
10:43:25.0468 5804 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:43:25.0468 5804 IpInIp - ok
10:43:25.0500 5804 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:43:25.0515 5804 IpNat - ok
10:43:25.0531 5804 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:43:25.0531 5804 IPSec - ok
10:43:25.0546 5804 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:43:25.0562 5804 IRENUM - ok
10:43:25.0593 5804 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:43:25.0593 5804 isapnp - ok
10:43:25.0609 5804 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:43:25.0609 5804 Kbdclass - ok
10:43:25.0640 5804 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:43:25.0640 5804 kmixer - ok
10:43:25.0671 5804 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:43:25.0671 5804 KSecDD - ok
10:43:25.0718 5804 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:43:25.0718 5804 lanmanserver - ok
10:43:25.0765 5804 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:43:25.0765 5804 lanmanworkstation - ok
10:43:25.0781 5804 lbrtfdc - ok
10:43:25.0828 5804 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:43:25.0828 5804 LmHosts - ok
10:43:25.0890 5804 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:43:25.0890 5804 Messenger - ok
10:43:25.0984 5804 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:43:25.0984 5804 Microsoft Office Groove Audit Service - ok
10:43:26.0031 5804 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:43:26.0031 5804 mnmdd - ok
10:43:26.0046 5804 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:43:26.0062 5804 mnmsrvc - ok
10:43:26.0078 5804 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:43:26.0078 5804 Modem - ok
10:43:26.0109 5804 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:43:26.0109 5804 Mouclass - ok
10:43:26.0125 5804 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:43:26.0125 5804 mouhid - ok
10:43:26.0140 5804 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:43:26.0140 5804 MountMgr - ok
10:43:26.0203 5804 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:43:26.0218 5804 MozillaMaintenance - ok
10:43:26.0218 5804 mraid35x - ok
10:43:26.0250 5804 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:43:26.0250 5804 MRxDAV - ok
10:43:26.0296 5804 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:43:26.0312 5804 MRxSmb - ok
10:43:26.0343 5804 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:43:26.0343 5804 MSDTC - ok
10:43:26.0375 5804 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:43:26.0375 5804 Msfs - ok
10:43:26.0390 5804 MSIServer - ok
10:43:26.0406 5804 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:43:26.0421 5804 MSKSSRV - ok
10:43:26.0453 5804 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:43:26.0453 5804 MSPCLOCK - ok
10:43:26.0468 5804 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:43:26.0468 5804 MSPQM - ok
10:43:26.0515 5804 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:43:26.0531 5804 mssmbios - ok
10:43:26.0546 5804 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
10:43:26.0546 5804 MSTEE - ok
10:43:26.0562 5804 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:43:26.0562 5804 Mup - ok
10:43:26.0593 5804 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:43:26.0593 5804 NABTSFEC - ok
10:43:26.0625 5804 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:43:26.0640 5804 napagent - ok
10:43:26.0703 5804 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130209.009\NAVENG.SYS
10:43:26.0718 5804 NAVENG - ok
10:43:26.0765 5804 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130209.009\NAVEX15.SYS
10:43:26.0796 5804 NAVEX15 - ok
10:43:26.0828 5804 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:43:26.0828 5804 NDIS - ok
10:43:26.0843 5804 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:43:26.0859 5804 NdisIP - ok
10:43:26.0890 5804 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:43:26.0890 5804 NdisTapi - ok
10:43:26.0953 5804 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:43:26.0953 5804 Ndisuio - ok
10:43:26.0968 5804 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:43:26.0968 5804 NdisWan - ok
10:43:27.0031 5804 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:43:27.0031 5804 NDProxy - ok
10:43:27.0078 5804 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:43:27.0078 5804 NetBIOS - ok
10:43:27.0109 5804 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:43:27.0109 5804 NetBT - ok
10:43:27.0140 5804 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:43:27.0156 5804 NetDDE - ok
10:43:27.0156 5804 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:43:27.0156 5804 NetDDEdsdm - ok
10:43:27.0203 5804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:43:27.0203 5804 Netlogon - ok
10:43:27.0234 5804 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:43:27.0234 5804 Netman - ok
10:43:27.0281 5804 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:43:27.0281 5804 NetTcpPortSharing - ok
10:43:27.0406 5804 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
10:43:27.0406 5804 NIS - ok
10:43:27.0453 5804 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:43:27.0453 5804 Nla - ok
10:43:27.0484 5804 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:43:27.0484 5804 Npfs - ok
10:43:27.0515 5804 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:43:27.0531 5804 Ntfs - ok
10:43:27.0546 5804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:43:27.0546 5804 NtLmSsp - ok
10:43:27.0578 5804 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:43:27.0593 5804 NtmsSvc - ok
10:43:27.0625 5804 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:43:27.0625 5804 Null - ok
10:43:27.0828 5804 [ 8C0456001B6900114BBB1C548BD8AAF5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:43:27.0984 5804 nv - ok
10:43:28.0046 5804 [ 472A00D2183C9E5EDB3E076272741812 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
10:43:28.0046 5804 NVSvc - ok
10:43:28.0093 5804 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:43:28.0093 5804 NwlnkFlt - ok
10:43:28.0109 5804 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:43:28.0125 5804 NwlnkFwd - ok
10:43:28.0187 5804 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:43:28.0203 5804 odserv - ok
10:43:28.0250 5804 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:43:28.0250 5804 ose - ok
10:43:28.0296 5804 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:43:28.0296 5804 Parport - ok
10:43:28.0343 5804 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:43:28.0343 5804 PartMgr - ok
10:43:28.0375 5804 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:43:28.0375 5804 ParVdm - ok
10:43:28.0390 5804 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:43:28.0390 5804 PCI - ok
10:43:28.0421 5804 PCIDump - ok
10:43:28.0437 5804 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:43:28.0437 5804 PCIIde - ok
10:43:28.0468 5804 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:43:28.0468 5804 Pcmcia - ok
10:43:28.0484 5804 PDCOMP - ok
10:43:28.0500 5804 PDFRAME - ok
10:43:28.0531 5804 PDRELI - ok
10:43:28.0546 5804 PDRFRAME - ok
10:43:28.0562 5804 perc2 - ok
10:43:28.0578 5804 perc2hib - ok
10:43:28.0656 5804 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:43:28.0656 5804 PlugPlay - ok
10:43:28.0687 5804 [ 364E30F27BE1E6DED83E81C4DE93E808 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
10:43:28.0687 5804 Pml Driver HPZ12 - ok
10:43:28.0703 5804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:43:28.0703 5804 PolicyAgent - ok
10:43:28.0718 5804 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:43:28.0734 5804 PptpMiniport - ok
10:43:28.0750 5804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:43:28.0750 5804 ProtectedStorage - ok
10:43:28.0765 5804 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:43:28.0781 5804 PSched - ok
10:43:28.0796 5804 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:43:28.0796 5804 Ptilink - ok
10:43:28.0812 5804 ql1080 - ok
10:43:28.0828 5804 Ql10wnt - ok
10:43:28.0843 5804 ql12160 - ok
10:43:28.0875 5804 ql1240 - ok
10:43:28.0890 5804 ql1280 - ok
10:43:28.0906 5804 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:43:28.0906 5804 RasAcd - ok
10:43:28.0953 5804 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:43:28.0968 5804 RasAuto - ok
10:43:28.0984 5804 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:43:28.0984 5804 Rasl2tp - ok
10:43:29.0015 5804 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:43:29.0015 5804 RasMan - ok
10:43:29.0031 5804 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:43:29.0031 5804 RasPppoe - ok
10:43:29.0046 5804 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:43:29.0046 5804 Raspti - ok
10:43:29.0078 5804 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:43:29.0078 5804 Rdbss - ok
10:43:29.0093 5804 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:43:29.0093 5804 RDPCDD - ok
10:43:29.0171 5804 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:43:29.0171 5804 RDPWD - ok
10:43:29.0203 5804 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:43:29.0218 5804 RDSessMgr - ok
10:43:29.0234 5804 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:43:29.0234 5804 redbook - ok
10:43:29.0281 5804 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:43:29.0281 5804 RemoteAccess - ok
10:43:29.0312 5804 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:43:29.0312 5804 RpcLocator - ok
10:43:29.0343 5804 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
10:43:29.0343 5804 RpcSs - ok
10:43:29.0390 5804 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:43:29.0390 5804 RSVP - ok
10:43:29.0406 5804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:43:29.0406 5804 SamSs - ok
10:43:29.0437 5804 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:43:29.0437 5804 SCardSvr - ok
10:43:29.0468 5804 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:43:29.0484 5804 Schedule - ok
10:43:29.0515 5804 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:43:29.0515 5804 Secdrv - ok
10:43:29.0578 5804 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:43:29.0578 5804 seclogon - ok
10:43:29.0625 5804 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:43:29.0625 5804 SENS - ok
10:43:29.0640 5804 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:43:29.0640 5804 serenum - ok
10:43:29.0656 5804 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:43:29.0656 5804 Serial - ok
10:43:29.0718 5804 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:43:29.0718 5804 Sfloppy - ok
10:43:29.0781 5804 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:43:29.0781 5804 SharedAccess - ok
10:43:29.0828 5804 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:43:29.0828 5804 ShellHWDetection - ok
10:43:29.0843 5804 Simbad - ok
10:43:29.0890 5804 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:43:29.0890 5804 SkypeUpdate - ok
10:43:29.0937 5804 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:43:29.0937 5804 SLIP - ok
10:43:29.0953 5804 Sparrow - ok
10:43:29.0984 5804 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:43:29.0984 5804 splitter - ok
10:43:30.0031 5804 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:43:30.0031 5804 Spooler - ok
10:43:30.0062 5804 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:43:30.0062 5804 sr - ok
10:43:30.0093 5804 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:43:30.0093 5804 srservice - ok
10:43:30.0125 5804 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1309010.00E\SRTSP.SYS
10:43:30.0140 5804 SRTSP - ok
10:43:30.0171 5804 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1309010.00E\SRTSPX.SYS
10:43:30.0171 5804 SRTSPX - ok
10:43:30.0203 5804 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:43:30.0203 5804 Srv - ok
10:43:30.0250 5804 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:43:30.0250 5804 SSDPSRV - ok
10:43:30.0296 5804 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:43:30.0312 5804 stisvc - ok
10:43:30.0328 5804 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:43:30.0343 5804 streamip - ok
10:43:30.0359 5804 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:43:30.0375 5804 swenum - ok
10:43:30.0375 5804 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:43:30.0390 5804 swmidi - ok
10:43:30.0406 5804 SwPrv - ok
10:43:30.0421 5804 symc810 - ok
10:43:30.0453 5804 symc8xx - ok
10:43:30.0468 5804 SYMDNS - ok
10:43:30.0500 5804 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1309010.00E\SYMDS.SYS
10:43:30.0500 5804 SymDS - ok
10:43:30.0546 5804 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1309010.00E\SYMEFA.SYS
10:43:30.0578 5804 SymEFA - ok
10:43:30.0625 5804 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
10:43:30.0625 5804 SymEvent - ok
10:43:30.0640 5804 SYMFW - ok
10:43:30.0656 5804 SYMIDS - ok
10:43:30.0687 5804 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1309010.00E\Ironx86.SYS
10:43:30.0703 5804 SymIRON - ok
10:43:30.0703 5804 SYMNDIS - ok
10:43:30.0734 5804 SYMREDRV - ok
10:43:30.0750 5804 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1309010.00E\SYMTDI.SYS
10:43:30.0765 5804 SYMTDI - ok
10:43:30.0781 5804 sym_hi - ok
10:43:30.0796 5804 sym_u3 - ok
10:43:30.0828 5804 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:43:30.0828 5804 sysaudio - ok
10:43:30.0859 5804 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:43:30.0859 5804 SysmonLog - ok
10:43:30.0890 5804 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:43:30.0890 5804 TapiSrv - ok
10:43:30.0968 5804 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:43:30.0984 5804 Tcpip - ok
10:43:31.0015 5804 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:43:31.0015 5804 TDPIPE - ok
10:43:31.0046 5804 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:43:31.0046 5804 TDTCP - ok
10:43:31.0078 5804 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:43:31.0078 5804 TermDD - ok
10:43:31.0109 5804 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:43:31.0109 5804 TermService - ok
10:43:31.0140 5804 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:43:31.0140 5804 Themes - ok
10:43:31.0171 5804 TosIde - ok
10:43:31.0203 5804 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:43:31.0203 5804 TrkWks - ok
10:43:31.0250 5804 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
10:43:31.0250 5804 uagp35 - ok
10:43:31.0281 5804 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:43:31.0281 5804 Udfs - ok
10:43:31.0296 5804 ultra - ok
10:43:31.0328 5804 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:43:31.0343 5804 Update - ok
10:43:31.0359 5804 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:43:31.0359 5804 upnphost - ok
10:43:31.0375 5804 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:43:31.0390 5804 UPS - ok
10:43:31.0406 5804 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
10:43:31.0406 5804 usbaudio - ok
10:43:31.0437 5804 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:43:31.0437 5804 usbccgp - ok
10:43:31.0484 5804 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:43:31.0484 5804 usbehci - ok
10:43:31.0500 5804 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:43:31.0515 5804 usbhub - ok
10:43:31.0546 5804 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:43:31.0546 5804 usbprint - ok
10:43:31.0578 5804 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:43:31.0578 5804 usbscan - ok
10:43:31.0609 5804 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:43:31.0609 5804 USBSTOR - ok
10:43:31.0640 5804 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:43:31.0640 5804 usbuhci - ok
10:43:31.0671 5804 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
10:43:31.0671 5804 usbvideo - ok
10:43:31.0703 5804 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:43:31.0703 5804 VgaSave - ok
10:43:31.0718 5804 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
10:43:31.0718 5804 ViaIde - ok
10:43:31.0734 5804 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:43:31.0734 5804 VolSnap - ok
10:43:31.0765 5804 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:43:31.0765 5804 VSS - ok
10:43:31.0781 5804 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:43:31.0781 5804 W32Time - ok
10:43:31.0812 5804 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:43:31.0812 5804 Wanarp - ok
10:43:31.0875 5804 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
10:43:31.0875 5804 wanatw - ok
10:43:31.0890 5804 [ EB9A99AB5D17B1727034FF191E6448D7 ] WANMiniportService C:\WINDOWS\wanmpsvc.exe
10:43:32.0125 5804 WANMiniportService - ok
10:43:32.0125 5804 WDICA - ok
10:43:32.0171 5804 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:43:32.0171 5804 wdmaud - ok
10:43:32.0203 5804 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:43:32.0203 5804 WebClient - ok
10:43:32.0296 5804 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:43:32.0296 5804 winmgmt - ok
10:43:32.0359 5804 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:43:32.0359 5804 WmdmPmSN - ok
10:43:32.0406 5804 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:43:32.0406 5804 WmiApSrv - ok
10:43:32.0500 5804 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:43:32.0531 5804 WMPNetworkSvc - ok
10:43:32.0578 5804 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:43:32.0578 5804 WS2IFSL - ok
10:43:32.0625 5804 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:43:32.0625 5804 wscsvc - ok
10:43:32.0671 5804 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:43:32.0671 5804 WSTCODEC - ok
10:43:32.0687 5804 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:43:32.0703 5804 wuauserv - ok
10:43:32.0718 5804 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:43:32.0718 5804 WudfPf - ok
10:43:32.0750 5804 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:43:32.0750 5804 WudfRd - ok
10:43:32.0781 5804 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:43:32.0781 5804 WudfSvc - ok
10:43:32.0828 5804 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:43:32.0843 5804 WZCSVC - ok
10:43:32.0859 5804 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:43:32.0875 5804 xmlprov - ok
10:43:32.0890 5804 ================ Scan global ===============================
10:43:32.0937 5804 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:43:32.0984 5804 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:43:33.0000 5804 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
10:43:33.0015 5804 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:43:33.0015 5804 [Global] - ok
10:43:33.0015 5804 ================ Scan MBR ==================================
10:43:33.0046 5804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:43:33.0187 5804 \Device\Harddisk0\DR0 - ok
10:43:33.0203 5804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
10:43:33.0421 5804 \Device\Harddisk1\DR1 - ok
10:43:33.0421 5804 ================ Scan VBR ==================================
10:43:33.0437 5804 [ 2F31B8AFFEF396642A912D7F2C09A3D7 ] \Device\Harddisk0\DR0\Partition1
10:43:33.0437 5804 \Device\Harddisk0\DR0\Partition1 - ok
10:43:33.0453 5804 [ BFEB8589F3C3AE3123AF114D01AAFE16 ] \Device\Harddisk1\DR1\Partition1
10:43:33.0453 5804 \Device\Harddisk1\DR1\Partition1 - ok
10:43:33.0468 5804 ============================================================
10:43:33.0468 5804 Scan finished
10:43:33.0468 5804 ============================================================
10:43:33.0500 5796 Detected object count: 0
10:43:33.0500 5796 Actual detected object count: 0
10:43:53.0328 5248 Deinitialize success
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,176 posts.
 
Join Date: Aug 2003
10-Feb-2013, 11:56 AM #11
No problem. I just hope everyone's OK in the storm regions.

Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
10-Feb-2013, 12:48 PM #12
Here's the Combofix file

ComboFix 13-02-07.02 - USER 02/10/2013 11:33:59.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1301 [GMT -5:00]
Running from: c:\documents and settings\USER\Desktop\puppy.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 )))))))))))))))))))))))))))))))
.
.
2013-02-10 16:26 . 2013-02-10 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-02-08 22:33 . 2013-02-08 22:34 -------- d-----w- c:\program files\Antique Road Trip USA
2013-02-06 23:51 . 2013-02-06 23:51 -------- d-----w- c:\documents and settings\USER\Application Data\Melesta
2013-02-06 23:35 . 2013-02-06 23:36 -------- d-----w- c:\program files\Meridian - Age of Invention
2013-02-06 23:00 . 2013-02-06 23:01 -------- d-----w- c:\program files\Green City
2013-02-06 01:36 . 2013-02-06 01:36 -------- d-----w- c:\windows\system32\drivers\NIS\1309010.00E
2013-02-01 01:48 . 2013-02-01 01:48 -------- d-----w- c:\documents and settings\USER\Application Data\Nitreal Games
2013-02-01 00:07 . 2013-02-01 00:08 -------- d-----w- c:\program files\Ancient Rome 2
2013-01-30 23:54 . 2013-01-30 23:54 -------- d-----w- c:\program files\New Yankee in King Arthur's Court 2
2013-01-29 23:29 . 2013-01-29 23:30 -------- d-----w- c:\program files\Found - A Hidden Object Adventure - Free to Play
2013-01-29 23:28 . 2013-01-29 23:28 -------- d-----w- c:\documents and settings\USER\Application Data\HipSoft
2013-01-13 12:42 . 2013-01-13 12:42 -------- d-----w- c:\program files\Hidden World of Art
2013-01-12 13:34 . 2013-01-12 13:35 -------- d-----w- c:\program files\Aquapolis
2013-01-11 23:29 . 2013-01-11 23:29 -------- d-----w- c:\program files\Aeria Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 03:06 . 2012-04-04 09:32 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 03:06 . 2011-05-12 22:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2013-02-06 01:49 . 2013-02-06 01:49 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-03-27 26112]
"HostManager"="c:\program files\Common Files\AOL\1238500289\ee\AOLSoftware.exe" [2010-03-08 41800]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2013-01-08 1794224]
.
c:\documents and settings\USER\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\USER\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1238500289\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
"c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
"c:\\Documents and Settings\\USER\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"67:UDP"= 67:UDPHCP Discovery Service
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309010.00E\symds.sys [2/5/2013 8:36 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309010.00E\symefa.sys [2/5/2013 8:36 PM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [1/15/2013 9:51 PM 997464]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [3/26/2009 1:34 PM 13696]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309010.00E\ccsetx86.sys [2/5/2013 8:36 PM 132768]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309010.00E\ironx86.sys [2/5/2013 8:36 PM 149624]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2/5/2013 8:36 PM 138272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 5:30 AM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130208.004\IDSXpx86.sys [2/8/2013 9:12 PM 373728]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 19273049
*NewlyCreated* - 80046374
*Deregistered* - 19273049
*Deregistered* - 80046374
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:06]
.
2012-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2009-07-19 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21238181717.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.aol.com/
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\tdolf9i0.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-24 20:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-10 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6104)
c:\windows\system32\WININET.dll
c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-02-10 11:47:04
ComboFix-quarantined-files.txt 2013-02-10 16:46
.
Pre-Run: 410,454,433,792 bytes free
Post-Run: 410,942,173,184 bytes free
.
- - End Of File - - 5C285BB634518406487238C0A96DD556
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,176 posts.
 
Join Date: Aug 2003
10-Feb-2013, 01:10 PM #13
Are you still getting redirected?
Proforce's Avatar
Proforce Proforce is offline
Member with 46 posts.
THREAD STARTER
 
Join Date: Jun 2012
10-Feb-2013, 01:13 PM #14
Yeah, it's still there. I just checked, searching for the video game Ratchet and Clank and ending up on monster.com when I click on the link that's supposed to lead me to the main site. I'll try to figure that one out later.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 95,176 posts.
 
Join Date: Aug 2003
10-Feb-2013, 01:14 PM #15
Please download OTL to your Desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under Custom Scans/Fixes type in Netsvcs
  • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
  • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy and paste the contents of both of these files here in your next reply.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
google redirect xp

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑