1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google redirect

Discussion in 'Virus & Other Malware Removal' started by Proforce, Jan 13, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    Here's hoping you guys can help me again. I'm back on my desktop since my laptop is nice and borked - constant startup repair and HDD fail. I'll post for help here if the Geek Squad can't fix that; I pay them enough to do it. But my desktop has a nice little google redirect malware. I'm running Win XP SP3. on this desktop. Here are the logfiles:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:29:04 PM, on 1/13/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\AOL\1238500289\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Documents and Settings\USER\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\USER\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.aol.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1238500289\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files\Aeria Games\Ignite\aeriaignite.exe" silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe"
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\USER\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/BrowserCheck/wiz/wizmodules/testgen/installers/TestGenXInstall.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} (CsLauncher Class) - http://hb.getamped.com/start/CsLauncher.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    --
    End of file - 9867 bytes

    dds.txt

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
    Run by USER at 15:32:42 on 2013-01-13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1102 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\AOL\1238500289\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Documents and Settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Documents and Settings\USER\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://webmail.aol.com/
    uProxyOverride = <local>;*.local
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\19.9.0.9\ips\ipsbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    mRun: [HostManager] c:\program files\common files\aol\1238500289\ee\AOLSoftware.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Aeria Ignite] "c:\program files\aeria games\ignite\aeriaignite.exe" silent
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
    DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://www.mathxl.com/BrowserCheck/wiz/wizmodules/testgen/installers/TestGenXInstall.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{9D1D68A0-A2EF-48F4-B0DE-EE35C4FEDBEC} : DHCPNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\tdolf9i0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\documents and settings\user\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    FF - ExtSQL: 2012-12-24 20:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1309000.009\symds.sys [2012-10-1 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1309000.009\symefa.sys [2012-10-1 924320]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20130107.001\BHDrvx86.sys [2013-1-9 995488]
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-3-26 13696]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1309000.009\ccsetx86.sys [2012-10-1 132768]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1309000.009\ironx86.sys [2012-10-1 149624]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20130113.001\IDSXpx86.sys [2013-1-13 373728]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20130112.007\NAVENG.SYS [2013-1-12 92704]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20130112.007\NAVEX15.SYS [2013-1-12 1601184]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-01-13 12:42:26 -------- d-----w- c:\program files\Hidden World of Art
    2013-01-12 13:34:48 -------- d-----w- c:\program files\Aquapolis
    2013-01-11 23:29:21 -------- d-----w- c:\program files\Aeria Games
    2013-01-10 00:42:02 -------- d-----w- c:\documents and settings\user\application data\Ladia Group
    2013-01-09 01:41:24 -------- d-----w- c:\program files\Hidden World of Art 2 - Undercover Art Agent
    2013-01-09 01:40:17 -------- d-----w- c:\program files\Ancient Rome
    2012-12-29 00:50:35 -------- d-----w- c:\program files\Spirits of Mystery - The Dark Minotaur Collector's Edition
    2012-12-29 00:41:52 -------- d-----w- c:\program files\Dropbox
    2012-12-27 02:43:28 -------- d-----w- c:\windows\system32\XPSViewer
    2012-12-27 02:42:46 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2012-12-27 02:41:50 117760 ------w- c:\windows\system32\prntvpt.dll
    2012-12-27 02:41:49 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2012-12-27 02:41:49 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2012-12-27 02:41:49 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2012-12-27 02:41:49 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2012-12-27 02:41:49 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2012-12-27 02:41:48 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2012-12-27 02:41:48 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2012-12-27 02:41:47 -------- d-----w- C:\4e2b6120e1950dd50630124376d5b8
    2012-12-27 02:31:46 -------- d-----w- C:\ffe579d1a632a84c36d3b24a9f98e580
    2012-12-25 13:16:13 -------- d-----w- c:\documents and settings\user\local settings\application data\Aeria Games
    2012-12-25 13:14:36 -------- d-----w- C:\ProgramData
    2012-12-25 01:19:10 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2012-12-25 01:15:18 -------- d--h--r- C:\AHCache
    2012-12-25 00:57:11 -------- d-----w- c:\documents and settings\user\local settings\application data\Akamai
    2012-12-25 00:57:10 -------- d-----w- C:\AeriaGames
    2012-12-20 17:09:05 -------- d-----w- c:\documents and settings\user\application data\Lonely Troops
    2012-12-19 14:41:06 -------- d-----w- c:\documents and settings\user\local settings\application data\Big Fish
    2012-12-19 14:40:17 -------- d-----w- c:\documents and settings\all users\application data\Big Fish
    2012-12-19 14:39:42 -------- d-----w- c:\program files\Found - A Hidden Object Adventure - Free to Play
    2012-12-15 14:26:05 -------- d-----w- c:\documents and settings\user\application data\FirstColony
    2012-12-15 14:19:51 -------- d-----w- c:\program files\Forgotten Lands - First Colony
    .
    ==================== Find3M ====================
    .
    2013-01-09 02:06:30 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 02:06:30 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 15:33:25.98 ===============

    attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/26/2009 3:16:26 PM
    System Uptime: 1/13/2013 2:19:02 PM (1 hours ago)
    .
    Motherboard: BIOSTAR Group | | P4M900-M7 FE
    Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | Socket 775 | 2199/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 383.724 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 19 GiB total, 18.58 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: System Interrupt Controller
    Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
    Manufacturer:
    Name: System Interrupt Controller
    PNP Device ID: PCI\VEN_1106&DEV_5364&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
    Service:
    .
    ==== System Restore Points ===================
    .
    RP323: 10/27/2012 7:06:47 PM - System Checkpoint
    RP324: 11/3/2012 8:27:10 PM - Installed Java(TM) 6 Update 37
    RP325: 11/16/2012 6:37:15 PM - Software Distribution Service 3.0
    RP326: 11/24/2012 10:12:01 PM - System Checkpoint
    RP327: 11/25/2012 10:22:23 PM - System Checkpoint
    RP328: 12/9/2012 1:33:45 PM - System Checkpoint
    RP329: 12/12/2012 7:23:04 PM - System Checkpoint
    RP330: 12/12/2012 9:05:01 PM - Software Distribution Service 3.0
    RP331: 12/13/2012 9:43:23 PM - System Checkpoint
    RP332: 12/16/2012 12:11:10 PM - System Checkpoint
    RP333: 12/17/2012 8:18:04 PM - System Checkpoint
    RP334: 12/18/2012 8:24:31 PM - System Checkpoint
    RP335: 12/21/2012 12:30:19 PM - Software Distribution Service 3.0
    RP336: 12/26/2012 9:31:39 PM - Software Distribution Service 3.0
    RP337: 12/27/2012 6:44:57 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP338: 12/28/2012 11:06:09 PM - Software Distribution Service 3.0
    RP339: 12/30/2012 10:49:56 AM - System Checkpoint
    RP340: 1/2/2013 8:36:28 PM - System Checkpoint
    RP341: 1/3/2013 8:02:03 PM - Software Distribution Service 3.0
    RP342: 1/10/2013 7:46:12 PM - System Checkpoint
    RP343: 1/10/2013 8:01:12 PM - Software Distribution Service 3.0
    RP344: 1/12/2013 10:31:06 AM - System Checkpoint
    RP345: 1/13/2013 12:05:54 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    3 Days: Zoo Mystery
    4 Elements
    4 Elements II
    A Gnome's Home: The Great Crystal Crusade
    Abigail and the Kingdom of Fairs
    Acrobat.com
    Adelantado Trilogy: Book One
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.5
    Aeria Ignite
    Aerie - Spirit of the Forest
    AIM 7
    Akamai NetSession Interface
    Alchemist's Apprentice
    All My Gods
    Allora and The Broken Portal
    Amusement World!
    Ancient Rome
    Antique Road Trip 2: Homecoming
    AOL Coach Version 1.0(Build:20030807.3)
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Software Update
    Aquapolis
    Art Mogul
    Awakening: Moonfell Wood
    Awakening: The Dreamless Castle
    Awakening: The Goblin Kingdom
    Awakening: The Skyward Castle
    Awakening: The Skyward Castle Collector's Edition
    Aztec Tribe
    Aztec Tribe: New Land
    Be Rich
    Be Richer
    Be Richest!
    Bejeweled 3
    Big City Adventure: New York City
    Big Fish Games: Game Manager
    Bonjour
    Build-a-lot The Elizabethan Era - Standard Edition
    Build a Lot
    Build a Lot (pack)
    Build a Lot 2 (pack)
    Build a Lot 3 (pack)
    Build a Lot 4 (pack)
    Build In Time
    Build It Green: Back to the Beach
    Build It Miami Beach Resort
    Building the Great Wall of China
    Campgrounds
    City of Fools
    Club Paradise
    Cosplay Fetish Academy v1.2
    County Fair
    Critical Update for Windows Media Player 11 (KB959772)
    Dark Parables: Curse of Briar Rose
    Dark Parables: Rise of the Snow Queen
    Dark Parables: The Exiled Prince
    Dark Parables: The Red Riding Hood Sisters Collector's Edition
    Download Updater (AOL LLC)
    Dragon Crossroads
    Dragon Keeper
    Dragon Keeper 2
    Dream Builder: Amusement Park
    Dream Chronicles(R) Trilogy 1 Bundle
    Dream Inn: Driftwood
    Dropbox
    Egypt: Secret of five Gods
    Empire Builder - Ancient Egypt
    ESET Online Scanner v3
    Farm Tribe
    Farmscapes(TM)
    Farmscapes(TM) Premium Edition
    FileMaker Pro 10
    Fishdom - Spooky Splash
    Fishdom H2O: Hidden Odyssey ™
    Flux Family Secrets - The Rabbit Hole
    Flux Family Secrets: The Book of Oracles
    Forgotten Lands: First Colony ™
    Found: A Hidden Object Adventure - Free to Play
    Full Tilt Poker.Net
    Garden Defense
    Gardenscapes
    Gardenscapes: Mansion Makeover™
    Gourmania
    Gourmania 2: Great Expectations
    Gourmania 3: Zoo Zoom
    Governor of Poker
    Governor of Poker 2 - Premium Edition
    Grand Fantasia
    Guardians of Beyond: Witchville
    Guardians of Magic: Amanda's Awakening
    Hallowed Legends: Templar Collector's Edition
    HappyVille: Quest for Utopia
    Hentai Anime Poker
    Hidden Magic
    Hidden Mysteries&reg;: Salem Secrets
    Hidden Mysteries: Notre Dame - Secrets of Paris
    Hidden Object Crosswords
    Hidden World
    Hidden World of Art
    Hidden World of Art 2: Undercover Art Agent
    High Definition Audio Driver Package - KB888111
    HolyBeast
    Hotel Mogul
    Hotel Mogul Las Vegas
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    House of 1000 Doors: Family Secrets
    House of 1000 Doors: The Palm of Zoroaster
    HP Memories Disc
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 1200 series
    hp psc 1200 series
    I SPY ™ Mystery
    Island Defense
    Island Realms
    Island Tribe
    Island Tribe 2
    Island Tribe 3
    Island Tribe 4
    Jack of all Tribes
    Java Auto Updater
    Java(TM) 6 Update 37
    Jewel Legends: Tree of Life
    Journey: The Heart of Gaia
    Kingdom Chronicles Collector's Edition
    LabelCreator Pro
    LandGrabbers
    Learn2 Player (Uninstall Only)
    Legends of Atlantis: Exodus
    Little Shop - Traveler's Pack
    Little Shop of Treasures
    Magic Encyclopedia
    Magic Encyclopedia 2 Moonlight
    Magic Encyclopedia: Illusions
    Mall-A-Palooza
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Million Dollar Quest
    MONOPOLY Build-a-lot Edition
    Monster Mash
    Monument Builder: Eiffel Tower
    Monument Builders: Statue of Liberty
    Mortimer Beckett and the Crimson Thief
    Mortimer Beckett and the Lost King Collectors Edition(remove only)
    Mortimer Beckett and the Secrets of Spooky Manor
    Mortimer Beckett and the Time Paradox
    Mother Nature
    Move Media Player
    Mozilla Firefox 18.0 (x86 en-US)
    Mozilla Maintenance Service
    MSN
    MSVCRT
    Musicnotes Software Suite 1.5.3
    My Kingdom For The Princess
    My Kingdom for the Princess 2
    My Kingdom for the Princess 3
    My Life Story
    My Life Story: Adventures
    Mystery Legends - The Phantom of the Opera
    Mystery Legends: The Phantom of the Opera Collector's Edition
    Mystery P.I.: Stolen in San Francisco
    Mystery P.I.: The Curious Case of Counterfeit Cove
    Mystery P.I.: The New York Fortune
    Natalie Brooks Mystery at Hillcrest High (Pack)
    Natalie Brooks Secrets of Treasure House (Pack)
    Natalie Brooks The Treasures of the Lost Kingdom
    Nero 6 Enterprise Edition
    New Yankee in King Arthur's Court
    Northern Tale
    Norton Internet Security
    NVIDIA Drivers
    Optimum Online net guide
    Pandora
    Paradise Beach
    Pioneer Lands
    Plan It Green
    Plantasia
    PowerDVD
    Princess Isabella: A Witch's Curse
    Princess Isabella: Return of the Curse
    Professor Answers
    Professor Teaches Access 2003
    Professor Teaches Access 2007
    Professor Teaches Excel 2003
    Professor Teaches Excel 2007
    Professor Teaches Outlook 2003
    Professor Teaches Outlook 2007
    Professor Teaches PowerPoint 2003
    Professor Teaches PowerPoint 2007
    Professor Teaches Publisher 2007
    Professor Teaches Word 2003
    Professor Teaches Word 2007
    QuickTime
    RealPlayer Basic
    Realtek High Definition Audio Driver
    Rescue Team
    Rescue Team 2
    Roads of Rome
    Roads of Rome 2
    Roads of Rome III
    Romance of Rome
    Royal Envoy 2 Collector's Edition
    Royal Envoy Collectors Edition
    Royal Trouble
    Sailor Moon
    Samantha Swift and the Fountains of Fate
    Secret Diaries: Florence Ashford
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Settlement Colossus
    Sherlock Holmes and the Hound of the Baskervilles
    Shop-n-Spree
    Shop-N-Spree: Family Fortune
    Shop-n-Spree: Shopping Paradise
    Shop It Up!
    Ski Resort Mogul
    Skype Toolbars
    Skype™ 5.10
    Snark Busters
    Snark Busters: All Revved up
    Snark Busters: High Society
    Sonya
    Spelling Dictionaries Support For Adobe Reader 9
    Spirits of Mystery: Amber Maiden
    Spirits of Mystery: Amber Maiden Collector's Edition
    Spirits of Mystery: Song of the Phoenix Collector's Edition
    Spirits of Mystery: The Dark Minotaur Collector's Edition
    Sprill and Ritchie Adventures in Time
    Sprill The mystery of the bermuda triangle
    Summer Resort Mogul
    Summer Rush
    Supermarket Management
    Supermarket Management 2
    Supermarket Mania
    Tales of Lagoona: Orphans of the Ocean
    The Clumsys 2: Butterfly Effect
    The Fool
    The Hidden Object Show Combo Pack
    The Island Castaway
    The Legend of Sanna
    The Palace Builder
    The Promised Land
    The Timebuilders: Caveman's Prophecy
    The Timebuilders: Pyramid Rising
    The TimeBuilders: Pyramid Rising 2
    The Witch and The Warrior
    The Witch and the Warrior Strategy Guide
    Time to Hurry: Nicole's Story
    Totem Tribe Gold Extended Edition
    Treasure Seekers: Follow the Ghosts
    Treasure Seekers: The Enchanted Canvases
    Treasure Seekers: The Time Has Come
    Treasure Seekers: Visions of Gold ™
    Typing Instructor Platinum
    Unity Web Player
    Unlikely Suspects
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Vacation Mogul
    Vacation Quest: Australia
    Veronica Rivers: Portals to the Unknown ™
    Virtual City
    Virtual City 2: Paradise Resort
    Walmart MP3 Music Downloads
    WebEx Support Manager for Internet Explorer
    WebFldrs XP
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WordPerfect Family Pack 4
    World of Tanks v.0.7.2
    World of Zellians: Kingdom Builder ™
    Yahoo! Messenger
    Yard Sale Hidden Treasures: Lucky Junction
    Youda Safari
    Youda Survivor
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/6/2013 3:45:56 PM, error: Service Control Manager [7034] - The Skype Updater service terminated unexpectedly. It has done this 1 time(s).
    1/6/2013 3:45:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AOL Connectivity Service service to connect.
    1/6/2013 3:45:50 PM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
    1/6/2013 3:45:50 PM, error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2013 8:29:35 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    1/10/2013 9:21:56 PM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/10/2013 6:27:01 PM, error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================


    I'll get GMER going in a bit and come back to paste the log if it works. Last time I needed help here, it didn't work so here's hoping.
     
  2. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    GMER log here:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2013-01-13 22:44:20
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD5000AAKS-00A7B0 rev.01.03B01
    Running: 8mp8jtmw.exe; Driver: C:\DOCUME~1\USER\LOCALS~1\Temp\pgliqpoc.sys

    ---- System - GMER 1.0.15 ----
    SSDT 8A0732B8 ZwAlertResumeThread
    SSDT 8A0B5270 ZwAlertThread
    SSDT 8A0C9260 ZwAllocateVirtualMemory
    SSDT 8A0952C0 ZwAssignProcessToJobObject
    SSDT 8A5F4680 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB5E9CD40]
    SSDT 8A0E2260 ZwCreateMutant
    SSDT 8A0DA220 ZwCreateSymbolicLinkObject
    SSDT 8A0D7300 ZwCreateThread
    SSDT 8A0DF260 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB5E9CFC0]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB5E9D680]
    SSDT 8A0CA308 ZwDuplicateObject
    SSDT 8A0E9280 ZwFreeVirtualMemory
    SSDT 8A071230 ZwImpersonateAnonymousToken
    SSDT 8A073218 ZwImpersonateThread
    SSDT 8A5EEA20 ZwLoadDriver
    SSDT 8A0E82B8 ZwMapViewOfSection
    SSDT 8A0D22B8 ZwOpenEvent
    SSDT 8A09F2B0 ZwOpenProcess
    SSDT 8A0CA228 ZwOpenProcessToken
    SSDT 8A0D5230 ZwOpenSection
    SSDT 8A0CB2C8 ZwOpenThread
    SSDT 8A0DA310 ZwProtectVirtualMemory
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xB5E9DBF0]
    SSDT 8A09A230 ZwResumeThread
    SSDT 8A0E1270 ZwSetContextThread
    SSDT 8A0E7220 ZwSetInformationProcess
    SSDT 8A0DF320 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB5E9D910]
    SSDT 8A0D2218 ZwSuspendProcess
    SSDT 8A0D6218 ZwSuspendThread
    SSDT 8A0C12E0 ZwTerminateProcess
    SSDT 8A0D62B8 ZwTerminateThread
    SSDT 8A0E8218 ZwUnmapViewOfSection
    SSDT 8A0EA240 ZwWriteVirtualMemory
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D60 80504658 4 Bytes [20, EA, 5E, 8A]
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB86B0380, 0x346307, 0xE8000020]
    ? C:\DOCUME~1\USER\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- Devices - GMER 1.0.15 ----
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    ---- EOF - GMER 1.0.15 ----
     
  3. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    bumping
     
  4. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    bump again
     
  5. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    Another bump.
     
  6. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    bumping again. here's hoping
     
  7. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    bump. again.
     
  8. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    Bumping one more time.
     
  9. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    Please go here and download the TDSSKiller.exe to your desktop.
    • Double-click to TDSSKiller.exe on your desktop to run it.
    • Click on Start Scan
    • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
    It will produce a log once it finishes in the root drive which should look like this example:

    C:\TDSSKiller.<version_date_time>log.txt

    Please copy and paste the contents of that log in your next reply.
     
  10. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    Sorry for the delay, the snowstorm up here really caused a lot of trouble.

    10:43:02.0890 5364 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    10:43:04.0031 5364 ============================================================
    10:43:04.0031 5364 Current date / time: 2013/02/10 10:43:04.0031
    10:43:04.0031 5364 SystemInfo:
    10:43:04.0031 5364
    10:43:04.0031 5364 OS Version: 5.1.2600 ServicePack: 3.0
    10:43:04.0031 5364 Product type: Workstation
    10:43:04.0031 5364 ComputerName: COMPUTER
    10:43:04.0031 5364 UserName: USER
    10:43:04.0031 5364 Windows directory: C:\WINDOWS
    10:43:04.0031 5364 System windows directory: C:\WINDOWS
    10:43:04.0031 5364 Processor architecture: Intel x86
    10:43:04.0031 5364 Number of processors: 2
    10:43:04.0031 5364 Page size: 0x1000
    10:43:04.0031 5364 Boot type: Normal boot
    10:43:04.0031 5364 ============================================================
    10:43:05.0875 5364 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    10:43:05.0906 5364 Drive \Device\Harddisk1\DR1 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    10:43:05.0906 5364 ============================================================
    10:43:05.0906 5364 \Device\Harddisk0\DR0:
    10:43:05.0906 5364 MBR partitions:
    10:43:05.0906 5364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
    10:43:05.0906 5364 \Device\Harddisk1\DR1:
    10:43:05.0906 5364 MBR partitions:
    10:43:05.0906 5364 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254A6C3
    10:43:05.0906 5364 ============================================================
    10:43:05.0921 5364 C: <-> \Device\Harddisk0\DR0\Partition1
    10:43:05.0968 5364 E: <-> \Device\Harddisk1\DR1\Partition1
    10:43:05.0968 5364 ============================================================
    10:43:05.0968 5364 Initialize success
    10:43:05.0968 5364 ============================================================
    10:43:19.0734 5804 ============================================================
    10:43:19.0734 5804 Scan started
    10:43:19.0734 5804 Mode: Manual;
    10:43:19.0734 5804 ============================================================
    10:43:20.0531 5804 ================ Scan system memory ========================
    10:43:20.0546 5804 System memory - ok
    10:43:20.0546 5804 ================ Scan services =============================
    10:43:20.0687 5804 Abiosdsk - ok
    10:43:20.0703 5804 abp480n5 - ok
    10:43:20.0750 5804 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    10:43:20.0750 5804 ACPI - ok
    10:43:20.0781 5804 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    10:43:20.0781 5804 ACPIEC - ok
    10:43:20.0859 5804 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    10:43:20.0859 5804 AdobeFlashPlayerUpdateSvc - ok
    10:43:20.0875 5804 adpu160m - ok
    10:43:20.0921 5804 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    10:43:20.0921 5804 aec - ok
    10:43:20.0984 5804 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    10:43:21.0000 5804 AFD - ok
    10:43:21.0046 5804 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys
    10:43:21.0046 5804 AFS2K - ok
    10:43:21.0062 5804 Aha154x - ok
    10:43:21.0078 5804 aic78u2 - ok
    10:43:21.0093 5804 aic78xx - ok
    10:43:21.0140 5804 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    10:43:21.0140 5804 Alerter - ok
    10:43:21.0171 5804 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    10:43:21.0171 5804 ALG - ok
    10:43:21.0171 5804 AliIde - ok
    10:43:21.0203 5804 amsint - ok
    10:43:21.0312 5804 [ FA518140883112C54871F824097D262D ] AOL ACS C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    10:43:21.0312 5804 AOL ACS - ok
    10:43:21.0328 5804 AppMgmt - ok
    10:43:21.0343 5804 asc - ok
    10:43:21.0375 5804 asc3350p - ok
    10:43:21.0390 5804 asc3550 - ok
    10:43:21.0437 5804 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
    10:43:21.0437 5804 ASCTRM - ok
    10:43:21.0593 5804 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    10:43:21.0609 5804 aspnet_state - ok
    10:43:21.0671 5804 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    10:43:21.0671 5804 AsyncMac - ok
    10:43:21.0718 5804 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    10:43:21.0718 5804 atapi - ok
    10:43:21.0718 5804 Atdisk - ok
    10:43:21.0750 5804 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    10:43:21.0750 5804 Atmarpc - ok
    10:43:21.0781 5804 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    10:43:21.0781 5804 AudioSrv - ok
    10:43:21.0859 5804 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    10:43:21.0859 5804 audstub - ok
    10:43:21.0937 5804 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    10:43:21.0937 5804 Beep - ok
    10:43:22.0093 5804 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130116.013\BHDrvx86.sys
    10:43:22.0125 5804 BHDrvx86 - ok
    10:43:22.0187 5804 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:\WINDOWS\system32\drivers\BIOS.sys
    10:43:22.0187 5804 BIOS - ok
    10:43:22.0250 5804 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    10:43:22.0250 5804 BITS - ok
    10:43:22.0343 5804 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    10:43:22.0343 5804 Bonjour Service - ok
    10:43:22.0406 5804 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    10:43:22.0406 5804 Browser - ok
    10:43:22.0437 5804 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    10:43:22.0437 5804 BVRPMPR5 - ok
    10:43:22.0468 5804 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    10:43:22.0468 5804 cbidf2k - ok
    10:43:22.0515 5804 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    10:43:22.0515 5804 CCDECODE - ok
    10:43:22.0578 5804 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\WINDOWS\system32\drivers\NIS\1309010.00E\ccSetx86.sys
    10:43:22.0578 5804 ccSet_NIS - ok
    10:43:22.0593 5804 cd20xrnt - ok
    10:43:22.0640 5804 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    10:43:22.0640 5804 Cdaudio - ok
    10:43:22.0687 5804 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    10:43:22.0687 5804 Cdfs - ok
    10:43:22.0718 5804 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    10:43:22.0718 5804 Cdrom - ok
    10:43:22.0718 5804 Changer - ok
    10:43:22.0765 5804 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    10:43:22.0781 5804 CiSvc - ok
    10:43:22.0812 5804 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    10:43:22.0812 5804 ClipSrv - ok
    10:43:22.0843 5804 [ 7FA87325900183197BC9710D1CE4C9FA ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:43:22.0875 5804 clr_optimization_v2.0.50727_32 - ok
    10:43:22.0890 5804 CmdIde - ok
    10:43:22.0906 5804 COMSysApp - ok
    10:43:22.0953 5804 Cpqarray - ok
    10:43:23.0000 5804 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    10:43:23.0000 5804 CryptSvc - ok
    10:43:23.0015 5804 dac2w2k - ok
    10:43:23.0031 5804 dac960nt - ok
    10:43:23.0093 5804 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    10:43:23.0109 5804 DcomLaunch - ok
    10:43:23.0140 5804 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    10:43:23.0140 5804 Dhcp - ok
    10:43:23.0171 5804 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    10:43:23.0171 5804 Disk - ok
    10:43:23.0187 5804 dmadmin - ok
    10:43:23.0234 5804 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    10:43:23.0250 5804 dmboot - ok
    10:43:23.0281 5804 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    10:43:23.0281 5804 dmio - ok
    10:43:23.0312 5804 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    10:43:23.0312 5804 dmload - ok
    10:43:23.0343 5804 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    10:43:23.0343 5804 dmserver - ok
    10:43:23.0390 5804 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    10:43:23.0390 5804 DMusic - ok
    10:43:23.0437 5804 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    10:43:23.0437 5804 Dnscache - ok
    10:43:23.0468 5804 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    10:43:23.0468 5804 Dot3svc - ok
    10:43:23.0500 5804 dpti2o - ok
    10:43:23.0531 5804 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    10:43:23.0531 5804 drmkaud - ok
    10:43:23.0562 5804 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    10:43:23.0562 5804 EapHost - ok
    10:43:23.0609 5804 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    10:43:23.0625 5804 eeCtrl - ok
    10:43:23.0656 5804 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    10:43:23.0656 5804 EraserUtilRebootDrv - ok
    10:43:23.0671 5804 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    10:43:23.0671 5804 ERSvc - ok
    10:43:23.0718 5804 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    10:43:23.0718 5804 Eventlog - ok
    10:43:23.0765 5804 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    10:43:23.0765 5804 EventSystem - ok
    10:43:23.0796 5804 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    10:43:23.0796 5804 Fastfat - ok
    10:43:23.0828 5804 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    10:43:23.0828 5804 FastUserSwitchingCompatibility - ok
    10:43:23.0875 5804 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    10:43:23.0875 5804 Fdc - ok
    10:43:23.0937 5804 [ E9648254056BCE81A85380C0C3647DC4 ] FETNDIS C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    10:43:23.0937 5804 FETNDIS - ok
    10:43:23.0968 5804 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    10:43:23.0968 5804 Fips - ok
    10:43:24.0031 5804 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    10:43:24.0046 5804 FLEXnet Licensing Service - ok
    10:43:24.0062 5804 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    10:43:24.0062 5804 Flpydisk - ok
    10:43:24.0093 5804 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    10:43:24.0093 5804 FltMgr - ok
    10:43:24.0156 5804 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    10:43:24.0171 5804 FontCache3.0.0.0 - ok
    10:43:24.0187 5804 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    10:43:24.0187 5804 Fs_Rec - ok
    10:43:24.0203 5804 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    10:43:24.0203 5804 Ftdisk - ok
    10:43:24.0250 5804 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    10:43:24.0250 5804 Gpc - ok
    10:43:24.0265 5804 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    10:43:24.0265 5804 HDAudBus - ok
    10:43:24.0343 5804 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    10:43:24.0343 5804 helpsvc - ok
    10:43:24.0359 5804 HidServ - ok
    10:43:24.0390 5804 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    10:43:24.0390 5804 hidusb - ok
    10:43:24.0421 5804 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    10:43:24.0421 5804 hkmsvc - ok
    10:43:24.0437 5804 hpn - ok
    10:43:24.0468 5804 [ 2A8A2AA68185B47632188F1A8BE44170 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    10:43:24.0468 5804 HPZid412 - ok
    10:43:24.0515 5804 [ 0A520679B0AD3F438E88B746D0C5BA6C ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    10:43:24.0515 5804 HPZipr12 - ok
    10:43:24.0546 5804 [ 1D53F2B2051A3FCE2C8EF0E01B042E25 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    10:43:24.0546 5804 HPZius12 - ok
    10:43:24.0578 5804 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    10:43:24.0593 5804 HTTP - ok
    10:43:24.0625 5804 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    10:43:24.0625 5804 HTTPFilter - ok
    10:43:24.0640 5804 i2omgmt - ok
    10:43:24.0656 5804 i2omp - ok
    10:43:24.0687 5804 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    10:43:24.0687 5804 i8042prt - ok
    10:43:24.0812 5804 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    10:43:24.0843 5804 idsvc - ok
    10:43:24.0921 5804 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130208.004\IDSxpx86.sys
    10:43:24.0937 5804 IDSxpx86 - ok
    10:43:24.0968 5804 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    10:43:24.0968 5804 Imapi - ok
    10:43:25.0031 5804 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    10:43:25.0031 5804 ImapiService - ok
    10:43:25.0046 5804 ini910u - ok
    10:43:25.0218 5804 [ C464CF7A58C011A70188602B55C64E99 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    10:43:25.0328 5804 IntcAzAudAddService - ok
    10:43:25.0343 5804 IntelIde - ok
    10:43:25.0390 5804 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    10:43:25.0390 5804 intelppm - ok
    10:43:25.0421 5804 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    10:43:25.0421 5804 Ip6Fw - ok
    10:43:25.0453 5804 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    10:43:25.0453 5804 IpFilterDriver - ok
    10:43:25.0468 5804 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    10:43:25.0468 5804 IpInIp - ok
    10:43:25.0500 5804 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    10:43:25.0515 5804 IpNat - ok
    10:43:25.0531 5804 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    10:43:25.0531 5804 IPSec - ok
    10:43:25.0546 5804 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    10:43:25.0562 5804 IRENUM - ok
    10:43:25.0593 5804 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    10:43:25.0593 5804 isapnp - ok
    10:43:25.0609 5804 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    10:43:25.0609 5804 Kbdclass - ok
    10:43:25.0640 5804 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    10:43:25.0640 5804 kmixer - ok
    10:43:25.0671 5804 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    10:43:25.0671 5804 KSecDD - ok
    10:43:25.0718 5804 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    10:43:25.0718 5804 lanmanserver - ok
    10:43:25.0765 5804 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    10:43:25.0765 5804 lanmanworkstation - ok
    10:43:25.0781 5804 lbrtfdc - ok
    10:43:25.0828 5804 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    10:43:25.0828 5804 LmHosts - ok
    10:43:25.0890 5804 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    10:43:25.0890 5804 Messenger - ok
    10:43:25.0984 5804 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    10:43:25.0984 5804 Microsoft Office Groove Audit Service - ok
    10:43:26.0031 5804 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    10:43:26.0031 5804 mnmdd - ok
    10:43:26.0046 5804 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    10:43:26.0062 5804 mnmsrvc - ok
    10:43:26.0078 5804 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    10:43:26.0078 5804 Modem - ok
    10:43:26.0109 5804 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    10:43:26.0109 5804 Mouclass - ok
    10:43:26.0125 5804 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    10:43:26.0125 5804 mouhid - ok
    10:43:26.0140 5804 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    10:43:26.0140 5804 MountMgr - ok
    10:43:26.0203 5804 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    10:43:26.0218 5804 MozillaMaintenance - ok
    10:43:26.0218 5804 mraid35x - ok
    10:43:26.0250 5804 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    10:43:26.0250 5804 MRxDAV - ok
    10:43:26.0296 5804 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    10:43:26.0312 5804 MRxSmb - ok
    10:43:26.0343 5804 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    10:43:26.0343 5804 MSDTC - ok
    10:43:26.0375 5804 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    10:43:26.0375 5804 Msfs - ok
    10:43:26.0390 5804 MSIServer - ok
    10:43:26.0406 5804 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    10:43:26.0421 5804 MSKSSRV - ok
    10:43:26.0453 5804 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    10:43:26.0453 5804 MSPCLOCK - ok
    10:43:26.0468 5804 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    10:43:26.0468 5804 MSPQM - ok
    10:43:26.0515 5804 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    10:43:26.0531 5804 mssmbios - ok
    10:43:26.0546 5804 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    10:43:26.0546 5804 MSTEE - ok
    10:43:26.0562 5804 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    10:43:26.0562 5804 Mup - ok
    10:43:26.0593 5804 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    10:43:26.0593 5804 NABTSFEC - ok
    10:43:26.0625 5804 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    10:43:26.0640 5804 napagent - ok
    10:43:26.0703 5804 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130209.009\NAVENG.SYS
    10:43:26.0718 5804 NAVENG - ok
    10:43:26.0765 5804 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130209.009\NAVEX15.SYS
    10:43:26.0796 5804 NAVEX15 - ok
    10:43:26.0828 5804 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    10:43:26.0828 5804 NDIS - ok
    10:43:26.0843 5804 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    10:43:26.0859 5804 NdisIP - ok
    10:43:26.0890 5804 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    10:43:26.0890 5804 NdisTapi - ok
    10:43:26.0953 5804 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    10:43:26.0953 5804 Ndisuio - ok
    10:43:26.0968 5804 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    10:43:26.0968 5804 NdisWan - ok
    10:43:27.0031 5804 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    10:43:27.0031 5804 NDProxy - ok
    10:43:27.0078 5804 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    10:43:27.0078 5804 NetBIOS - ok
    10:43:27.0109 5804 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    10:43:27.0109 5804 NetBT - ok
    10:43:27.0140 5804 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    10:43:27.0156 5804 NetDDE - ok
    10:43:27.0156 5804 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    10:43:27.0156 5804 NetDDEdsdm - ok
    10:43:27.0203 5804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    10:43:27.0203 5804 Netlogon - ok
    10:43:27.0234 5804 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    10:43:27.0234 5804 Netman - ok
    10:43:27.0281 5804 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:43:27.0281 5804 NetTcpPortSharing - ok
    10:43:27.0406 5804 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
    10:43:27.0406 5804 NIS - ok
    10:43:27.0453 5804 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    10:43:27.0453 5804 Nla - ok
    10:43:27.0484 5804 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    10:43:27.0484 5804 Npfs - ok
    10:43:27.0515 5804 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    10:43:27.0531 5804 Ntfs - ok
    10:43:27.0546 5804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    10:43:27.0546 5804 NtLmSsp - ok
    10:43:27.0578 5804 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    10:43:27.0593 5804 NtmsSvc - ok
    10:43:27.0625 5804 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    10:43:27.0625 5804 Null - ok
    10:43:27.0828 5804 [ 8C0456001B6900114BBB1C548BD8AAF5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    10:43:27.0984 5804 nv - ok
    10:43:28.0046 5804 [ 472A00D2183C9E5EDB3E076272741812 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
    10:43:28.0046 5804 NVSvc - ok
    10:43:28.0093 5804 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    10:43:28.0093 5804 NwlnkFlt - ok
    10:43:28.0109 5804 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    10:43:28.0125 5804 NwlnkFwd - ok
    10:43:28.0187 5804 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    10:43:28.0203 5804 odserv - ok
    10:43:28.0250 5804 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    10:43:28.0250 5804 ose - ok
    10:43:28.0296 5804 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    10:43:28.0296 5804 Parport - ok
    10:43:28.0343 5804 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    10:43:28.0343 5804 PartMgr - ok
    10:43:28.0375 5804 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    10:43:28.0375 5804 ParVdm - ok
    10:43:28.0390 5804 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    10:43:28.0390 5804 PCI - ok
    10:43:28.0421 5804 PCIDump - ok
    10:43:28.0437 5804 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    10:43:28.0437 5804 PCIIde - ok
    10:43:28.0468 5804 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    10:43:28.0468 5804 Pcmcia - ok
    10:43:28.0484 5804 PDCOMP - ok
    10:43:28.0500 5804 PDFRAME - ok
    10:43:28.0531 5804 PDRELI - ok
    10:43:28.0546 5804 PDRFRAME - ok
    10:43:28.0562 5804 perc2 - ok
    10:43:28.0578 5804 perc2hib - ok
    10:43:28.0656 5804 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    10:43:28.0656 5804 PlugPlay - ok
    10:43:28.0687 5804 [ 364E30F27BE1E6DED83E81C4DE93E808 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
    10:43:28.0687 5804 Pml Driver HPZ12 - ok
    10:43:28.0703 5804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    10:43:28.0703 5804 PolicyAgent - ok
    10:43:28.0718 5804 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    10:43:28.0734 5804 PptpMiniport - ok
    10:43:28.0750 5804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    10:43:28.0750 5804 ProtectedStorage - ok
    10:43:28.0765 5804 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    10:43:28.0781 5804 PSched - ok
    10:43:28.0796 5804 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    10:43:28.0796 5804 Ptilink - ok
    10:43:28.0812 5804 ql1080 - ok
    10:43:28.0828 5804 Ql10wnt - ok
    10:43:28.0843 5804 ql12160 - ok
    10:43:28.0875 5804 ql1240 - ok
    10:43:28.0890 5804 ql1280 - ok
    10:43:28.0906 5804 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    10:43:28.0906 5804 RasAcd - ok
    10:43:28.0953 5804 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    10:43:28.0968 5804 RasAuto - ok
    10:43:28.0984 5804 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    10:43:28.0984 5804 Rasl2tp - ok
    10:43:29.0015 5804 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    10:43:29.0015 5804 RasMan - ok
    10:43:29.0031 5804 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    10:43:29.0031 5804 RasPppoe - ok
    10:43:29.0046 5804 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    10:43:29.0046 5804 Raspti - ok
    10:43:29.0078 5804 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    10:43:29.0078 5804 Rdbss - ok
    10:43:29.0093 5804 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    10:43:29.0093 5804 RDPCDD - ok
    10:43:29.0171 5804 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    10:43:29.0171 5804 RDPWD - ok
    10:43:29.0203 5804 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    10:43:29.0218 5804 RDSessMgr - ok
    10:43:29.0234 5804 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    10:43:29.0234 5804 redbook - ok
    10:43:29.0281 5804 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    10:43:29.0281 5804 RemoteAccess - ok
    10:43:29.0312 5804 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    10:43:29.0312 5804 RpcLocator - ok
    10:43:29.0343 5804 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    10:43:29.0343 5804 RpcSs - ok
    10:43:29.0390 5804 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    10:43:29.0390 5804 RSVP - ok
    10:43:29.0406 5804 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    10:43:29.0406 5804 SamSs - ok
    10:43:29.0437 5804 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    10:43:29.0437 5804 SCardSvr - ok
    10:43:29.0468 5804 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    10:43:29.0484 5804 Schedule - ok
    10:43:29.0515 5804 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    10:43:29.0515 5804 Secdrv - ok
    10:43:29.0578 5804 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    10:43:29.0578 5804 seclogon - ok
    10:43:29.0625 5804 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    10:43:29.0625 5804 SENS - ok
    10:43:29.0640 5804 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    10:43:29.0640 5804 serenum - ok
    10:43:29.0656 5804 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    10:43:29.0656 5804 Serial - ok
    10:43:29.0718 5804 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    10:43:29.0718 5804 Sfloppy - ok
    10:43:29.0781 5804 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    10:43:29.0781 5804 SharedAccess - ok
    10:43:29.0828 5804 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    10:43:29.0828 5804 ShellHWDetection - ok
    10:43:29.0843 5804 Simbad - ok
    10:43:29.0890 5804 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    10:43:29.0890 5804 SkypeUpdate - ok
    10:43:29.0937 5804 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    10:43:29.0937 5804 SLIP - ok
    10:43:29.0953 5804 Sparrow - ok
    10:43:29.0984 5804 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    10:43:29.0984 5804 splitter - ok
    10:43:30.0031 5804 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    10:43:30.0031 5804 Spooler - ok
    10:43:30.0062 5804 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    10:43:30.0062 5804 sr - ok
    10:43:30.0093 5804 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    10:43:30.0093 5804 srservice - ok
    10:43:30.0125 5804 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NIS\1309010.00E\SRTSP.SYS
    10:43:30.0140 5804 SRTSP - ok
    10:43:30.0171 5804 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NIS\1309010.00E\SRTSPX.SYS
    10:43:30.0171 5804 SRTSPX - ok
    10:43:30.0203 5804 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    10:43:30.0203 5804 Srv - ok
    10:43:30.0250 5804 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    10:43:30.0250 5804 SSDPSRV - ok
    10:43:30.0296 5804 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    10:43:30.0312 5804 stisvc - ok
    10:43:30.0328 5804 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    10:43:30.0343 5804 streamip - ok
    10:43:30.0359 5804 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    10:43:30.0375 5804 swenum - ok
    10:43:30.0375 5804 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    10:43:30.0390 5804 swmidi - ok
    10:43:30.0406 5804 SwPrv - ok
    10:43:30.0421 5804 symc810 - ok
    10:43:30.0453 5804 symc8xx - ok
    10:43:30.0468 5804 SYMDNS - ok
    10:43:30.0500 5804 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NIS\1309010.00E\SYMDS.SYS
    10:43:30.0500 5804 SymDS - ok
    10:43:30.0546 5804 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NIS\1309010.00E\SYMEFA.SYS
    10:43:30.0578 5804 SymEFA - ok
    10:43:30.0625 5804 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    10:43:30.0625 5804 SymEvent - ok
    10:43:30.0640 5804 SYMFW - ok
    10:43:30.0656 5804 SYMIDS - ok
    10:43:30.0687 5804 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NIS\1309010.00E\Ironx86.SYS
    10:43:30.0703 5804 SymIRON - ok
    10:43:30.0703 5804 SYMNDIS - ok
    10:43:30.0734 5804 SYMREDRV - ok
    10:43:30.0750 5804 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NIS\1309010.00E\SYMTDI.SYS
    10:43:30.0765 5804 SYMTDI - ok
    10:43:30.0781 5804 sym_hi - ok
    10:43:30.0796 5804 sym_u3 - ok
    10:43:30.0828 5804 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    10:43:30.0828 5804 sysaudio - ok
    10:43:30.0859 5804 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    10:43:30.0859 5804 SysmonLog - ok
    10:43:30.0890 5804 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    10:43:30.0890 5804 TapiSrv - ok
    10:43:30.0968 5804 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    10:43:30.0984 5804 Tcpip - ok
    10:43:31.0015 5804 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    10:43:31.0015 5804 TDPIPE - ok
    10:43:31.0046 5804 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    10:43:31.0046 5804 TDTCP - ok
    10:43:31.0078 5804 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    10:43:31.0078 5804 TermDD - ok
    10:43:31.0109 5804 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    10:43:31.0109 5804 TermService - ok
    10:43:31.0140 5804 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    10:43:31.0140 5804 Themes - ok
    10:43:31.0171 5804 TosIde - ok
    10:43:31.0203 5804 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    10:43:31.0203 5804 TrkWks - ok
    10:43:31.0250 5804 [ D85938F272D1BCF3DB3A31FC0A048928 ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys
    10:43:31.0250 5804 uagp35 - ok
    10:43:31.0281 5804 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    10:43:31.0281 5804 Udfs - ok
    10:43:31.0296 5804 ultra - ok
    10:43:31.0328 5804 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    10:43:31.0343 5804 Update - ok
    10:43:31.0359 5804 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    10:43:31.0359 5804 upnphost - ok
    10:43:31.0375 5804 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    10:43:31.0390 5804 UPS - ok
    10:43:31.0406 5804 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    10:43:31.0406 5804 usbaudio - ok
    10:43:31.0437 5804 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    10:43:31.0437 5804 usbccgp - ok
    10:43:31.0484 5804 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    10:43:31.0484 5804 usbehci - ok
    10:43:31.0500 5804 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    10:43:31.0515 5804 usbhub - ok
    10:43:31.0546 5804 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
    10:43:31.0546 5804 usbprint - ok
    10:43:31.0578 5804 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    10:43:31.0578 5804 usbscan - ok
    10:43:31.0609 5804 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    10:43:31.0609 5804 USBSTOR - ok
    10:43:31.0640 5804 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    10:43:31.0640 5804 usbuhci - ok
    10:43:31.0671 5804 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    10:43:31.0671 5804 usbvideo - ok
    10:43:31.0703 5804 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    10:43:31.0703 5804 VgaSave - ok
    10:43:31.0718 5804 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    10:43:31.0718 5804 ViaIde - ok
    10:43:31.0734 5804 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    10:43:31.0734 5804 VolSnap - ok
    10:43:31.0765 5804 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    10:43:31.0765 5804 VSS - ok
    10:43:31.0781 5804 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    10:43:31.0781 5804 W32Time - ok
    10:43:31.0812 5804 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    10:43:31.0812 5804 Wanarp - ok
    10:43:31.0875 5804 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    10:43:31.0875 5804 wanatw - ok
    10:43:31.0890 5804 [ EB9A99AB5D17B1727034FF191E6448D7 ] WANMiniportService C:\WINDOWS\wanmpsvc.exe
    10:43:32.0125 5804 WANMiniportService - ok
    10:43:32.0125 5804 WDICA - ok
    10:43:32.0171 5804 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    10:43:32.0171 5804 wdmaud - ok
    10:43:32.0203 5804 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    10:43:32.0203 5804 WebClient - ok
    10:43:32.0296 5804 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    10:43:32.0296 5804 winmgmt - ok
    10:43:32.0359 5804 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    10:43:32.0359 5804 WmdmPmSN - ok
    10:43:32.0406 5804 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    10:43:32.0406 5804 WmiApSrv - ok
    10:43:32.0500 5804 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    10:43:32.0531 5804 WMPNetworkSvc - ok
    10:43:32.0578 5804 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    10:43:32.0578 5804 WS2IFSL - ok
    10:43:32.0625 5804 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    10:43:32.0625 5804 wscsvc - ok
    10:43:32.0671 5804 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    10:43:32.0671 5804 WSTCODEC - ok
    10:43:32.0687 5804 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    10:43:32.0703 5804 wuauserv - ok
    10:43:32.0718 5804 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    10:43:32.0718 5804 WudfPf - ok
    10:43:32.0750 5804 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    10:43:32.0750 5804 WudfRd - ok
    10:43:32.0781 5804 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    10:43:32.0781 5804 WudfSvc - ok
    10:43:32.0828 5804 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    10:43:32.0843 5804 WZCSVC - ok
    10:43:32.0859 5804 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    10:43:32.0875 5804 xmlprov - ok
    10:43:32.0890 5804 ================ Scan global ===============================
    10:43:32.0937 5804 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    10:43:32.0984 5804 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    10:43:33.0000 5804 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    10:43:33.0015 5804 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    10:43:33.0015 5804 [Global] - ok
    10:43:33.0015 5804 ================ Scan MBR ==================================
    10:43:33.0046 5804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    10:43:33.0187 5804 \Device\Harddisk0\DR0 - ok
    10:43:33.0203 5804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    10:43:33.0421 5804 \Device\Harddisk1\DR1 - ok
    10:43:33.0421 5804 ================ Scan VBR ==================================
    10:43:33.0437 5804 [ 2F31B8AFFEF396642A912D7F2C09A3D7 ] \Device\Harddisk0\DR0\Partition1
    10:43:33.0437 5804 \Device\Harddisk0\DR0\Partition1 - ok
    10:43:33.0453 5804 [ BFEB8589F3C3AE3123AF114D01AAFE16 ] \Device\Harddisk1\DR1\Partition1
    10:43:33.0453 5804 \Device\Harddisk1\DR1\Partition1 - ok
    10:43:33.0468 5804 ============================================================
    10:43:33.0468 5804 Scan finished
    10:43:33.0468 5804 ============================================================
    10:43:33.0500 5796 Detected object count: 0
    10:43:33.0500 5796 Actual detected object count: 0
    10:43:53.0328 5248 Deinitialize success
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    No problem. I just hope everyone's OK in the storm regions.

    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  12. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    Here's the Combofix file

    ComboFix 13-02-07.02 - USER 02/10/2013 11:33:59.4.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1301 [GMT -5:00]
    Running from: c:\documents and settings\USER\Desktop\puppy.exe
    AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-10 16:26 . 2013-02-10 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
    2013-02-08 22:33 . 2013-02-08 22:34 -------- d-----w- c:\program files\Antique Road Trip USA
    2013-02-06 23:51 . 2013-02-06 23:51 -------- d-----w- c:\documents and settings\USER\Application Data\Melesta
    2013-02-06 23:35 . 2013-02-06 23:36 -------- d-----w- c:\program files\Meridian - Age of Invention
    2013-02-06 23:00 . 2013-02-06 23:01 -------- d-----w- c:\program files\Green City
    2013-02-06 01:36 . 2013-02-06 01:36 -------- d-----w- c:\windows\system32\drivers\NIS\1309010.00E
    2013-02-01 01:48 . 2013-02-01 01:48 -------- d-----w- c:\documents and settings\USER\Application Data\Nitreal Games
    2013-02-01 00:07 . 2013-02-01 00:08 -------- d-----w- c:\program files\Ancient Rome 2
    2013-01-30 23:54 . 2013-01-30 23:54 -------- d-----w- c:\program files\New Yankee in King Arthur's Court 2
    2013-01-29 23:29 . 2013-01-29 23:30 -------- d-----w- c:\program files\Found - A Hidden Object Adventure - Free to Play
    2013-01-29 23:28 . 2013-01-29 23:28 -------- d-----w- c:\documents and settings\USER\Application Data\HipSoft
    2013-01-13 12:42 . 2013-01-13 12:42 -------- d-----w- c:\program files\Hidden World of Art
    2013-01-12 13:34 . 2013-01-12 13:35 -------- d-----w- c:\program files\Aquapolis
    2013-01-11 23:29 . 2013-01-11 23:29 -------- d-----w- c:\program files\Aeria Games
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-10 03:06 . 2012-04-04 09:32 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-10 03:06 . 2011-05-12 22:24 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2013-02-06 01:49 . 2013-02-06 01:49 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\documents and settings\USER\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-10-09 4441920]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
    "nwiz"="nwiz.exe" [2007-12-04 1626112]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
    "RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
    "SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-03-27 26112]
    "HostManager"="c:\program files\Common Files\AOL\1238500289\ee\AOLSoftware.exe" [2010-03-08 41800]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    "Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2013-01-08 1794224]
    .
    c:\documents and settings\USER\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\USER\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1238500289\\ee\\aolsoftware.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\AOL Desktop 9.6\\AOLBrowser\\aolbrowser.exe"=
    "c:\\Program Files\\AOL Desktop 9.6\\waol.exe"=
    "c:\\Documents and Settings\\USER\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    "1038:TCP"= 1038:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1309010.00E\symds.sys [2/5/2013 8:36 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1309010.00E\symefa.sys [2/5/2013 8:36 PM 924320]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [1/15/2013 9:51 PM 997464]
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [3/26/2009 1:34 PM 13696]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1309010.00E\ccsetx86.sys [2/5/2013 8:36 PM 132768]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1309010.00E\ironx86.sys [2/5/2013 8:36 PM 149624]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2/5/2013 8:36 PM 138272]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/9/2012 5:30 AM 106656]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130208.004\IDSXpx86.sys [2/8/2013 9:12 PM 373728]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 19273049
    *NewlyCreated* - 80046374
    *Deregistered* - 19273049
    *Deregistered* - 80046374
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:06]
    .
    2012-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2009-07-19 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21238181717.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 01:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://webmail.aol.com/
    uInternet Settings,ProxyOverride = <local>;*.local
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
    FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\tdolf9i0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://webmail.aol.com/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-12-24 20:18; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-10 11:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(6104)
    c:\windows\system32\WININET.dll
    c:\documents and settings\USER\Application Data\Dropbox\bin\DropboxExt.17.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2013-02-10 11:47:04
    ComboFix-quarantined-files.txt 2013-02-10 16:46
    .
    Pre-Run: 410,454,433,792 bytes free
    Post-Run: 410,942,173,184 bytes free
    .
    - - End Of File - - 5C285BB634518406487238C0A96DD556
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    Are you still getting redirected?
     
  14. Proforce

    Proforce Thread Starter

    Joined:
    Jun 4, 2012
    Messages:
    46
    Yeah, it's still there. I just checked, searching for the video game Ratchet and Clank and ending up on monster.com when I click on the link that's supposed to lead me to the main site. I'll try to figure that one out later.
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,669
    Please download OTL to your Desktop.
    • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under Custom Scans/Fixes type in Netsvcs
    • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
    • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy and paste the contents of both of these files here in your next reply.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085041