llines

I ran the shorcut cleaner but it reported no hijacked shortcuts. Rebooted in safe mode and the redirects do not occur here.

Hi Ran the scan and it reported no malware found. I did a couple of different google searches and things looked good for the first 5 links I picked and then it went wonky again. It is back to redirecting again. I only picked safe sites so it wasn't because I clicked on a bad site. Here are the two logs: mbar-log: Malwarebytes Anti-Rootkit BETA 1.01.0.1016 www.malwarebytes.org Database version: v2013.01.26.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Glenn :: LEISURELINES [administrator] 26/01/2013 4:27:43 PM mbar-log-2013-01-26 (16-27-43).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27973 Time elapsed: 9 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) System Log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1016 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_35 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.388000 GHz Memory total: 3471441920, free: 2487795712 ------------ Kernel report ------------ 01/26/2013 16:17:19 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys ohci1394.sys \WINDOWS\system32\DRIVERS\1394BUS.SYS compbatt.sys \WINDOWS\system32\DRIVERS\BATTC.SYS pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltMgr.sys SYMDS.SYS sr.sys SYMEFA.SYS PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igxpmp32.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\HECI.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\e1e5132.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\nic1394.sys \SystemRoot\system32\DRIVERS\tpm.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelsmb.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\DRIVERS\teefer.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSP.SYS \SystemRoot\system32\Drivers\SEP\0C0103E8\009D.105\x86\Ironx86.SYS \SystemRoot\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSPX.SYS \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\point32.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\VX3000.sys \SystemRoot\system32\DRIVERS\STREAM.SYS \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMTDI.SYS \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\arp1394.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\Drivers\SysPlant.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys \??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130107.011\BHDrvx86.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\igxpgd32.dll \SystemRoot\System32\igxprd32.dll \SystemRoot\System32\igxpdv32.DLL \SystemRoot\System32\igxpdx32.DLL \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\osaio.sys \SystemRoot\System32\Drivers\TDTCP.SYS \SystemRoot\System32\Drivers\RDPWD.SYS \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\System32\Drivers\Fastfat.SYS \??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130124.001\IDSxpx86.sys \??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130125.023\NAVEX15.SYS \??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130125.023\NAVENG.SYS \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll \WINDOWS\system32\sysferThunk.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8af03ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-16\ Lower Device Object: 0xffffffff8af0ab00 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Load Function returned 0x0 Downloaded database version: v2013.01.26.10 Downloaded database version: v2013.01.23.01 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8af03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8af01e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8af03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8af35948, DeviceName: \Device\0000007c\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8af0ab00, DeviceName: \Device\Ide\IdeDeviceP5T0L0-16\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe8e99510, 0xffffffff8af03ab8, 0xffffffff8a1b5040 Lower DeviceData: 0xffffffffe3fae4a8, 0xffffffff8af0ab00, 0xffffffff88b897f8 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ianswxp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fastfat.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\iqvw32.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 894F894F Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 488375937 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)... Done! Performing system, memory and registry scan... Read File: File "c:\Documents and Settings\administrator\Application Data\Adobe\Color\ACEConfigCache2.lst" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Application Data\Adobe\LogTransport2\LogTransport2.cfg" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Adobe\AIR\eulaAccepted" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Adobe\SLStore\5C38EC5D542E" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Adobe\SLStore\5E36EF5D432E" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\Hx_4105_MValidator.Lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.EXCEL.12.1033_4105_MValidator.Lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSACCESS.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSACCESS.12.1033_4105_MValidator.Lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSACCESS.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSPUB.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSPUB.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.OUTLOOK.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.OUTLOOK.12.1033_4105_MValidator.Lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.OUTLOOK.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.WINWORD.12.1033_4105_MValidator.Lck" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "c:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.grd" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "c:\Program Files\Common Files\psasetup.log" is compressed (flags = 1) Read File: File "c:\Program Files\Opera\operadef6.ini" is compressed (flags = 1) Read File: File "c:\Program Files\Opera\operaprefs_default.ini" is compressed (flags = 1) Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1) Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\logonui.exe.manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\winrm.cmd" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\odbcinst.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\pool.bin" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\HPPDEVX.DLL.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\wbem\WindowsSearchEngine_Uninst.mof" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\ODBC.INI" is compressed (flags = 1) Read File: File "c:\WINDOWS\spupdsvc.log.1.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\DtcInstall.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\amswin.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\bti.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\BTIWARN.LOG" is compressed (flags = 1) Read File: File "c:\WINDOWS\cdplayer.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\cmsetacl.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\SYSTEM.SA1" is compressed (flags = 1) Read File: File "c:\WINDOWS\pmcpv.ch.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\Debug\blastcln.log" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Downloaded Program Files\swflash.inf" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Aspnet.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state_perf.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ilasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\netmemorycache.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1) Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1) Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Adobe\Updater5\AdobeUpdaterPrefs.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Installer1164\payloads\Setup.xml" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Outlook\CGTA - Admin.sharing.xml.obi" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Outlook\~last~.sharing.xml.obi" is compressed (flags = 1) Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Silverlight\mssl.lck" is compressed (flags = 1) Done! Scan finished =======================================

I do agree to the terms, please send me the link. Thanks

i have also tried creating a new user account but the problem showed up there too.

Ok, time to bring out the big guns. lol Just followed your suggested steps but unfortunately, I am still being redirected. Most often there is reference to searchwebresults.com or livesearchnow in the URL. I tried one other thing a few days ago, I removed my hard drive and connected it to another CPU so I could do the scan outside of this environment. Ran a Symantec scan and it came up with bloodhound MalPE on the first scan. I removed it and ran mbam and another Symantec scan which both came up clean. Put the hard drive back into it's original home and fired it up only to find I was still being redirected.

Yes we are still being redirected and we are connected via a router. I have rebooted the router several times. Have also reset internet settings to default.

Here is the mbam log: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.11.15 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Glenn :: LEISURELINES [administrator] 11/01/2013 9:23:52 PM mbam-log-2013-01-11 (21-23-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 233194 Time elapsed: 4 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is the Combofix log: ComboFix 13-01-11.02 - Glenn 11/01/2013 21:33:28.3.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3311.2321 [GMT -5:00] Running from: c:\documents and settings\Glenn\Desktop\Cleanup\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . ((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 ))))))))))))))))))))))))))))))) . . 2013-01-10 03:23 . 2013-01-10 03:23 -------- d-----w- c:\documents and settings\Glenn\Application Data\SPE 2013-01-09 18:35 . 2013-01-09 18:35 -------- d-----w- c:\documents and settings\Glenn\Application Data\TeamViewer 2013-01-08 01:57 . 2013-01-08 01:57 -------- d-----w- c:\program files\ESET 2013-01-06 14:09 . 2013-01-06 14:09 -------- d--h--w- c:\windows\PIF 2012-12-26 21:43 . 2012-12-26 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-26 21:31 . 2012-12-26 21:31 -------- d-----w- c:\program files\iPod . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 18:44 . 2012-07-27 16:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 18:44 . 2012-01-30 19:50 74248 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 21:49 . 2012-12-12 03:07 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2008-04-14 12:00 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-16 15:15 . 2012-12-08 03:25 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2010-09-16 15:16 . 2012-12-08 03:25 185240 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2010-09-16 15:16 . 2012-12-08 03:25 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2010-09-16 15:16 . 2012-12-08 03:25 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2012-12-08 03:25 . 2012-12-08 03:25 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 138008] "RTHDCPL"="RTHDCPL.EXE" [2007-09-07 16377344] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-09-07 401408] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-27 198160] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-25 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-10-28 113664] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-12-9 106560] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\snac.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "50699:TCP"= 50699:TCP:Windows Core Service . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [16/07/2011 7:48 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [27/08/2011 7:48 PM 758904] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130107.011\BHDrvx86.sys [09/01/2013 12:03 AM 995488] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [13/09/2011 7:46 PM 137336] R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [20/09/2011 11:58 PM 137224] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [02/12/2008 11:59 PM 2514944] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/08/2012 3:34 AM 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130111.003\IDSXpx86.sys [11/01/2013 8:31 PM 373728] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09/11/2012 11:21 AM 160944] S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?] S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SyDvCtrl32.sys [30/10/2011 8:57 PM 23984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 18:44] . 2013-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2013-01-11 c:\windows\Tasks\At1.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07] . 2013-01-12 c:\windows\Tasks\At2.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07] . 2013-01-12 c:\windows\Tasks\At3.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07] . 2013-01-11 c:\windows\Tasks\At4.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07] . 2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-16 20:18] . 2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-16 20:18] . 2010-12-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35] . 2013-01-11 c:\windows\Tasks\QYCAO.job - c:\windows\system32\dpmodemx2.dll [2012-12-02 15:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://rogers.my.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 64.71.255.198 FF - ProfilePath - c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\6lptv6sg.default\ FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-11 21:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService] "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService] "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3460) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-01-11 21:40:25 ComboFix-quarantined-files.txt 2013-01-12 02:40 ComboFix2.txt 2013-01-06 14:32 . Pre-Run: 183,724,949,504 bytes free Post-Run: 183,819,800,576 bytes free . - - End Of File - - 66430BBFD92D6912EFEE31F22CD34595 Thanks again

I have followed each of the steps as instructed. Here are the logs and any notes of interest: TDSKiller reported no infection. Here is the log: 20:52:51.0031 2772 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:52:51.0421 2772 ============================================================ 20:52:51.0421 2772 Current date / time: 2013/01/07 20:52:51.0421 20:52:51.0421 2772 SystemInfo: 20:52:51.0421 2772 20:52:51.0421 2772 OS Version: 5.1.2600 ServicePack: 3.0 20:52:51.0421 2772 Product type: Workstation 20:52:51.0421 2772 ComputerName: LEISURELINES 20:52:51.0421 2772 UserName: Glenn 20:52:51.0421 2772 Windows directory: C:\WINDOWS 20:52:51.0421 2772 System windows directory: C:\WINDOWS 20:52:51.0421 2772 Processor architecture: Intel x86 20:52:51.0421 2772 Number of processors: 4 20:52:51.0421 2772 Page size: 0x1000 20:52:51.0421 2772 Boot type: Normal boot 20:52:51.0421 2772 ============================================================ 20:52:52.0593 2772 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:52:52.0593 2772 ============================================================ 20:52:52.0593 2772 \Device\Harddisk0\DR0: 20:52:52.0593 2772 MBR partitions: 20:52:52.0593 2772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681 20:52:52.0593 2772 ============================================================ 20:52:52.0609 2772 C: <-> \Device\Harddisk0\DR0\Partition1 20:52:52.0609 2772 ============================================================ 20:52:52.0609 2772 Initialize success 20:52:52.0609 2772 ============================================================ 20:53:09.0421 0212 ============================================================ 20:53:09.0421 0212 Scan started 20:53:09.0421 0212 Mode: Manual; 20:53:09.0421 0212 ============================================================ 20:53:09.0781 0212 ================ Scan system memory ======================== 20:53:10.0796 0212 System memory - ok 20:53:10.0796 0212 ================ Scan services ============================= 20:53:10.0875 0212 Abiosdsk - ok 20:53:10.0875 0212 abp480n5 - ok 20:53:10.0890 0212 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:53:10.0890 0212 ACPI - ok 20:53:10.0906 0212 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 20:53:10.0921 0212 ACPIEC - ok 20:53:10.0968 0212 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 20:53:11.0015 0212 AdobeFlashPlayerUpdateSvc - ok 20:53:11.0015 0212 adpu160m - ok 20:53:11.0031 0212 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 20:53:11.0046 0212 aec - ok 20:53:11.0062 0212 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 20:53:11.0062 0212 AFD - ok 20:53:11.0062 0212 Aha154x - ok 20:53:11.0062 0212 aic78u2 - ok 20:53:11.0078 0212 aic78xx - ok 20:53:11.0093 0212 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 20:53:11.0093 0212 Alerter - ok 20:53:11.0140 0212 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 20:53:11.0140 0212 ALG - ok 20:53:11.0140 0212 AliIde - ok 20:53:11.0140 0212 amsint - ok 20:53:11.0203 0212 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:53:11.0203 0212 Apple Mobile Device - ok 20:53:11.0203 0212 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 20:53:11.0218 0212 AppMgmt - ok 20:53:11.0234 0212 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys 20:53:11.0234 0212 Arp1394 - ok 20:53:11.0234 0212 asc - ok 20:53:11.0234 0212 asc3350p - ok 20:53:11.0234 0212 asc3550 - ok 20:53:11.0296 0212 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 20:53:11.0359 0212 aspnet_state - ok 20:53:11.0390 0212 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:53:11.0390 0212 AsyncMac - ok 20:53:11.0406 0212 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 20:53:11.0406 0212 atapi - ok 20:53:11.0437 0212 [ F98C190E0596B75158592EAC55FC2466 ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe 20:53:11.0437 0212 atchksrv - ok 20:53:11.0437 0212 Atdisk - ok 20:53:11.0453 0212 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:53:11.0453 0212 Atmarpc - ok 20:53:11.0484 0212 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 20:53:11.0484 0212 AudioSrv - ok 20:53:11.0500 0212 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 20:53:11.0500 0212 audstub - ok 20:53:11.0531 0212 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 20:53:11.0531 0212 Beep - ok 20:53:11.0609 0212 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121130.011\BHDrvx86.sys 20:53:11.0625 0212 BHDrvx86 - ok 20:53:11.0640 0212 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 20:53:11.0671 0212 BITS - ok 20:53:11.0718 0212 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:53:11.0734 0212 Bonjour Service - ok 20:53:11.0750 0212 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 20:53:11.0750 0212 Browser - ok 20:53:11.0750 0212 catchme - ok 20:53:11.0781 0212 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 20:53:11.0781 0212 cbidf2k - ok 20:53:11.0812 0212 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 20:53:11.0812 0212 CCDECODE - ok 20:53:11.0828 0212 cd20xrnt - ok 20:53:11.0843 0212 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 20:53:11.0843 0212 Cdaudio - ok 20:53:11.0843 0212 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 20:53:11.0843 0212 Cdfs - ok 20:53:11.0875 0212 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:53:11.0875 0212 Cdrom - ok 20:53:11.0875 0212 Changer - ok 20:53:11.0890 0212 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 20:53:11.0906 0212 CiSvc - ok 20:53:11.0921 0212 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 20:53:11.0921 0212 ClipSrv - ok 20:53:11.0984 0212 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:53:12.0046 0212 clr_optimization_v2.0.50727_32 - ok 20:53:12.0078 0212 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:53:12.0125 0212 clr_optimization_v4.0.30319_32 - ok 20:53:12.0140 0212 CmdIde - ok 20:53:12.0140 0212 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 20:53:12.0156 0212 Compbatt - ok 20:53:12.0156 0212 COMSysApp - ok 20:53:12.0156 0212 Cpqarray - ok 20:53:12.0187 0212 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 20:53:12.0187 0212 CryptSvc - ok 20:53:12.0187 0212 dac2w2k - ok 20:53:12.0187 0212 dac960nt - ok 20:53:12.0218 0212 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 20:53:12.0218 0212 DcomLaunch - ok 20:53:12.0234 0212 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 20:53:12.0250 0212 Dhcp - ok 20:53:12.0250 0212 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 20:53:12.0265 0212 Disk - ok 20:53:12.0265 0212 dmadmin - ok 20:53:12.0296 0212 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 20:53:12.0312 0212 dmboot - ok 20:53:12.0312 0212 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 20:53:12.0312 0212 dmio - ok 20:53:12.0328 0212 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 20:53:12.0328 0212 dmload - ok 20:53:12.0343 0212 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 20:53:12.0343 0212 dmserver - ok 20:53:12.0359 0212 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 20:53:12.0359 0212 DMusic - ok 20:53:12.0375 0212 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 20:53:12.0375 0212 Dnscache - ok 20:53:12.0390 0212 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 20:53:12.0390 0212 Dot3svc - ok 20:53:12.0390 0212 dpti2o - ok 20:53:12.0406 0212 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 20:53:12.0406 0212 drmkaud - ok 20:53:12.0437 0212 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys 20:53:12.0437 0212 e1express - ok 20:53:12.0453 0212 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 20:53:12.0453 0212 EapHost - ok 20:53:12.0500 0212 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 20:53:12.0500 0212 eeCtrl - ok 20:53:12.0515 0212 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 20:53:12.0515 0212 EraserUtilRebootDrv - ok 20:53:12.0531 0212 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 20:53:12.0531 0212 ERSvc - ok 20:53:12.0546 0212 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 20:53:12.0546 0212 Eventlog - ok 20:53:12.0578 0212 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 20:53:12.0578 0212 EventSystem - ok 20:53:12.0593 0212 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 20:53:12.0593 0212 Fastfat - ok 20:53:12.0625 0212 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 20:53:12.0640 0212 FastUserSwitchingCompatibility - ok 20:53:12.0656 0212 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys 20:53:12.0656 0212 Fdc - ok 20:53:12.0671 0212 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 20:53:12.0671 0212 Fips - ok 20:53:12.0703 0212 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 20:53:12.0734 0212 FLEXnet Licensing Service - ok 20:53:12.0734 0212 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys 20:53:12.0750 0212 Flpydisk - ok 20:53:12.0765 0212 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys 20:53:12.0765 0212 FltMgr - ok 20:53:12.0828 0212 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:53:12.0890 0212 FontCache3.0.0.0 - ok 20:53:12.0921 0212 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:53:12.0921 0212 Fs_Rec - ok 20:53:12.0968 0212 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:53:12.0984 0212 Ftdisk - ok 20:53:13.0031 0212 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 20:53:13.0046 0212 GEARAspiWDM - ok 20:53:13.0062 0212 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:53:13.0062 0212 Gpc - ok 20:53:13.0078 0212 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 20:53:13.0093 0212 gupdate - ok 20:53:13.0093 0212 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 20:53:13.0093 0212 gupdatem - ok 20:53:13.0093 0212 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:53:13.0093 0212 HDAudBus - ok 20:53:13.0109 0212 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys 20:53:13.0109 0212 HECI - ok 20:53:13.0140 0212 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:53:13.0140 0212 helpsvc - ok 20:53:13.0156 0212 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys 20:53:13.0156 0212 HidBatt - ok 20:53:13.0187 0212 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll 20:53:13.0187 0212 HidServ - ok 20:53:13.0187 0212 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:53:13.0187 0212 hidusb - ok 20:53:13.0218 0212 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 20:53:13.0218 0212 hkmsvc - ok 20:53:13.0218 0212 hpn - ok 20:53:13.0265 0212 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 20:53:13.0265 0212 HTTP - ok 20:53:13.0312 0212 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 20:53:13.0312 0212 HTTPFilter - ok 20:53:13.0312 0212 i2omgmt - ok 20:53:13.0312 0212 i2omp - ok 20:53:13.0328 0212 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys 20:53:13.0328 0212 i8042prt - ok 20:53:13.0421 0212 [ 12C7F8D581C4A9F126F5F8F5683A1C29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 20:53:13.0515 0212 ialm - ok 20:53:13.0562 0212 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:53:13.0562 0212 IDriverT - ok 20:53:13.0625 0212 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:53:13.0671 0212 idsvc - ok 20:53:13.0734 0212 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130104.001\IDSxpx86.sys 20:53:13.0734 0212 IDSxpx86 - ok 20:53:13.0734 0212 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 20:53:13.0734 0212 Imapi - ok 20:53:13.0765 0212 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 20:53:13.0765 0212 ImapiService - ok 20:53:13.0765 0212 ini910u - ok 20:53:13.0843 0212 [ 9F6320E7B0C43E4E5693E1515BA5595C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 20:53:13.0859 0212 IntcAzAudAddService - ok 20:53:13.0875 0212 IntelIde - ok 20:53:13.0890 0212 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 20:53:13.0906 0212 intelppm - ok 20:53:13.0921 0212 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 20:53:13.0921 0212 Ip6Fw - ok 20:53:13.0953 0212 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:53:13.0953 0212 IpFilterDriver - ok 20:53:13.0968 0212 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:53:13.0968 0212 IpInIp - ok 20:53:13.0984 0212 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:53:13.0984 0212 IpNat - ok 20:53:14.0015 0212 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:53:14.0015 0212 iPod Service - ok 20:53:14.0046 0212 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:53:14.0046 0212 IPSec - ok 20:53:14.0078 0212 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 20:53:14.0093 0212 IRENUM - ok 20:53:14.0093 0212 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:53:14.0093 0212 isapnp - ok 20:53:14.0125 0212 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe 20:53:14.0125 0212 JavaQuickStarterService - ok 20:53:14.0140 0212 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:53:14.0140 0212 Kbdclass - ok 20:53:14.0156 0212 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:53:14.0156 0212 kbdhid - ok 20:53:14.0156 0212 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 20:53:14.0156 0212 kmixer - ok 20:53:14.0171 0212 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 20:53:14.0171 0212 KSecDD - ok 20:53:14.0187 0212 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll 20:53:14.0187 0212 LanmanServer - ok 20:53:14.0218 0212 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 20:53:14.0218 0212 lanmanworkstation - ok 20:53:14.0234 0212 lbrtfdc - ok 20:53:14.0250 0212 LiveUpdate - ok 20:53:14.0281 0212 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 20:53:14.0281 0212 LmHosts - ok 20:53:14.0296 0212 [ 37D3C351995F2BEC0C6C35E73F8F11AF ] LMS C:\Program Files\Intel\AMT\LMS.exe 20:53:14.0296 0212 LMS - ok 20:53:14.0328 0212 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 20:53:14.0328 0212 Messenger - ok 20:53:14.0343 0212 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 20:53:14.0343 0212 mnmdd - ok 20:53:14.0375 0212 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 20:53:14.0390 0212 mnmsrvc - ok 20:53:14.0406 0212 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 20:53:14.0421 0212 Modem - ok 20:53:14.0437 0212 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:53:14.0453 0212 Mouclass - ok 20:53:14.0468 0212 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:53:14.0468 0212 mouhid - ok 20:53:14.0468 0212 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 20:53:14.0468 0212 MountMgr - ok 20:53:14.0500 0212 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 20:53:14.0500 0212 MozillaMaintenance - ok 20:53:14.0515 0212 mraid35x - ok 20:53:14.0531 0212 [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:53:14.0531 0212 MRxDAV - ok 20:53:14.0546 0212 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:53:14.0562 0212 MRxSmb - ok 20:53:14.0640 0212 [ 7419D631C390C558A5A87484567BABD5 ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe 20:53:14.0656 0212 MSCSPTISRV - ok 20:53:14.0687 0212 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 20:53:14.0703 0212 MSDTC - ok 20:53:14.0718 0212 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 20:53:14.0718 0212 Msfs - ok 20:53:14.0718 0212 MSIServer - ok 20:53:14.0750 0212 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:53:14.0750 0212 MSKSSRV - ok 20:53:14.0765 0212 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:53:14.0765 0212 MSPCLOCK - ok 20:53:14.0765 0212 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 20:53:14.0781 0212 MSPQM - ok 20:53:14.0796 0212 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:53:14.0796 0212 mssmbios - ok 20:53:14.0828 0212 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 20:53:14.0828 0212 MSTEE - ok 20:53:14.0843 0212 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 20:53:14.0843 0212 Mup - ok 20:53:14.0859 0212 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 20:53:14.0859 0212 NABTSFEC - ok 20:53:14.0890 0212 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 20:53:14.0890 0212 napagent - ok 20:53:14.0953 0212 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130106.009\NAVENG.SYS 20:53:14.0968 0212 NAVENG - ok 20:53:15.0000 0212 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130106.009\NAVEX15.SYS 20:53:15.0000 0212 NAVEX15 - ok 20:53:15.0031 0212 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 20:53:15.0031 0212 NDIS - ok 20:53:15.0046 0212 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 20:53:15.0062 0212 NdisIP - ok 20:53:15.0078 0212 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:53:15.0078 0212 NdisTapi - ok 20:53:15.0109 0212 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:53:15.0109 0212 Ndisuio - ok 20:53:15.0109 0212 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:53:15.0109 0212 NdisWan - ok 20:53:15.0125 0212 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 20:53:15.0125 0212 NDProxy - ok 20:53:15.0140 0212 [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll 20:53:15.0156 0212 Net Driver HPZ12 - ok 20:53:15.0156 0212 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 20:53:15.0156 0212 NetBIOS - ok 20:53:15.0171 0212 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 20:53:15.0171 0212 NetBT - ok 20:53:15.0187 0212 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 20:53:15.0203 0212 NetDDE - ok 20:53:15.0234 0212 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 20:53:15.0234 0212 NetDDEdsdm - ok 20:53:15.0281 0212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 20:53:15.0281 0212 Netlogon - ok 20:53:15.0296 0212 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 20:53:15.0312 0212 Netman - ok 20:53:15.0343 0212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 20:53:15.0375 0212 NetTcpPortSharing - ok 20:53:15.0390 0212 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys 20:53:15.0406 0212 NIC1394 - ok 20:53:15.0437 0212 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 20:53:15.0437 0212 Nla - ok 20:53:15.0437 0212 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 20:53:15.0437 0212 Npfs - ok 20:53:15.0468 0212 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 20:53:15.0484 0212 Ntfs - ok 20:53:15.0484 0212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 20:53:15.0484 0212 NtLmSsp - ok 20:53:15.0515 0212 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 20:53:15.0531 0212 NtmsSvc - ok 20:53:15.0546 0212 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 20:53:15.0546 0212 Null - ok 20:53:15.0578 0212 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:53:15.0593 0212 NwlnkFlt - ok 20:53:15.0593 0212 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:53:15.0593 0212 NwlnkFwd - ok 20:53:15.0656 0212 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:53:15.0687 0212 odserv - ok 20:53:15.0687 0212 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys 20:53:15.0687 0212 ohci1394 - ok 20:53:15.0703 0212 [ 1204A181AAE8D17BE8786EF8FB70A1C6 ] osaio C:\WINDOWS\system32\drivers\osaio.sys 20:53:15.0703 0212 osaio - ok 20:53:15.0734 0212 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:53:15.0796 0212 ose - ok 20:53:15.0828 0212 [ 778C309121067D83B8A48CDB658B4C17 ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe 20:53:15.0843 0212 PACSPTISVR - ok 20:53:15.0859 0212 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys 20:53:15.0859 0212 Parport - ok 20:53:15.0859 0212 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 20:53:15.0859 0212 PartMgr - ok 20:53:15.0875 0212 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 20:53:15.0890 0212 ParVdm - ok 20:53:15.0890 0212 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 20:53:15.0890 0212 PCI - ok 20:53:15.0890 0212 PCIDump - ok 20:53:15.0906 0212 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 20:53:15.0906 0212 PCIIde - ok 20:53:15.0921 0212 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 20:53:15.0937 0212 Pcmcia - ok 20:53:15.0937 0212 PDCOMP - ok 20:53:15.0937 0212 PDFRAME - ok 20:53:15.0937 0212 PDRELI - ok 20:53:15.0937 0212 PDRFRAME - ok 20:53:15.0937 0212 perc2 - ok 20:53:15.0937 0212 perc2hib - ok 20:53:15.0953 0212 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 20:53:15.0968 0212 PlugPlay - ok 20:53:15.0968 0212 [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll 20:53:15.0968 0212 Pml Driver HPZ12 - ok 20:53:16.0000 0212 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys 20:53:16.0000 0212 Point32 - ok 20:53:16.0000 0212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 20:53:16.0000 0212 PolicyAgent - ok 20:53:16.0015 0212 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:53:16.0015 0212 PptpMiniport - ok 20:53:16.0015 0212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 20:53:16.0015 0212 ProtectedStorage - ok 20:53:16.0015 0212 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 20:53:16.0015 0212 PSched - ok 20:53:16.0015 0212 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:53:16.0015 0212 Ptilink - ok 20:53:16.0031 0212 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:53:16.0046 0212 PxHelp20 - ok 20:53:16.0046 0212 ql1080 - ok 20:53:16.0046 0212 Ql10wnt - ok 20:53:16.0046 0212 ql12160 - ok 20:53:16.0046 0212 ql1240 - ok 20:53:16.0062 0212 ql1280 - ok 20:53:16.0062 0212 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:53:16.0062 0212 RasAcd - ok 20:53:16.0078 0212 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 20:53:16.0078 0212 RasAuto - ok 20:53:16.0093 0212 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:53:16.0093 0212 Rasl2tp - ok 20:53:16.0109 0212 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 20:53:16.0109 0212 RasMan - ok 20:53:16.0125 0212 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:53:16.0125 0212 RasPppoe - ok 20:53:16.0125 0212 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 20:53:16.0125 0212 Raspti - ok 20:53:16.0140 0212 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:53:16.0140 0212 Rdbss - ok 20:53:16.0140 0212 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:53:16.0140 0212 RDPCDD - ok 20:53:16.0156 0212 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 20:53:16.0171 0212 rdpdr - ok 20:53:16.0203 0212 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 20:53:16.0203 0212 RDPWD - ok 20:53:16.0218 0212 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 20:53:16.0218 0212 RDSessMgr - ok 20:53:16.0234 0212 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 20:53:16.0234 0212 redbook - ok 20:53:16.0250 0212 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 20:53:16.0281 0212 RemoteAccess - ok 20:53:16.0296 0212 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 20:53:16.0296 0212 RemoteRegistry - ok 20:53:16.0343 0212 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe 20:53:16.0343 0212 RichVideo - ok 20:53:16.0375 0212 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys 20:53:16.0390 0212 RimUsb - ok 20:53:16.0421 0212 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe 20:53:16.0421 0212 RpcLocator - ok 20:53:16.0453 0212 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll 20:53:16.0453 0212 RpcSs - ok 20:53:16.0484 0212 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 20:53:16.0484 0212 RSVP - ok 20:53:16.0500 0212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 20:53:16.0500 0212 SamSs - ok 20:53:16.0515 0212 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 20:53:16.0515 0212 SCardSvr - ok 20:53:16.0531 0212 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 20:53:16.0531 0212 Schedule - ok 20:53:16.0546 0212 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:53:16.0546 0212 Secdrv - ok 20:53:16.0578 0212 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 20:53:16.0578 0212 seclogon - ok 20:53:16.0578 0212 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 20:53:16.0578 0212 SENS - ok 20:53:16.0625 0212 [ 74885BDFF62E537F268EBF8E8CEC24BB ] SepMasterService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe 20:53:16.0625 0212 SepMasterService - ok 20:53:16.0640 0212 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 20:53:16.0640 0212 serenum - ok 20:53:16.0656 0212 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 20:53:16.0656 0212 Serial - ok 20:53:16.0671 0212 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 20:53:16.0687 0212 Sfloppy - ok 20:53:16.0703 0212 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 20:53:16.0703 0212 SharedAccess - ok 20:53:16.0718 0212 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 20:53:16.0718 0212 ShellHWDetection - ok 20:53:16.0718 0212 Simbad - ok 20:53:16.0765 0212 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 20:53:16.0765 0212 SkypeUpdate - ok 20:53:16.0781 0212 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 20:53:16.0796 0212 SLIP - ok 20:53:16.0812 0212 [ 9ACBC471D86ED01A6F6BF30394C8ACEF ] smbusp C:\WINDOWS\system32\DRIVERS\intelsmb.sys 20:53:16.0812 0212 smbusp - ok 20:53:16.0812 0212 Smcinst - ok 20:53:16.0875 0212 [ 244687A7F63848235B8B5CC493B6CAFF ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe 20:53:16.0906 0212 SmcService - ok 20:53:16.0953 0212 [ 6CD803703835CC3EA4E8D47B2517F1C1 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe 20:53:17.0000 0212 SNAC - ok 20:53:17.0000 0212 Sparrow - ok 20:53:17.0000 0212 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 20:53:17.0000 0212 splitter - ok 20:53:17.0031 0212 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 20:53:17.0031 0212 Spooler - ok 20:53:17.0062 0212 [ 9CAB0A38DEEBD30F3C8FE9D9826F43B1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe 20:53:17.0078 0212 SPTISRV - ok 20:53:17.0109 0212 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 20:53:17.0125 0212 sr - ok 20:53:17.0140 0212 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 20:53:17.0140 0212 srservice - ok 20:53:17.0187 0212 [ 818FF33E09C5EF86E721E1FC00154564 ] SRTSP C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSP.SYS 20:53:17.0203 0212 SRTSP - ok 20:53:17.0203 0212 [ 3C01529E8B986D9DC7489F7CE8BCAD91 ] SRTSPX C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSPX.SYS 20:53:17.0203 0212 SRTSPX - ok 20:53:17.0234 0212 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 20:53:17.0234 0212 Srv - ok 20:53:17.0281 0212 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 20:53:17.0281 0212 SSDPSRV - ok 20:53:17.0312 0212 [ 45B83808BF5C9968C3259A48898C7DD5 ] SSScsiSV C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe 20:53:17.0312 0212 SSScsiSV - ok 20:53:17.0343 0212 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys 20:53:17.0343 0212 StillCam - ok 20:53:17.0359 0212 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 20:53:17.0359 0212 stisvc - ok 20:53:17.0375 0212 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 20:53:17.0375 0212 streamip - ok 20:53:17.0375 0212 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 20:53:17.0390 0212 swenum - ok 20:53:17.0390 0212 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 20:53:17.0390 0212 swmidi - ok 20:53:17.0390 0212 SwPrv - ok 20:53:17.0406 0212 [ A0B824E49347B279ACB3903C04C78F75 ] SyDvCtrl C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SyDvCtrl32.sys 20:53:17.0406 0212 SyDvCtrl - ok 20:53:17.0406 0212 symc810 - ok 20:53:17.0406 0212 symc8xx - ok 20:53:17.0421 0212 [ 4F52D56310FEF75249914F352DDE7D13 ] SymDS C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMDS.SYS 20:53:17.0437 0212 SymDS - ok 20:53:17.0500 0212 [ 71B5577BADCF9C9420393395601BB995 ] SymEFA C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMEFA.SYS 20:53:17.0515 0212 SymEFA - ok 20:53:17.0546 0212 [ 98D28D08E68145FB550EE7670B43BAF2 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 20:53:17.0546 0212 SymEvent - ok 20:53:17.0546 0212 [ 7450A24AFBC9B0804D0A987204FFC0F8 ] SymIRON C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\Ironx86.SYS 20:53:17.0546 0212 SymIRON - ok 20:53:17.0562 0212 [ 2B574C93D074222D2BC8FF9A27567BFD ] SYMTDI C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMTDI.SYS 20:53:17.0578 0212 SYMTDI - ok 20:53:17.0578 0212 sym_hi - ok 20:53:17.0578 0212 sym_u3 - ok 20:53:17.0578 0212 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 20:53:17.0578 0212 sysaudio - ok 20:53:17.0609 0212 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 20:53:17.0609 0212 SysmonLog - ok 20:53:17.0640 0212 [ 65C165C4324D153429BF3BA9350F3084 ] SysPlant C:\WINDOWS\system32\Drivers\SysPlant.sys 20:53:17.0640 0212 SysPlant - ok 20:53:17.0671 0212 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 20:53:17.0671 0212 TapiSrv - ok 20:53:17.0703 0212 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:53:17.0703 0212 Tcpip - ok 20:53:17.0734 0212 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 20:53:17.0734 0212 TDPIPE - ok 20:53:17.0765 0212 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 20:53:17.0765 0212 TDTCP - ok 20:53:17.0781 0212 [ C6D87DCF289C5D641ACFD14989F44303 ] Teefer2 C:\WINDOWS\system32\DRIVERS\teefer.sys 20:53:17.0796 0212 Teefer2 - ok 20:53:17.0812 0212 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 20:53:17.0812 0212 TermDD - ok 20:53:17.0843 0212 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 20:53:17.0843 0212 TermService - ok 20:53:17.0859 0212 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 20:53:17.0859 0212 Themes - ok 20:53:17.0875 0212 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 20:53:17.0906 0212 TlntSvr - ok 20:53:17.0906 0212 TosIde - ok 20:53:17.0937 0212 [ 82FED3FEA9BCD77FC870A1E4C8B62870 ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys 20:53:17.0937 0212 TPM - ok 20:53:17.0953 0212 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 20:53:17.0953 0212 TrkWks - ok 20:53:17.0984 0212 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 20:53:18.0000 0212 Udfs - ok 20:53:18.0000 0212 ultra - ok 20:53:18.0062 0212 [ C82B4BF309113C4D71288F6D938DDA6E ] UNS C:\Program Files\Intel\AMT\UNS.exe 20:53:18.0125 0212 UNS - ok 20:53:18.0140 0212 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 20:53:18.0140 0212 Update - ok 20:53:18.0156 0212 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 20:53:18.0171 0212 upnphost - ok 20:53:18.0187 0212 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 20:53:18.0187 0212 UPS - ok 20:53:18.0203 0212 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 20:53:18.0203 0212 USBAAPL - ok 20:53:18.0234 0212 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 20:53:18.0234 0212 usbaudio - ok 20:53:18.0234 0212 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:53:18.0234 0212 usbccgp - ok 20:53:18.0265 0212 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:53:18.0265 0212 usbehci - ok 20:53:18.0281 0212 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:53:18.0281 0212 usbhub - ok 20:53:18.0296 0212 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 20:53:18.0296 0212 usbprint - ok 20:53:18.0328 0212 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:53:18.0328 0212 usbscan - ok 20:53:18.0359 0212 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:53:18.0359 0212 USBSTOR - ok 20:53:18.0390 0212 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20:53:18.0390 0212 usbuhci - ok 20:53:18.0406 0212 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 20:53:18.0406 0212 VgaSave - ok 20:53:18.0406 0212 ViaIde - ok 20:53:18.0421 0212 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 20:53:18.0421 0212 VolSnap - ok 20:53:18.0437 0212 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 20:53:18.0453 0212 VSS - ok 20:53:18.0484 0212 [ 13ACFED0E6ADCA97440169DFD127EBCF ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys 20:53:18.0515 0212 VX3000 - ok 20:53:18.0546 0212 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 20:53:18.0546 0212 W32Time - ok 20:53:18.0562 0212 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:53:18.0562 0212 Wanarp - ok 20:53:18.0562 0212 WDICA - ok 20:53:18.0578 0212 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 20:53:18.0578 0212 wdmaud - ok 20:53:18.0593 0212 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 20:53:18.0593 0212 WebClient - ok 20:53:18.0640 0212 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 20:53:18.0640 0212 winmgmt - ok 20:53:18.0687 0212 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll 20:53:18.0734 0212 WinRM - ok 20:53:18.0765 0212 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 20:53:18.0765 0212 WmdmPmSN - ok 20:53:18.0781 0212 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll 20:53:18.0796 0212 Wmi - ok 20:53:18.0828 0212 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:53:18.0859 0212 WmiApSrv - ok 20:53:18.0906 0212 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 20:53:18.0937 0212 WMPNetworkSvc - ok 20:53:19.0000 0212 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:53:19.0062 0212 WPFFontCache_v0400 - ok 20:53:19.0093 0212 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 20:53:19.0093 0212 WS2IFSL - ok 20:53:19.0125 0212 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 20:53:19.0140 0212 wscsvc - ok 20:53:19.0140 0212 WSearch - ok 20:53:19.0156 0212 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 20:53:19.0156 0212 WSTCODEC - ok 20:53:19.0187 0212 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 20:53:19.0187 0212 wuauserv - ok 20:53:19.0218 0212 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:53:19.0234 0212 WudfPf - ok 20:53:19.0265 0212 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:53:19.0281 0212 WudfRd - ok 20:53:19.0296 0212 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 20:53:19.0296 0212 WudfSvc - ok 20:53:19.0312 0212 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 20:53:19.0312 0212 WZCSVC - ok 20:53:19.0328 0212 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 20:53:19.0359 0212 xmlprov - ok 20:53:19.0359 0212 ================ Scan global =============================== 20:53:19.0375 0212 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 20:53:19.0406 0212 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 20:53:19.0406 0212 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 20:53:19.0421 0212 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 20:53:19.0421 0212 [Global] - ok 20:53:19.0421 0212 ================ Scan MBR ================================== 20:53:19.0437 0212 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 20:53:19.0578 0212 \Device\Harddisk0\DR0 - ok 20:53:19.0578 0212 ================ Scan VBR ================================== 20:53:19.0578 0212 [ 6FDEA6CD0005D3F40783FB6EE9F9AA0D ] \Device\Harddisk0\DR0\Partition1 20:53:19.0578 0212 \Device\Harddisk0\DR0\Partition1 - ok 20:53:19.0578 0212 ============================================================ 20:53:19.0578 0212 Scan finished 20:53:19.0578 0212 ============================================================ 20:53:19.0593 0172 Detected object count: 0 20:53:19.0593 0172 Actual detected object count: 0 20:54:38.0484 3500 Deinitialize success ESET Online Scanner reported no threats but then I still got the following report: Operating memory probably a variant of Win32/Ponmocup.AA trojan AdwCleaner kept reporting that there was a newer version but when I went to download it I kept getting the same version. I was able to run it, it also reported no infections but I hit Delete anyway. Here is the log file: # AdwCleaner v2.104 - Logfile created 01/07/2013 at 22:19:47 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Glenn - LEISURELINES # Boot Mode : Normal # Running from : C:\Documents and Settings\Glenn\Local Settings\Temporary Internet Files\Content.IE5\3Y2MUJH5\AdwCleaner[1].exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98} Key Deleted : HKLM\Software\AskBarDis Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\6lptv6sg.default\prefs.js [OK] File is clean. -\\ Opera v [unable to get version] File : C:\Documents and Settings\Glenn\Application Data\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [1696 octets] - [07/01/2013 22:08:54] AdwCleaner[R2].txt - [1756 octets] - [07/01/2013 22:18:53] AdwCleaner[s1].txt - [1701 octets] - [07/01/2013 22:19:47] ########## EOF - C:\AdwCleaner[s1].txt - [1761 octets] ########## Finally, ran your security check and here is the log: Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Disabled! Symantec Endpoint Protection Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 35 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` Unfortunately the end result is that I am still being redirected when I click on any search results in my browser. Before this cleanup I found that most often the URL would contain "livesearchnow" as part of the address but now it does not. I continue to appreciate your help!

Thank you, it worked this time. Here are the combofix and dds logs. Note: Combofix told me that my antivirus was still running but in safe mode it does not. I can't open Symantec in safe mode to disable and when checking services it indicates that it is stopped so I continued. ComboFix 13-01-05.01 - Glenn 06/01/2013 9:15.2.4 - x86 MINIMAL Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3311.3008 [GMT -5:00] Running from: c:\documents and settings\Glenn\desktop\sega.com Command switches used :: /killall AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe c:\windows\dasetup.log c:\windows\system32\Thumbs.db c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))) . . 2013-01-06 14:09 . 2013-01-06 14:09 -------- d--h--w- c:\windows\PIF 2012-12-26 21:43 . 2012-12-26 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-26 21:31 . 2012-12-26 21:31 -------- d-----w- c:\program files\iPod 2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2012-12-26 21:26 . 2012-12-26 21:27 -------- d-----w- c:\program files\QuickTime 2012-12-12 03:07 . 2012-12-12 03:07 -------- d-----w- c:\documents and settings\Glenn\Application Data\Malwarebytes 2012-12-12 03:07 . 2012-12-12 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-12-12 03:07 . 2012-12-28 02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-12 03:07 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-11 23:38 . 2012-08-21 18:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-12-11 23:38 . 2012-12-26 21:43 -------- d-----w- c:\program files\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 12:44 . 2012-07-27 16:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 12:44 . 2012-01-30 19:50 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-16 15:15 . 2012-12-08 03:25 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2010-09-16 15:16 . 2012-12-08 03:25 185240 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2010-09-16 15:16 . 2012-12-08 03:25 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll 2010-09-16 15:16 . 2012-12-08 03:25 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2012-12-08 03:25 . 2012-12-08 03:25 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 142104] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 138008] "RTHDCPL"="RTHDCPL.EXE" [2007-09-07 16377344] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-09-07 401408] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-27 198160] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-25 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-10-28 113664] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-12-9 106560] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\snac.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "2941:TCP"= 2941:TCP:Windows Core Service . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [16/07/2011 7:48 PM 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [27/08/2011 7:48 PM 758904] S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121130.011\BHDrvx86.sys [03/12/2012 12:15 PM 995488] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [13/09/2011 7:46 PM 137336] S2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [20/09/2011 11:58 PM 137224] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09/11/2012 11:21 AM 160944] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [02/12/2008 11:59 PM 2514944] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/08/2012 3:34 AM 106656] S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130104.001\IDSXpx86.sys [04/01/2013 9:30 PM 373728] S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?] S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SyDvCtrl32.sys [30/10/2011 8:57 PM 23984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contents of the 'Scheduled Tasks' folder . 2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 12:44] . 2013-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2013-01-05 c:\windows\Tasks\At1.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07] . 2013-01-06 c:\windows\Tasks\At2.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07] . 2013-01-06 c:\windows\Tasks\At3.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07] . 2013-01-05 c:\windows\Tasks\At4.job - c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-16 20:18] . 2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-16 20:18] . 2010-12-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35] . 2013-01-03 c:\windows\Tasks\QYCAO.job - c:\windows\system32\dpmodemx2.dll [2012-12-02 15:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://rogers.my.yahoo.com/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 64.71.255.198 FF - ProfilePath - c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\6lptv6sg.default\ FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE AddRemove-Microsoft .NET Framework 3.5 SP1 - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-06 09:28 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService] "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService] "ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1700) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2013-01-06 09:32:56 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-06 14:32 . Pre-Run: 183,362,318,336 bytes free Post-Run: 185,172,619,264 bytes free . - - End Of File - - CC6A091E45EA541A3A180C0FDAF97211 DDS.txt DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35 Run by Glenn at 9:35:42 on 2013-01-06 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3311.3015 [GMT -5:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . uStart Page = hxxp://rogers.my.yahoo.com/ BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ips\IPSBHO.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [atchk] "c:\program files\intel\amt\atchk.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [VX3000] c:\windows\vVX3000.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342738640505 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342738635036 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 64.71.255.198 TCP: Interfaces\{CB847959-F485-4783-916F-5139FF757E7C} : DHCPNameServer = 64.71.255.198 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\glenn\application data\mozilla\firefox\profiles\6lptv6sg.default\ FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/ FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymDS.sys [2011-7-16 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymEFA.sys [2011-8-27 758904] S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\bashdefs\20121130.011\BHDrvx86.sys [2012-12-3 995488] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\Ironx86.sys [2011-9-13 137336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ccSvcHst.exe [2011-9-20 137224] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944] S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-12-2 2514944] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656] S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\ipsdefs\20130104.001\IDSXpx86.sys [2013-1-4 373728] S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20130105.017\NAVENG.SYS [2013-1-5 92704] S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20130105.017\NAVEX15.SYS [2013-1-5 1601184] S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?] S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\SyDvCtrl32.sys [2011-10-30 23984] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-01-06 14:09:17 -------- d--h--w- c:\windows\PIF 2013-01-03 01:16:08 -------- d-sha-r- C:\cmdcons 2013-01-03 01:14:12 98816 ----a-w- c:\windows\sed.exe 2013-01-03 01:14:12 256000 ----a-w- c:\windows\PEV.exe 2013-01-03 01:14:12 208896 ----a-w- c:\windows\MBR.exe 2012-12-26 21:43:55 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-26 21:31:25 -------- d-----w- c:\program files\iPod 2012-12-12 03:07:36 -------- d-----w- c:\documents and settings\glenn\application data\Malwarebytes 2012-12-12 03:07:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-12-12 03:07:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 03:07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-11 23:38:51 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-12-11 23:38:19 -------- d-----w- c:\program files\iTunes . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 12:44:08 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 12:44:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-02 15:57:25 114688 --sha-r- c:\windows\system32\dpmodemx2.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts . ============= FINISH: 9:36:41.18 =============== Thanks again

The ComboFix prgram ran as expected but I did not get notification that a file was saved for me and the file did not open on the screen automatically in the end. Not sure if related or not but after the computer rebooted there was a Windows error message asking if I wanted to send details to Microsoft which I declined. I took a look in c:\ for combofix.txt but only found c:\Combofix folder which is simply a look at everything stored on the c drive, it is not a file. Not sure if I should run ComboFix again so I just ran the DDS program again for now. Here is the log: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35 Run by Glenn at 20:30:39 on 2013-01-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3311.2575 [GMT -5:00] . AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\AMT\LMS.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Intel\AMT\UNS.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://rogers.my.yahoo.com/ BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ips\IPSBHO.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [atchk] "c:\program files\intel\amt\atchk.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [VX3000] c:\windows\vVX3000.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:323 uPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveTypeAutoRun = dword:323 mPolicies-Explorer: NoDriveAutoRun = dword:67108863 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342738640505 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342738635036 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 64.71.255.198 TCP: Interfaces\{CB847959-F485-4783-916F-5139FF757E7C} : DHCPNameServer = 64.71.255.198 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\WinLogoutNotifier.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\glenn\application data\mozilla\firefox\profiles\6lptv6sg.default\ FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/ FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymDS.sys [2011-7-16 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymEFA.sys [2011-8-27 758904] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\bashdefs\20121130.011\BHDrvx86.sys [2012-12-3 995488] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\Ironx86.sys [2011-9-13 137336] R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ccSvcHst.exe [2011-9-20 137224] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-12-2 2514944] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\ipsdefs\20130101.001\IDSXpx86.sys [2013-1-1 373728] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20130102.004\NAVENG.SYS [2013-1-2 92704] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20130102.004\NAVEX15.SYS [2013-1-2 1601184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944] S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?] S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\SyDvCtrl32.sys [2011-10-30 23984] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-01-03 01:16:08 -------- d-sha-r- C:\cmdcons 2013-01-03 01:14:12 98816 ----a-w- c:\windows\sed.exe 2013-01-03 01:14:12 256000 ----a-w- c:\windows\PEV.exe 2013-01-03 01:14:12 208896 ----a-w- c:\windows\MBR.exe 2013-01-03 01:14:00 -------- d-s---w- C:\ComboFix 2012-12-26 21:43:55 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-26 21:31:25 -------- d-----w- c:\program files\iPod 2012-12-12 03:07:36 -------- d-----w- c:\documents and settings\glenn\application data\Malwarebytes 2012-12-12 03:07:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-12-12 03:07:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 03:07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-11 23:38:51 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-12-11 23:38:19 -------- d-----w- c:\program files\iTunes . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 12:44:08 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 12:44:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-02 15:57:25 114688 --sha-r- c:\windows\system32\dpmodemx2.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts . ============= FINISH: 20:31:26.34 ===============

Thank you very much for your quick response. i have rerun Malwarebytes and DDS. Here is the MBAM log: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.28.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Glenn :: LEISURELINES [administrator] 27/12/2012 9:20:23 PM mbam-log-2012-12-27 (21-20-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234919 Time elapsed: 6 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is dds.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35 Run by Glenn at 21:30:27 on 2012-12-27 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3311.2503 [GMT -5:00] . AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Endpoint Protection *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Intel\AMT\UNS.exe C:\Program Files\Intel\AMT\atchk.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://rogers.my.yahoo.com/ BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ips\IPSBHO.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [atchk] "c:\program files\intel\amt\atchk.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [VX3000] c:\windows\vVX3000.exe mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342738640505 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342738635036 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 64.71.255.198 TCP: Interfaces\{CB847959-F485-4783-916F-5139FF757E7C} : DHCPNameServer = 64.71.255.198 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\WinLogoutNotifier.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\glenn\application data\mozilla\firefox\profiles\6lptv6sg.default\ FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/ FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymDS.sys [2011-7-16 340088] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymEFA.sys [2011-8-27 758904] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\bashdefs\20121130.011\BHDrvx86.sys [2012-12-3 995488] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\Ironx86.sys [2011-9-13 137336] R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ccSvcHst.exe [2011-9-20 137224] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-12-2 2514944] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\ipsdefs\20121226.001\IDSXpx86.sys [2012-12-26 373728] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20121227.003\NAVENG.SYS [2012-12-27 92704] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20121227.003\NAVEX15.SYS [2012-12-27 1601184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944] S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?] S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\SyDvCtrl32.sys [2011-10-30 23984] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-12-28 02:16:18 710504 ----a-w- c:\windows\isRS-000.tmp 2012-12-26 21:43:55 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-26 21:31:25 -------- d-----w- c:\program files\iPod 2012-12-12 03:07:36 -------- d-----w- c:\documents and settings\glenn\application data\Malwarebytes 2012-12-12 03:07:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-12-12 03:07:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 03:07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-11 23:38:51 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-12-11 23:38:19 -------- d-----w- c:\program files\iTunes 2012-12-02 15:57:25 114688 --sha-r- c:\windows\system32\dpmodemx2.dll 2012-11-30 22:22:30 -------- d-----r- c:\program files\Skype . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 12:44:08 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 12:44:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll . ============= FINISH: 21:31:07.54 ===============

Looks like we have a redirect virus but scans are not detecting it. We use Windows XP and when we search using Google, Bing or Livesearch in IE and sometimes Firefox we are directed to other sites. If we type in the URL we are ok. When posting an ad to Kijiji they deleted the ad because our IP address was compromised. Both Malwarebytes and Symantec Endpoint do not detect a problem. Hope you can help. I have attached the dds.txt and attach.txt files. Thanks Mona attach.txt dds.txt