Redirect Virus Affecting IE and Firefox - All search engines

[llines]

Looks like we have a redirect virus but scans are not detecting it. We use Windows XP and when we search using Google, Bing or Livesearch in IE and sometimes Firefox we are directed to other sites. If we type in the URL we are ok. When posting an ad to Kijiji they deleted the ad because our IP address was compromised. Both Malwarebytes and Symantec Endpoint do not detect a problem.

Hope you can help. I have attached the dds.txt and attach.txt files.

Thanks

Mona

attach.txt

dds.txt

[screen317]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

[llines]

Thank you very much for your quick response. i have rerun Malwarebytes and DDS.

Here is the MBAM log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.28.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Glenn :: LEISURELINES [administrator]

27/12/2012 9:20:23 PM

mbam-log-2012-12-27 (21-20-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 234919

Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Here is dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35

Run by Glenn at 21:30:27 on 2012-12-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3311.2503 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\AMT\UNS.exe

C:\Program Files\Intel\AMT\atchk.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://rogers.my.yahoo.com/

BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ips\IPSBHO.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [atchk] "c:\program files\intel\amt\atchk.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342738640505

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342738635036

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 64.71.255.198

TCP: Interfaces\{CB847959-F485-4783-916F-5139FF757E7C} : DHCPNameServer = 64.71.255.198

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\WinLogoutNotifier.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\glenn\application data\mozilla\firefox\profiles\6lptv6sg.default\

FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: c:\windows\system32\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymDS.sys [2011-7-16 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymEFA.sys [2011-8-27 758904]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\bashdefs\20121130.011\BHDrvx86.sys [2012-12-3 995488]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\Ironx86.sys [2011-9-13 137336]

R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ccSvcHst.exe [2011-9-20 137224]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-12-2 2514944]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\ipsdefs\20121226.001\IDSXpx86.sys [2012-12-26 373728]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20121227.003\NAVENG.SYS [2012-12-27 92704]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20121227.003\NAVEX15.SYS [2012-12-27 1601184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]

S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\SyDvCtrl32.sys [2011-10-30 23984]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-12-28 02:16:18 710504 ----a-w- c:\windows\isRS-000.tmp

2012-12-26 21:43:55 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-26 21:31:25 -------- d-----w- c:\program files\iPod

2012-12-12 03:07:36 -------- d-----w- c:\documents and settings\glenn\application data\Malwarebytes

2012-12-12 03:07:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-12-12 03:07:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 03:07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-11 23:38:51 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-11 23:38:19 -------- d-----w- c:\program files\iTunes

2012-12-02 15:57:25 114688 --sha-r- c:\windows\system32\dpmodemx2.dll

2012-11-30 22:22:30 -------- d-----r- c:\program files\Skype

.

==================== Find3M ====================

.

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 12:44:08 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 12:44:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

.

============= FINISH: 21:31:07.54 ===============

[screen317]

Hi,

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

[llines]

The ComboFix prgram ran as expected but I did not get notification that a file was saved for me and the file did not open on the screen automatically in the end. Not sure if related or not but after the computer rebooted there was a Windows error message asking if I wanted to send details to Microsoft which I declined. I took a look in c:\ for combofix.txt but only found c:\Combofix folder which is simply a look at everything stored on the c drive, it is not a file. Not sure if I should run ComboFix again so I just ran the DDS program again for now. Here is the log:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35

Run by Glenn at 20:30:39 on 2013-01-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3311.2575 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

C:\Program Files\Intel\AMT\atchk.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\WINDOWS\vVX3000.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://rogers.my.yahoo.com/

BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ips\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [atchk] "c:\program files\intel\amt\atchk.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342738640505

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342738635036

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 64.71.255.198

TCP: Interfaces\{CB847959-F485-4783-916F-5139FF757E7C} : DHCPNameServer = 64.71.255.198

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\WinLogoutNotifier.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\glenn\application data\mozilla\firefox\profiles\6lptv6sg.default\

FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: c:\windows\system32\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymDS.sys [2011-7-16 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymEFA.sys [2011-8-27 758904]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\bashdefs\20121130.011\BHDrvx86.sys [2012-12-3 995488]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\Ironx86.sys [2011-9-13 137336]

R2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ccSvcHst.exe [2011-9-20 137224]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-12-2 2514944]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\ipsdefs\20130101.001\IDSXpx86.sys [2013-1-1 373728]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20130102.004\NAVENG.SYS [2013-1-2 92704]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20130102.004\NAVEX15.SYS [2013-1-2 1601184]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-26 256000]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]

S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\SyDvCtrl32.sys [2011-10-30 23984]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-01-03 01:16:08 -------- d-sha-r- C:\cmdcons

2013-01-03 01:14:12 98816 ----a-w- c:\windows\sed.exe

2013-01-03 01:14:12 256000 ----a-w- c:\windows\PEV.exe

2013-01-03 01:14:12 208896 ----a-w- c:\windows\MBR.exe

2013-01-03 01:14:00 -------- d-s---w- C:\ComboFix

2012-12-26 21:43:55 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-26 21:31:25 -------- d-----w- c:\program files\iPod

2012-12-12 03:07:36 -------- d-----w- c:\documents and settings\glenn\application data\Malwarebytes

2012-12-12 03:07:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-12-12 03:07:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 03:07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-11 23:38:51 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-11 23:38:19 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 12:44:08 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 12:44:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-02 15:57:25 114688 --sha-r- c:\windows\system32\dpmodemx2.dll

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 20:31:26.34 ===============

[screen317]

Hi,

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet. Before you download it, rename it to sega.com (ensure that the Save As type is "All Files").

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall

See if it will run successfully now. Stop it after half an hour of no activity.

[llines]

Thank you, it worked this time. Here are the combofix and dds logs. Note: Combofix told me that my antivirus was still running but in safe mode it does not. I can't open Symantec in safe mode to disable and when checking services it indicates that it is stopped so I continued.

ComboFix 13-01-05.01 - Glenn 06/01/2013 9:15.2.4 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3311.3008 [GMT -5:00]

Running from: c:\documents and settings\Glenn\desktop\sega.com

Command switches used :: /killall

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

c:\windows\dasetup.log

c:\windows\system32\Thumbs.db

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))

.

.

2013-01-06 14:09 . 2013-01-06 14:09 -------- d--h--w- c:\windows\PIF

2012-12-26 21:43 . 2012-12-26 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-26 21:31 . 2012-12-26 21:31 -------- d-----w- c:\program files\iPod

2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2012-12-26 21:27 . 2012-12-26 21:27 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2012-12-26 21:26 . 2012-12-26 21:27 -------- d-----w- c:\program files\QuickTime

2012-12-12 03:07 . 2012-12-12 03:07 -------- d-----w- c:\documents and settings\Glenn\Application Data\Malwarebytes

2012-12-12 03:07 . 2012-12-12 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-12-12 03:07 . 2012-12-28 02:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-12 03:07 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-11 23:38 . 2012-08-21 18:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-11 23:38 . 2012-12-26 21:43 -------- d-----w- c:\program files\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 12:44 . 2012-07-27 16:16 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 12:44 . 2012-01-30 19:50 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-16 15:15 . 2012-12-08 03:25 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2010-09-16 15:16 . 2012-12-08 03:25 185240 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2010-09-16 15:16 . 2012-12-08 03:25 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll

2010-09-16 15:16 . 2012-12-08 03:25 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-12-08 03:25 . 2012-12-08 03:25 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 138008]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-07 16377344]

"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-09-07 401408]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-27 198160]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-25 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-10-28 113664]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-12-9 106560]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\snac.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"2941:TCP"= 2941:TCP:Windows Core Service

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [16/07/2011 7:48 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [27/08/2011 7:48 PM 758904]

S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121130.011\BHDrvx86.sys [03/12/2012 12:15 PM 995488]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [13/09/2011 7:46 PM 137336]

S2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [20/09/2011 11:58 PM 137224]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09/11/2012 11:21 AM 160944]

S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [02/12/2008 11:59 PM 2514944]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/08/2012 3:34 AM 106656]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130104.001\IDSXpx86.sys [04/01/2013 9:30 PM 373728]

S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]

S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SyDvCtrl32.sys [30/10/2011 8:57 PM 23984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 12:44]

.

2013-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2013-01-05 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2013-01-06 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2013-01-06 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2013-01-05 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-16 20:18]

.

2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-16 20:18]

.

2010-12-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35]

.

2013-01-03 c:\windows\Tasks\QYCAO.job

- c:\windows\system32\dpmodemx2.dll [2012-12-02 15:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://rogers.my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 64.71.255.198

FF - ProfilePath - c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\6lptv6sg.default\

FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll

AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE

AddRemove-Microsoft .NET Framework 3.5 SP1 - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-06 09:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]

"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]

"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1700)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2013-01-06 09:32:56 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-06 14:32

.

Pre-Run: 183,362,318,336 bytes free

Post-Run: 185,172,619,264 bytes free

.

- - End Of File - - CC6A091E45EA541A3A180C0FDAF97211

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35

Run by Glenn at 9:35:42 on 2013-01-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3311.3015 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://rogers.my.yahoo.com/

BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} -

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ips\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [atchk] "c:\program files\intel\amt\atchk.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

mRun: [VX3000] c:\windows\vVX3000.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342738640505

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342738635036

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 64.71.255.198

TCP: Interfaces\{CB847959-F485-4783-916F-5139FF757E7C} : DHCPNameServer = 64.71.255.198

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\glenn\application data\mozilla\firefox\profiles\6lptv6sg.default\

FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: c:\windows\system32\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymDS.sys [2011-7-16 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymEFA.sys [2011-8-27 758904]

S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\bashdefs\20121130.011\BHDrvx86.sys [2012-12-3 995488]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\Ironx86.sys [2011-9-13 137336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SepMasterService;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ccSvcHst.exe [2011-9-20 137224]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-12-2 2514944]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-11 106656]

S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\ipsdefs\20130104.001\IDSXpx86.sys [2013-1-4 373728]

S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20130105.017\NAVENG.SYS [2013-1-5 92704]

S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\virusdefs\20130105.017\NAVEX15.SYS [2013-1-5 1601184]

S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]

S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\SyDvCtrl32.sys [2011-10-30 23984]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2013-01-06 14:09:17 -------- d--h--w- c:\windows\PIF

2013-01-03 01:16:08 -------- d-sha-r- C:\cmdcons

2013-01-03 01:14:12 98816 ----a-w- c:\windows\sed.exe

2013-01-03 01:14:12 256000 ----a-w- c:\windows\PEV.exe

2013-01-03 01:14:12 208896 ----a-w- c:\windows\MBR.exe

2012-12-26 21:43:55 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-26 21:31:25 -------- d-----w- c:\program files\iPod

2012-12-12 03:07:36 -------- d-----w- c:\documents and settings\glenn\application data\Malwarebytes

2012-12-12 03:07:05 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-12-12 03:07:04 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-12 03:07:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-12-11 23:38:51 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-11 23:38:19 -------- d-----w- c:\program files\iTunes

.

==================== Find3M ====================

.

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 12:44:08 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-12 12:44:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-02 15:57:25 114688 --sha-r- c:\windows\system32\dpmodemx2.dll

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 9:36:41.18 ===============

Thanks again

[screen317]

Hi,

Looking better.

Run TFC by OldTimer to clear temporary files:

• Please download TFC from here and save it to your desktop.
  
• Close any open programs and Internet browsers.
  
• Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  
• Please be patient as clearing out temp files may take a while.
  
• Once it completes you may be prompted to restart your computer, please do so.
  
• Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.
  

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Export the threats found (if any), and post them here.
   

Next, please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  
• Click on Search.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the content of that logfile in your reply.
  
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

-screen317

[llines]

I have followed each of the steps as instructed. Here are the logs and any notes of interest:

TDSKiller reported no infection. Here is the log:

20:52:51.0031 2772 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

20:52:51.0421 2772 ============================================================

20:52:51.0421 2772 Current date / time: 2013/01/07 20:52:51.0421

20:52:51.0421 2772 SystemInfo:

20:52:51.0421 2772

20:52:51.0421 2772 OS Version: 5.1.2600 ServicePack: 3.0

20:52:51.0421 2772 Product type: Workstation

20:52:51.0421 2772 ComputerName: LEISURELINES

20:52:51.0421 2772 UserName: Glenn

20:52:51.0421 2772 Windows directory: C:\WINDOWS

20:52:51.0421 2772 System windows directory: C:\WINDOWS

20:52:51.0421 2772 Processor architecture: Intel x86

20:52:51.0421 2772 Number of processors: 4

20:52:51.0421 2772 Page size: 0x1000

20:52:51.0421 2772 Boot type: Normal boot

20:52:51.0421 2772 ============================================================

20:52:52.0593 2772 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

20:52:52.0593 2772 ============================================================

20:52:52.0593 2772 \Device\Harddisk0\DR0:

20:52:52.0593 2772 MBR partitions:

20:52:52.0593 2772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681

20:52:52.0593 2772 ============================================================

20:52:52.0609 2772 C: <-> \Device\Harddisk0\DR0\Partition1

20:52:52.0609 2772 ============================================================

20:52:52.0609 2772 Initialize success

20:52:52.0609 2772 ============================================================

20:53:09.0421 0212 ============================================================

20:53:09.0421 0212 Scan started

20:53:09.0421 0212 Mode: Manual;

20:53:09.0421 0212 ============================================================

20:53:09.0781 0212 ================ Scan system memory ========================

20:53:10.0796 0212 System memory - ok

20:53:10.0796 0212 ================ Scan services =============================

20:53:10.0875 0212 Abiosdsk - ok

20:53:10.0875 0212 abp480n5 - ok

20:53:10.0890 0212 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

20:53:10.0890 0212 ACPI - ok

20:53:10.0906 0212 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

20:53:10.0921 0212 ACPIEC - ok

20:53:10.0968 0212 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

20:53:11.0015 0212 AdobeFlashPlayerUpdateSvc - ok

20:53:11.0015 0212 adpu160m - ok

20:53:11.0031 0212 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

20:53:11.0046 0212 aec - ok

20:53:11.0062 0212 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

20:53:11.0062 0212 AFD - ok

20:53:11.0062 0212 Aha154x - ok

20:53:11.0062 0212 aic78u2 - ok

20:53:11.0078 0212 aic78xx - ok

20:53:11.0093 0212 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

20:53:11.0093 0212 Alerter - ok

20:53:11.0140 0212 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

20:53:11.0140 0212 ALG - ok

20:53:11.0140 0212 AliIde - ok

20:53:11.0140 0212 amsint - ok

20:53:11.0203 0212 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:53:11.0203 0212 Apple Mobile Device - ok

20:53:11.0203 0212 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

20:53:11.0218 0212 AppMgmt - ok

20:53:11.0234 0212 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys

20:53:11.0234 0212 Arp1394 - ok

20:53:11.0234 0212 asc - ok

20:53:11.0234 0212 asc3350p - ok

20:53:11.0234 0212 asc3550 - ok

20:53:11.0296 0212 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

20:53:11.0359 0212 aspnet_state - ok

20:53:11.0390 0212 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

20:53:11.0390 0212 AsyncMac - ok

20:53:11.0406 0212 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

20:53:11.0406 0212 atapi - ok

20:53:11.0437 0212 [ F98C190E0596B75158592EAC55FC2466 ] atchksrv C:\Program Files\Intel\AMT\atchksrv.exe

20:53:11.0437 0212 atchksrv - ok

20:53:11.0437 0212 Atdisk - ok

20:53:11.0453 0212 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

20:53:11.0453 0212 Atmarpc - ok

20:53:11.0484 0212 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

20:53:11.0484 0212 AudioSrv - ok

20:53:11.0500 0212 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

20:53:11.0500 0212 audstub - ok

20:53:11.0531 0212 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

20:53:11.0531 0212 Beep - ok

20:53:11.0609 0212 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20121130.011\BHDrvx86.sys

20:53:11.0625 0212 BHDrvx86 - ok

20:53:11.0640 0212 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

20:53:11.0671 0212 BITS - ok

20:53:11.0718 0212 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

20:53:11.0734 0212 Bonjour Service - ok

20:53:11.0750 0212 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

20:53:11.0750 0212 Browser - ok

20:53:11.0750 0212 catchme - ok

20:53:11.0781 0212 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

20:53:11.0781 0212 cbidf2k - ok

20:53:11.0812 0212 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

20:53:11.0812 0212 CCDECODE - ok

20:53:11.0828 0212 cd20xrnt - ok

20:53:11.0843 0212 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

20:53:11.0843 0212 Cdaudio - ok

20:53:11.0843 0212 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

20:53:11.0843 0212 Cdfs - ok

20:53:11.0875 0212 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

20:53:11.0875 0212 Cdrom - ok

20:53:11.0875 0212 Changer - ok

20:53:11.0890 0212 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

20:53:11.0906 0212 CiSvc - ok

20:53:11.0921 0212 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

20:53:11.0921 0212 ClipSrv - ok

20:53:11.0984 0212 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:53:12.0046 0212 clr_optimization_v2.0.50727_32 - ok

20:53:12.0078 0212 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:53:12.0125 0212 clr_optimization_v4.0.30319_32 - ok

20:53:12.0140 0212 CmdIde - ok

20:53:12.0140 0212 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

20:53:12.0156 0212 Compbatt - ok

20:53:12.0156 0212 COMSysApp - ok

20:53:12.0156 0212 Cpqarray - ok

20:53:12.0187 0212 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

20:53:12.0187 0212 CryptSvc - ok

20:53:12.0187 0212 dac2w2k - ok

20:53:12.0187 0212 dac960nt - ok

20:53:12.0218 0212 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

20:53:12.0218 0212 DcomLaunch - ok

20:53:12.0234 0212 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

20:53:12.0250 0212 Dhcp - ok

20:53:12.0250 0212 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

20:53:12.0265 0212 Disk - ok

20:53:12.0265 0212 dmadmin - ok

20:53:12.0296 0212 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

20:53:12.0312 0212 dmboot - ok

20:53:12.0312 0212 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

20:53:12.0312 0212 dmio - ok

20:53:12.0328 0212 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

20:53:12.0328 0212 dmload - ok

20:53:12.0343 0212 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

20:53:12.0343 0212 dmserver - ok

20:53:12.0359 0212 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

20:53:12.0359 0212 DMusic - ok

20:53:12.0375 0212 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

20:53:12.0375 0212 Dnscache - ok

20:53:12.0390 0212 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

20:53:12.0390 0212 Dot3svc - ok

20:53:12.0390 0212 dpti2o - ok

20:53:12.0406 0212 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

20:53:12.0406 0212 drmkaud - ok

20:53:12.0437 0212 [ 34AAA3B298A852B3663E6E0D94D12945 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys

20:53:12.0437 0212 e1express - ok

20:53:12.0453 0212 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

20:53:12.0453 0212 EapHost - ok

20:53:12.0500 0212 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

20:53:12.0500 0212 eeCtrl - ok

20:53:12.0515 0212 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

20:53:12.0515 0212 EraserUtilRebootDrv - ok

20:53:12.0531 0212 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

20:53:12.0531 0212 ERSvc - ok

20:53:12.0546 0212 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

20:53:12.0546 0212 Eventlog - ok

20:53:12.0578 0212 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

20:53:12.0578 0212 EventSystem - ok

20:53:12.0593 0212 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

20:53:12.0593 0212 Fastfat - ok

20:53:12.0625 0212 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

20:53:12.0640 0212 FastUserSwitchingCompatibility - ok

20:53:12.0656 0212 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

20:53:12.0656 0212 Fdc - ok

20:53:12.0671 0212 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

20:53:12.0671 0212 Fips - ok

20:53:12.0703 0212 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

20:53:12.0734 0212 FLEXnet Licensing Service - ok

20:53:12.0734 0212 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

20:53:12.0750 0212 Flpydisk - ok

20:53:12.0765 0212 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys

20:53:12.0765 0212 FltMgr - ok

20:53:12.0828 0212 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

20:53:12.0890 0212 FontCache3.0.0.0 - ok

20:53:12.0921 0212 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

20:53:12.0921 0212 Fs_Rec - ok

20:53:12.0968 0212 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

20:53:12.0984 0212 Ftdisk - ok

20:53:13.0031 0212 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

20:53:13.0046 0212 GEARAspiWDM - ok

20:53:13.0062 0212 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

20:53:13.0062 0212 Gpc - ok

20:53:13.0078 0212 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

20:53:13.0093 0212 gupdate - ok

20:53:13.0093 0212 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

20:53:13.0093 0212 gupdatem - ok

20:53:13.0093 0212 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

20:53:13.0093 0212 HDAudBus - ok

20:53:13.0109 0212 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys

20:53:13.0109 0212 HECI - ok

20:53:13.0140 0212 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

20:53:13.0140 0212 helpsvc - ok

20:53:13.0156 0212 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys

20:53:13.0156 0212 HidBatt - ok

20:53:13.0187 0212 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

20:53:13.0187 0212 HidServ - ok

20:53:13.0187 0212 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

20:53:13.0187 0212 hidusb - ok

20:53:13.0218 0212 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

20:53:13.0218 0212 hkmsvc - ok

20:53:13.0218 0212 hpn - ok

20:53:13.0265 0212 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

20:53:13.0265 0212 HTTP - ok

20:53:13.0312 0212 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

20:53:13.0312 0212 HTTPFilter - ok

20:53:13.0312 0212 i2omgmt - ok

20:53:13.0312 0212 i2omp - ok

20:53:13.0328 0212 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys

20:53:13.0328 0212 i8042prt - ok

20:53:13.0421 0212 [ 12C7F8D581C4A9F126F5F8F5683A1C29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

20:53:13.0515 0212 ialm - ok

20:53:13.0562 0212 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

20:53:13.0562 0212 IDriverT - ok

20:53:13.0625 0212 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

20:53:13.0671 0212 idsvc - ok

20:53:13.0734 0212 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130104.001\IDSxpx86.sys

20:53:13.0734 0212 IDSxpx86 - ok

20:53:13.0734 0212 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

20:53:13.0734 0212 Imapi - ok

20:53:13.0765 0212 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

20:53:13.0765 0212 ImapiService - ok

20:53:13.0765 0212 ini910u - ok

20:53:13.0843 0212 [ 9F6320E7B0C43E4E5693E1515BA5595C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

20:53:13.0859 0212 IntcAzAudAddService - ok

20:53:13.0875 0212 IntelIde - ok

20:53:13.0890 0212 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

20:53:13.0906 0212 intelppm - ok

20:53:13.0921 0212 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

20:53:13.0921 0212 Ip6Fw - ok

20:53:13.0953 0212 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

20:53:13.0953 0212 IpFilterDriver - ok

20:53:13.0968 0212 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

20:53:13.0968 0212 IpInIp - ok

20:53:13.0984 0212 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

20:53:13.0984 0212 IpNat - ok

20:53:14.0015 0212 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

20:53:14.0015 0212 iPod Service - ok

20:53:14.0046 0212 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

20:53:14.0046 0212 IPSec - ok

20:53:14.0078 0212 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

20:53:14.0093 0212 IRENUM - ok

20:53:14.0093 0212 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

20:53:14.0093 0212 isapnp - ok

20:53:14.0125 0212 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

20:53:14.0125 0212 JavaQuickStarterService - ok

20:53:14.0140 0212 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

20:53:14.0140 0212 Kbdclass - ok

20:53:14.0156 0212 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

20:53:14.0156 0212 kbdhid - ok

20:53:14.0156 0212 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

20:53:14.0156 0212 kmixer - ok

20:53:14.0171 0212 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

20:53:14.0171 0212 KSecDD - ok

20:53:14.0187 0212 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll

20:53:14.0187 0212 LanmanServer - ok

20:53:14.0218 0212 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

20:53:14.0218 0212 lanmanworkstation - ok

20:53:14.0234 0212 lbrtfdc - ok

20:53:14.0250 0212 LiveUpdate - ok

20:53:14.0281 0212 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

20:53:14.0281 0212 LmHosts - ok

20:53:14.0296 0212 [ 37D3C351995F2BEC0C6C35E73F8F11AF ] LMS C:\Program Files\Intel\AMT\LMS.exe

20:53:14.0296 0212 LMS - ok

20:53:14.0328 0212 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

20:53:14.0328 0212 Messenger - ok

20:53:14.0343 0212 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

20:53:14.0343 0212 mnmdd - ok

20:53:14.0375 0212 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

20:53:14.0390 0212 mnmsrvc - ok

20:53:14.0406 0212 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

20:53:14.0421 0212 Modem - ok

20:53:14.0437 0212 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

20:53:14.0453 0212 Mouclass - ok

20:53:14.0468 0212 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

20:53:14.0468 0212 mouhid - ok

20:53:14.0468 0212 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

20:53:14.0468 0212 MountMgr - ok

20:53:14.0500 0212 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

20:53:14.0500 0212 MozillaMaintenance - ok

20:53:14.0515 0212 mraid35x - ok

20:53:14.0531 0212 [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

20:53:14.0531 0212 MRxDAV - ok

20:53:14.0546 0212 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

20:53:14.0562 0212 MRxSmb - ok

20:53:14.0640 0212 [ 7419D631C390C558A5A87484567BABD5 ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

20:53:14.0656 0212 MSCSPTISRV - ok

20:53:14.0687 0212 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

20:53:14.0703 0212 MSDTC - ok

20:53:14.0718 0212 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

20:53:14.0718 0212 Msfs - ok

20:53:14.0718 0212 MSIServer - ok

20:53:14.0750 0212 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

20:53:14.0750 0212 MSKSSRV - ok

20:53:14.0765 0212 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

20:53:14.0765 0212 MSPCLOCK - ok

20:53:14.0765 0212 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

20:53:14.0781 0212 MSPQM - ok

20:53:14.0796 0212 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

20:53:14.0796 0212 mssmbios - ok

20:53:14.0828 0212 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

20:53:14.0828 0212 MSTEE - ok

20:53:14.0843 0212 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

20:53:14.0843 0212 Mup - ok

20:53:14.0859 0212 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

20:53:14.0859 0212 NABTSFEC - ok

20:53:14.0890 0212 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

20:53:14.0890 0212 napagent - ok

20:53:14.0953 0212 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130106.009\NAVENG.SYS

20:53:14.0968 0212 NAVENG - ok

20:53:15.0000 0212 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130106.009\NAVEX15.SYS

20:53:15.0000 0212 NAVEX15 - ok

20:53:15.0031 0212 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

20:53:15.0031 0212 NDIS - ok

20:53:15.0046 0212 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

20:53:15.0062 0212 NdisIP - ok

20:53:15.0078 0212 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

20:53:15.0078 0212 NdisTapi - ok

20:53:15.0109 0212 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

20:53:15.0109 0212 Ndisuio - ok

20:53:15.0109 0212 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

20:53:15.0109 0212 NdisWan - ok

20:53:15.0125 0212 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

20:53:15.0125 0212 NDProxy - ok

20:53:15.0140 0212 [ F7C14F5077BF2BC476C348B88A7F74E2 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

20:53:15.0156 0212 Net Driver HPZ12 - ok

20:53:15.0156 0212 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

20:53:15.0156 0212 NetBIOS - ok

20:53:15.0171 0212 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

20:53:15.0171 0212 NetBT - ok

20:53:15.0187 0212 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

20:53:15.0203 0212 NetDDE - ok

20:53:15.0234 0212 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

20:53:15.0234 0212 NetDDEdsdm - ok

20:53:15.0281 0212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

20:53:15.0281 0212 Netlogon - ok

20:53:15.0296 0212 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

20:53:15.0312 0212 Netman - ok

20:53:15.0343 0212 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

20:53:15.0375 0212 NetTcpPortSharing - ok

20:53:15.0390 0212 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys

20:53:15.0406 0212 NIC1394 - ok

20:53:15.0437 0212 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

20:53:15.0437 0212 Nla - ok

20:53:15.0437 0212 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

20:53:15.0437 0212 Npfs - ok

20:53:15.0468 0212 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

20:53:15.0484 0212 Ntfs - ok

20:53:15.0484 0212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

20:53:15.0484 0212 NtLmSsp - ok

20:53:15.0515 0212 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

20:53:15.0531 0212 NtmsSvc - ok

20:53:15.0546 0212 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

20:53:15.0546 0212 Null - ok

20:53:15.0578 0212 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

20:53:15.0593 0212 NwlnkFlt - ok

20:53:15.0593 0212 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

20:53:15.0593 0212 NwlnkFwd - ok

20:53:15.0656 0212 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:53:15.0687 0212 odserv - ok

20:53:15.0687 0212 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys

20:53:15.0687 0212 ohci1394 - ok

20:53:15.0703 0212 [ 1204A181AAE8D17BE8786EF8FB70A1C6 ] osaio C:\WINDOWS\system32\drivers\osaio.sys

20:53:15.0703 0212 osaio - ok

20:53:15.0734 0212 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:53:15.0796 0212 ose - ok

20:53:15.0828 0212 [ 778C309121067D83B8A48CDB658B4C17 ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

20:53:15.0843 0212 PACSPTISVR - ok

20:53:15.0859 0212 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys

20:53:15.0859 0212 Parport - ok

20:53:15.0859 0212 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

20:53:15.0859 0212 PartMgr - ok

20:53:15.0875 0212 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

20:53:15.0890 0212 ParVdm - ok

20:53:15.0890 0212 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

20:53:15.0890 0212 PCI - ok

20:53:15.0890 0212 PCIDump - ok

20:53:15.0906 0212 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

20:53:15.0906 0212 PCIIde - ok

20:53:15.0921 0212 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

20:53:15.0937 0212 Pcmcia - ok

20:53:15.0937 0212 PDCOMP - ok

20:53:15.0937 0212 PDFRAME - ok

20:53:15.0937 0212 PDRELI - ok

20:53:15.0937 0212 PDRFRAME - ok

20:53:15.0937 0212 perc2 - ok

20:53:15.0937 0212 perc2hib - ok

20:53:15.0953 0212 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

20:53:15.0968 0212 PlugPlay - ok

20:53:15.0968 0212 [ E638656001C52A1FAA34F92E6D3A086B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

20:53:15.0968 0212 Pml Driver HPZ12 - ok

20:53:16.0000 0212 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys

20:53:16.0000 0212 Point32 - ok

20:53:16.0000 0212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

20:53:16.0000 0212 PolicyAgent - ok

20:53:16.0015 0212 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

20:53:16.0015 0212 PptpMiniport - ok

20:53:16.0015 0212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

20:53:16.0015 0212 ProtectedStorage - ok

20:53:16.0015 0212 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

20:53:16.0015 0212 PSched - ok

20:53:16.0015 0212 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

20:53:16.0015 0212 Ptilink - ok

20:53:16.0031 0212 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

20:53:16.0046 0212 PxHelp20 - ok

20:53:16.0046 0212 ql1080 - ok

20:53:16.0046 0212 Ql10wnt - ok

20:53:16.0046 0212 ql12160 - ok

20:53:16.0046 0212 ql1240 - ok

20:53:16.0062 0212 ql1280 - ok

20:53:16.0062 0212 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

20:53:16.0062 0212 RasAcd - ok

20:53:16.0078 0212 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

20:53:16.0078 0212 RasAuto - ok

20:53:16.0093 0212 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

20:53:16.0093 0212 Rasl2tp - ok

20:53:16.0109 0212 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

20:53:16.0109 0212 RasMan - ok

20:53:16.0125 0212 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

20:53:16.0125 0212 RasPppoe - ok

20:53:16.0125 0212 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

20:53:16.0125 0212 Raspti - ok

20:53:16.0140 0212 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

20:53:16.0140 0212 Rdbss - ok

20:53:16.0140 0212 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

20:53:16.0140 0212 RDPCDD - ok

20:53:16.0156 0212 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

20:53:16.0171 0212 rdpdr - ok

20:53:16.0203 0212 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

20:53:16.0203 0212 RDPWD - ok

20:53:16.0218 0212 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

20:53:16.0218 0212 RDSessMgr - ok

20:53:16.0234 0212 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

20:53:16.0234 0212 redbook - ok

20:53:16.0250 0212 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

20:53:16.0281 0212 RemoteAccess - ok

20:53:16.0296 0212 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

20:53:16.0296 0212 RemoteRegistry - ok

20:53:16.0343 0212 [ 06A49B7BDC36CFBF97DD90804F833369 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe

20:53:16.0343 0212 RichVideo - ok

20:53:16.0375 0212 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys

20:53:16.0390 0212 RimUsb - ok

20:53:16.0421 0212 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

20:53:16.0421 0212 RpcLocator - ok

20:53:16.0453 0212 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll

20:53:16.0453 0212 RpcSs - ok

20:53:16.0484 0212 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

20:53:16.0484 0212 RSVP - ok

20:53:16.0500 0212 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

20:53:16.0500 0212 SamSs - ok

20:53:16.0515 0212 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

20:53:16.0515 0212 SCardSvr - ok

20:53:16.0531 0212 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

20:53:16.0531 0212 Schedule - ok

20:53:16.0546 0212 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

20:53:16.0546 0212 Secdrv - ok

20:53:16.0578 0212 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

20:53:16.0578 0212 seclogon - ok

20:53:16.0578 0212 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

20:53:16.0578 0212 SENS - ok

20:53:16.0625 0212 [ 74885BDFF62E537F268EBF8E8CEC24BB ] SepMasterService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe

20:53:16.0625 0212 SepMasterService - ok

20:53:16.0640 0212 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

20:53:16.0640 0212 serenum - ok

20:53:16.0656 0212 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

20:53:16.0656 0212 Serial - ok

20:53:16.0671 0212 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

20:53:16.0687 0212 Sfloppy - ok

20:53:16.0703 0212 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

20:53:16.0703 0212 SharedAccess - ok

20:53:16.0718 0212 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

20:53:16.0718 0212 ShellHWDetection - ok

20:53:16.0718 0212 Simbad - ok

20:53:16.0765 0212 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

20:53:16.0765 0212 SkypeUpdate - ok

20:53:16.0781 0212 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

20:53:16.0796 0212 SLIP - ok

20:53:16.0812 0212 [ 9ACBC471D86ED01A6F6BF30394C8ACEF ] smbusp C:\WINDOWS\system32\DRIVERS\intelsmb.sys

20:53:16.0812 0212 smbusp - ok

20:53:16.0812 0212 Smcinst - ok

20:53:16.0875 0212 [ 244687A7F63848235B8B5CC493B6CAFF ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe

20:53:16.0906 0212 SmcService - ok

20:53:16.0953 0212 [ 6CD803703835CC3EA4E8D47B2517F1C1 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe

20:53:17.0000 0212 SNAC - ok

20:53:17.0000 0212 Sparrow - ok

20:53:17.0000 0212 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

20:53:17.0000 0212 splitter - ok

20:53:17.0031 0212 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

20:53:17.0031 0212 Spooler - ok

20:53:17.0062 0212 [ 9CAB0A38DEEBD30F3C8FE9D9826F43B1 ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

20:53:17.0078 0212 SPTISRV - ok

20:53:17.0109 0212 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

20:53:17.0125 0212 sr - ok

20:53:17.0140 0212 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

20:53:17.0140 0212 srservice - ok

20:53:17.0187 0212 [ 818FF33E09C5EF86E721E1FC00154564 ] SRTSP C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSP.SYS

20:53:17.0203 0212 SRTSP - ok

20:53:17.0203 0212 [ 3C01529E8B986D9DC7489F7CE8BCAD91 ] SRTSPX C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSPX.SYS

20:53:17.0203 0212 SRTSPX - ok

20:53:17.0234 0212 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

20:53:17.0234 0212 Srv - ok

20:53:17.0281 0212 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

20:53:17.0281 0212 SSDPSRV - ok

20:53:17.0312 0212 [ 45B83808BF5C9968C3259A48898C7DD5 ] SSScsiSV C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

20:53:17.0312 0212 SSScsiSV - ok

20:53:17.0343 0212 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

20:53:17.0343 0212 StillCam - ok

20:53:17.0359 0212 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

20:53:17.0359 0212 stisvc - ok

20:53:17.0375 0212 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

20:53:17.0375 0212 streamip - ok

20:53:17.0375 0212 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

20:53:17.0390 0212 swenum - ok

20:53:17.0390 0212 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

20:53:17.0390 0212 swmidi - ok

20:53:17.0390 0212 SwPrv - ok

20:53:17.0406 0212 [ A0B824E49347B279ACB3903C04C78F75 ] SyDvCtrl C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SyDvCtrl32.sys

20:53:17.0406 0212 SyDvCtrl - ok

20:53:17.0406 0212 symc810 - ok

20:53:17.0406 0212 symc8xx - ok

20:53:17.0421 0212 [ 4F52D56310FEF75249914F352DDE7D13 ] SymDS C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMDS.SYS

20:53:17.0437 0212 SymDS - ok

20:53:17.0500 0212 [ 71B5577BADCF9C9420393395601BB995 ] SymEFA C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMEFA.SYS

20:53:17.0515 0212 SymEFA - ok

20:53:17.0546 0212 [ 98D28D08E68145FB550EE7670B43BAF2 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

20:53:17.0546 0212 SymEvent - ok

20:53:17.0546 0212 [ 7450A24AFBC9B0804D0A987204FFC0F8 ] SymIRON C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\Ironx86.SYS

20:53:17.0546 0212 SymIRON - ok

20:53:17.0562 0212 [ 2B574C93D074222D2BC8FF9A27567BFD ] SYMTDI C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMTDI.SYS

20:53:17.0578 0212 SYMTDI - ok

20:53:17.0578 0212 sym_hi - ok

20:53:17.0578 0212 sym_u3 - ok

20:53:17.0578 0212 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

20:53:17.0578 0212 sysaudio - ok

20:53:17.0609 0212 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

20:53:17.0609 0212 SysmonLog - ok

20:53:17.0640 0212 [ 65C165C4324D153429BF3BA9350F3084 ] SysPlant C:\WINDOWS\system32\Drivers\SysPlant.sys

20:53:17.0640 0212 SysPlant - ok

20:53:17.0671 0212 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

20:53:17.0671 0212 TapiSrv - ok

20:53:17.0703 0212 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

20:53:17.0703 0212 Tcpip - ok

20:53:17.0734 0212 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

20:53:17.0734 0212 TDPIPE - ok

20:53:17.0765 0212 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

20:53:17.0765 0212 TDTCP - ok

20:53:17.0781 0212 [ C6D87DCF289C5D641ACFD14989F44303 ] Teefer2 C:\WINDOWS\system32\DRIVERS\teefer.sys

20:53:17.0796 0212 Teefer2 - ok

20:53:17.0812 0212 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

20:53:17.0812 0212 TermDD - ok

20:53:17.0843 0212 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

20:53:17.0843 0212 TermService - ok

20:53:17.0859 0212 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

20:53:17.0859 0212 Themes - ok

20:53:17.0875 0212 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

20:53:17.0906 0212 TlntSvr - ok

20:53:17.0906 0212 TosIde - ok

20:53:17.0937 0212 [ 82FED3FEA9BCD77FC870A1E4C8B62870 ] TPM C:\WINDOWS\system32\DRIVERS\tpm.sys

20:53:17.0937 0212 TPM - ok

20:53:17.0953 0212 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

20:53:17.0953 0212 TrkWks - ok

20:53:17.0984 0212 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

20:53:18.0000 0212 Udfs - ok

20:53:18.0000 0212 ultra - ok

20:53:18.0062 0212 [ C82B4BF309113C4D71288F6D938DDA6E ] UNS C:\Program Files\Intel\AMT\UNS.exe

20:53:18.0125 0212 UNS - ok

20:53:18.0140 0212 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

20:53:18.0140 0212 Update - ok

20:53:18.0156 0212 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

20:53:18.0171 0212 upnphost - ok

20:53:18.0187 0212 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

20:53:18.0187 0212 UPS - ok

20:53:18.0203 0212 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

20:53:18.0203 0212 USBAAPL - ok

20:53:18.0234 0212 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

20:53:18.0234 0212 usbaudio - ok

20:53:18.0234 0212 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

20:53:18.0234 0212 usbccgp - ok

20:53:18.0265 0212 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

20:53:18.0265 0212 usbehci - ok

20:53:18.0281 0212 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

20:53:18.0281 0212 usbhub - ok

20:53:18.0296 0212 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

20:53:18.0296 0212 usbprint - ok

20:53:18.0328 0212 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

20:53:18.0328 0212 usbscan - ok

20:53:18.0359 0212 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

20:53:18.0359 0212 USBSTOR - ok

20:53:18.0390 0212 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

20:53:18.0390 0212 usbuhci - ok

20:53:18.0406 0212 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

20:53:18.0406 0212 VgaSave - ok

20:53:18.0406 0212 ViaIde - ok

20:53:18.0421 0212 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

20:53:18.0421 0212 VolSnap - ok

20:53:18.0437 0212 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

20:53:18.0453 0212 VSS - ok

20:53:18.0484 0212 [ 13ACFED0E6ADCA97440169DFD127EBCF ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys

20:53:18.0515 0212 VX3000 - ok

20:53:18.0546 0212 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

20:53:18.0546 0212 W32Time - ok

20:53:18.0562 0212 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

20:53:18.0562 0212 Wanarp - ok

20:53:18.0562 0212 WDICA - ok

20:53:18.0578 0212 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

20:53:18.0578 0212 wdmaud - ok

20:53:18.0593 0212 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

20:53:18.0593 0212 WebClient - ok

20:53:18.0640 0212 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

20:53:18.0640 0212 winmgmt - ok

20:53:18.0687 0212 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll

20:53:18.0734 0212 WinRM - ok

20:53:18.0765 0212 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

20:53:18.0765 0212 WmdmPmSN - ok

20:53:18.0781 0212 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

20:53:18.0796 0212 Wmi - ok

20:53:18.0828 0212 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

20:53:18.0859 0212 WmiApSrv - ok

20:53:18.0906 0212 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

20:53:18.0937 0212 WMPNetworkSvc - ok

20:53:19.0000 0212 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

20:53:19.0062 0212 WPFFontCache_v0400 - ok

20:53:19.0093 0212 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

20:53:19.0093 0212 WS2IFSL - ok

20:53:19.0125 0212 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

20:53:19.0140 0212 wscsvc - ok

20:53:19.0140 0212 WSearch - ok

20:53:19.0156 0212 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

20:53:19.0156 0212 WSTCODEC - ok

20:53:19.0187 0212 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

20:53:19.0187 0212 wuauserv - ok

20:53:19.0218 0212 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

20:53:19.0234 0212 WudfPf - ok

20:53:19.0265 0212 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

20:53:19.0281 0212 WudfRd - ok

20:53:19.0296 0212 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

20:53:19.0296 0212 WudfSvc - ok

20:53:19.0312 0212 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

20:53:19.0312 0212 WZCSVC - ok

20:53:19.0328 0212 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

20:53:19.0359 0212 xmlprov - ok

20:53:19.0359 0212 ================ Scan global ===============================

20:53:19.0375 0212 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

20:53:19.0406 0212 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

20:53:19.0406 0212 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

20:53:19.0421 0212 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

20:53:19.0421 0212 [Global] - ok

20:53:19.0421 0212 ================ Scan MBR ==================================

20:53:19.0437 0212 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

20:53:19.0578 0212 \Device\Harddisk0\DR0 - ok

20:53:19.0578 0212 ================ Scan VBR ==================================

20:53:19.0578 0212 [ 6FDEA6CD0005D3F40783FB6EE9F9AA0D ] \Device\Harddisk0\DR0\Partition1

20:53:19.0578 0212 \Device\Harddisk0\DR0\Partition1 - ok

20:53:19.0578 0212 ============================================================

20:53:19.0578 0212 Scan finished

20:53:19.0578 0212 ============================================================

20:53:19.0593 0172 Detected object count: 0

20:53:19.0593 0172 Actual detected object count: 0

20:54:38.0484 3500 Deinitialize success

ESET Online Scanner reported no threats but then I still got the following report:

Operating memory probably a variant of Win32/Ponmocup.AA trojan

AdwCleaner kept reporting that there was a newer version but when I went to download it I kept getting the same version. I was able to run it, it also reported no infections but I hit Delete anyway. Here is the log file:

# AdwCleaner v2.104 - Logfile created 01/07/2013 at 22:19:47

# Updated 29/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Glenn - LEISURELINES

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Glenn\Local Settings\Temporary Internet Files\Content.IE5\3Y2MUJH5\AdwCleaner[1].exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKLM\Software\AskBarDis

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\6lptv6sg.default\prefs.js

[OK] File is clean.

-\\ Opera v [unable to get version]

File : C:\Documents and Settings\Glenn\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1696 octets] - [07/01/2013 22:08:54]

AdwCleaner[R2].txt - [1756 octets] - [07/01/2013 22:18:53]

AdwCleaner[s1].txt - [1701 octets] - [07/01/2013 22:19:47]

########## EOF - C:\AdwCleaner[s1].txt - [1761 octets] ##########

Finally, ran your security check and here is the log:

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Disabled!

Symantec Endpoint Protection

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 35

Java version out of Date!

Adobe Flash Player 11.5.502.135

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (17.0.1)

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Unfortunately the end result is that I am still being redirected when I click on any search results in my browser. Before this cleanup I found that most often the URL would contain "livesearchnow" as part of the address but now it does not.

I continue to appreciate your help!

[screen317]

Okay thanks for the update.

Update MBAM, run a Quick Scan, and post its log. Grab a fresh copy of ComboFix, run it, and post its log. We'll take it from there.

[llines]

Here is the mbam log:

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.11.15

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Glenn :: LEISURELINES [administrator]

11/01/2013 9:23:52 PM

mbam-log-2013-01-11 (21-23-52).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 233194

Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Here is the Combofix log:

ComboFix 13-01-11.02 - Glenn 11/01/2013 21:33:28.3.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3311.2321 [GMT -5:00]

Running from: c:\documents and settings\Glenn\Desktop\Cleanup\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

.

((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))

.

.

2013-01-10 03:23 . 2013-01-10 03:23 -------- d-----w- c:\documents and settings\Glenn\Application Data\SPE

2013-01-09 18:35 . 2013-01-09 18:35 -------- d-----w- c:\documents and settings\Glenn\Application Data\TeamViewer

2013-01-08 01:57 . 2013-01-08 01:57 -------- d-----w- c:\program files\ESET

2013-01-06 14:09 . 2013-01-06 14:09 -------- d--h--w- c:\windows\PIF

2012-12-26 21:43 . 2012-12-26 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-26 21:31 . 2012-12-26 21:31 -------- d-----w- c:\program files\iPod

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 18:44 . 2012-07-27 16:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-09 18:44 . 2012-01-30 19:50 74248 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 21:49 . 2012-12-12 03:07 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-06 02:01 . 2008-04-14 12:00 1371648 ----a-w- c:\windows\system32\msxml6.dll

2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-16 15:15 . 2012-12-08 03:25 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2010-09-16 15:16 . 2012-12-08 03:25 185240 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2010-09-16 15:16 . 2012-12-08 03:25 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll

2010-09-16 15:16 . 2012-12-08 03:25 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2012-12-08 03:25 . 2012-12-08 03:25 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 138008]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-07 16377344]

"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-09-07 401408]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-27 198160]

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]

"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-25 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-10-28 113664]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-12-9 106560]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\snac.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"50699:TCP"= 50699:TCP:Windows Core Service

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [16/07/2011 7:48 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [27/08/2011 7:48 PM 758904]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130107.011\BHDrvx86.sys [09/01/2013 12:03 AM 995488]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [13/09/2011 7:46 PM 137336]

R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [20/09/2011 11:58 PM 137224]

R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [02/12/2008 11:59 PM 2514944]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/08/2012 3:34 AM 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130111.003\IDSXpx86.sys [11/01/2013 8:31 PM 373728]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09/11/2012 11:21 AM 160944]

S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]

S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\SyDvCtrl32.sys [30/10/2011 8:57 PM 23984]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 18:44]

.

2013-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2013-01-11 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2013-01-12 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2013-01-12 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2013-01-11 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2010-06-14 20:07]

.

2013-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-16 20:18]

.

2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-16 20:18]

.

2010-12-02 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35]

.

2013-01-11 c:\windows\Tasks\QYCAO.job

- c:\windows\system32\dpmodemx2.dll [2012-12-02 15:57]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://rogers.my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 64.71.255.198

FF - ProfilePath - c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\6lptv6sg.default\

FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-11 21:38

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]

"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]

"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3460)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2013-01-11 21:40:25

ComboFix-quarantined-files.txt 2013-01-12 02:40

ComboFix2.txt 2013-01-06 14:32

.

Pre-Run: 183,724,949,504 bytes free

Post-Run: 183,819,800,576 bytes free

.

- - End Of File - - 66430BBFD92D6912EFEE31F22CD34595

Thanks again

[screen317]

Hello,

My apologies for the delay.

Are you still getting redirected? Are you connected through a router?

[llines]

Yes we are still being redirected and we are connected via a router. I have rebooted the router several times. Have also reset internet settings to default.

[screen317]

This might be more thorough than what you tried to do:

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

• Go to Start -> Control Panel -> Double click on Network Connections.
  
• Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  
• Select the General tab.
  
• Double click on Internet Protocol (TCP/IP).
  
  • Under General tab:
    
    • Select "Obtain an IP address automatically".
      
    • Select "Obtain DNS server address automatically".
      

  [*]Click OK twice to save the settings.

  [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

• Click the Start logo in the bottom left corner of the screen
  
• Click on Run
  
• In the command window copy/paste the following:
  

  ipconfig /flushdns

  
  

• Then hit enter.
  
• Exit the command window.
  

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Reboot. If you're still getting redirected, it's time to bring out the big guns.

[llines]

Ok, time to bring out the big guns. lol

Just followed your suggested steps but unfortunately, I am still being redirected. Most often there is reference to searchwebresults.com or livesearchnow in the URL.

I tried one other thing a few days ago, I removed my hard drive and connected it to another CPU so I could do the scan outside of this environment. Ran a Symantec scan and it came up with bloodhound MalPE on the first scan. I removed it and ran mbam and another Symantec scan which both came up clean. Put the hard drive back into it's original home and fired it up only to find I was still being redirected.

[llines]

i have also tried creating a new user account but the problem showed up there too.

[screen317]

Hi,

We have an advanced product in development that is now in public Beta: Malwarebytes Anti-Rootkit. This tool has been designed to address the specific type of infection(s) identified on your system. At this stage Malwarebytes Anti-Rootkit has been heavily tested and we are confident in it's capabilities and stability. That being said, this is a Beta product and certain disclaimers need to be made. All Beta versions are not final products. Malwarebytes does not guarantee the absence of errors which might lead to interruption in normal computer operations or data loss. Precautions should be taken. The types of infections targeted by Malwarebytes Anti-Rootkit can be very difficult to remove. Please be sure you have any valued data backed up before proceeding, just as a precaution.

While we encourage and invite participation, Malwarebytes Anti-Rootkit Beta users run the tool at their own risk. Malwarebytes bears no responsibility for issues that may arise during use of this tool, however all reasonable efforts will be made by Malwarebytes to assist in recovery should the need arise.

If you agree to these terms, please let us know and we will provide a download link and instructions for you.

[llines]

I do agree to the terms, please send me the link.

Thanks

[screen317]

Hi,

Sorry for the delay.

See here for instructions and download link; post both logs that it produces:

http://www.malwarebytes.org/products/mbar/

[llines]

Hi

Ran the scan and it reported no malware found. I did a couple of different google searches and things looked good for the first 5 links I picked and then it went wonky again. It is back to redirecting again. I only picked safe sites so it wasn't because I clicked on a bad site.

Here are the two logs:

mbar-log:

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

www.malwarebytes.org

Database version: v2013.01.26.10

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Glenn :: LEISURELINES [administrator]

26/01/2013 4:27:43 PM

mbar-log-2013-01-26 (16-27-43).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 27973

Time elapsed: 9 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

System Log:

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_35

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.388000 GHz

Memory total: 3471441920, free: 2487795712

------------ Kernel report ------------

01/26/2013 16:17:19

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

ohci1394.sys

\WINDOWS\system32\DRIVERS\1394BUS.SYS

compbatt.sys

\WINDOWS\system32\DRIVERS\BATTC.SYS

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltMgr.sys

SYMDS.SYS

sr.sys

SYMEFA.SYS

PxHelp20.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\igxpmp32.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\HECI.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\e1e5132.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\nic1394.sys

\SystemRoot\system32\DRIVERS\tpm.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\intelsmb.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\DRIVERS\teefer.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSP.SYS

\SystemRoot\system32\Drivers\SEP\0C0103E8\009D.105\x86\Ironx86.SYS

\SystemRoot\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSPX.SYS

\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\point32.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\VX3000.sys

\SystemRoot\system32\DRIVERS\STREAM.SYS

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMTDI.SYS

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\arp1394.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\ws2ifsl.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\Drivers\SysPlant.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

\??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20130107.011\BHDrvx86.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_WMILIB.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\igxpgd32.dll

\SystemRoot\System32\igxprd32.dll

\SystemRoot\System32\igxpdv32.DLL

\SystemRoot\System32\igxpdx32.DLL

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\mrxdav.sys

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\drivers\osaio.sys

\SystemRoot\System32\Drivers\TDTCP.SYS

\SystemRoot\System32\Drivers\RDPWD.SYS

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20130124.001\IDSxpx86.sys

\??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130125.023\NAVEX15.SYS

\??\C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20130125.023\NAVENG.SYS

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

\WINDOWS\system32\sysferThunk.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8af03ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-16\

Lower Device Object: 0xffffffff8af0ab00

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Load Function returned 0x0

Downloaded database version: v2013.01.26.10

Downloaded database version: v2013.01.23.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8af03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8af01e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8af03ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8af35948, DeviceName: \Device\0000007c\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8af0ab00, DeviceName: \Device\Ide\IdeDeviceP5T0L0-16\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe8e99510, 0xffffffff8af03ab8, 0xffffffff8a1b5040

Lower DeviceData: 0xffffffffe3fae4a8, 0xffffffff8af0ab00, 0xffffffff88b897f8

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ianswxp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\fastfat.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\iqvw32.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 894F894F

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 488375937

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...

Done!

Performing system, memory and registry scan...

Read File: File "c:\Documents and Settings\administrator\Application Data\Adobe\Color\ACEConfigCache2.lst" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Application Data\Adobe\LogTransport2\LogTransport2.cfg" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Adobe\AIR\eulaAccepted" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Adobe\SLStore\5C38EC5D542E" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Adobe\SLStore\5E36EF5D432E" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\Hx_4105_MValidator.Lck" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.EXCEL.12.1033_4105_MValidator.Lck" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSACCESS.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSACCESS.12.1033_4105_MValidator.Lck" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSACCESS.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSPUB.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSPUB.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.OUTLOOK.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.OUTLOOK.12.1033_4105_MValidator.Lck" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.OUTLOOK.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.WINWORD.12.1033_4105_MValidator.Lck" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.grd" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "c:\Program Files\Common Files\psasetup.log" is compressed (flags = 1)

Read File: File "c:\Program Files\Opera\operadef6.ini" is compressed (flags = 1)

Read File: File "c:\Program Files\Opera\operaprefs_default.ini" is compressed (flags = 1)

Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)

Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\logonui.exe.manifest" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\winrm.cmd" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\odbcinst.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\pool.bin" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\HPPDEVX.DLL.log" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\wbem\WindowsSearchEngine_Uninst.mof" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\ODBC.INI" is compressed (flags = 1)

Read File: File "c:\WINDOWS\spupdsvc.log.1.log" is compressed (flags = 1)

Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\DtcInstall.log" is compressed (flags = 1)

Read File: File "c:\WINDOWS\amswin.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\bti.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\BTIWARN.LOG" is compressed (flags = 1)

Read File: File "c:\WINDOWS\cdplayer.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\cmsetacl.log" is compressed (flags = 1)

Read File: File "c:\WINDOWS\SYSTEM.SA1" is compressed (flags = 1)

Read File: File "c:\WINDOWS\pmcpv.ch.log" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Debug\blastcln.log" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Downloaded Program Files\swflash.inf" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Aspnet.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet.mof.uninstall" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state_perf.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ilasm.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\netmemorycache.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)

Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Adobe\Updater5\AdobeUpdaterPrefs.dat" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Installer1164\payloads\Setup.xml" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Outlook\CGTA - Admin.sharing.xml.obi" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Outlook\~last~.sharing.xml.obi" is compressed (flags = 1)

Read File: File "c:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Silverlight\mssl.lck" is compressed (flags = 1)

Done!

Scan finished

=======================================

[screen317]

Hi,

• Please download Shortcut Cleaner from the following web page and save it to your Desktop.
  Shortcut Cleaner Download Link - http://www.bleepingc...rtcut-cleaner/
  
• Once the file is downloaded, double-click on the ss-cleaner.exe file that should now be on your desktop. If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears. Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts and if any are found it will automatically clean them for you. When it is done, it will show you a log that contains a list of shortcuts that were cleaned. When you have finished reviewing the log file, please close it and continue with the rest of the steps.
  

Please reboot to Safe Mode With Networking (tap the F8 key just before Windows starts to load and select the Safe Mode With Networking option from the menu). Do the redirects persist there?

[llines]

I ran the shorcut cleaner but it reported no hijacked shortcuts. Rebooted in safe mode and the redirects do not occur here.

[screen317]

Hi,

Click Start --> Run, and type in msconfig.exe

Click the Startup tab, then click Disable all...

Click OK.

Restart your computer and use it normally for a bit, and let me know if the problem persists. If not, that means one or more of your items running on startup are to blame. If the problem still persists, we will attempt other avenues of troubleshooting.

Let me know how it goes.

-screen317

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.