PDA

View Full Version : Infected?



cathylm
2011-01-31, 03:10
When I am using the browser a secondary browser page pops up behind the page I am on. I am about 99% sure I have been hijacked. I recently got a blue screen and my computer has been freezing up, etc. :confused:

I read through the before you post and I am submitting the required information. Any help would be great appreciated.

Blade81
2011-02-02, 08:01
Hi,

Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Please post contents of that file in your next reply.


Please download MBRCheck (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply.

cathylm
2011-02-03, 03:05
Thank you for your help. As requested I have included the two logs.

Blade81
2011-02-03, 07:46
Hi,

Does the browser issue still happen? If so, does it happen with both Firefox and Internet Explorer?

cathylm
2011-02-04, 02:43
Hello Blade81, to answer your question, I am still getting a second window pop up usually to an unsafe website. I use Web of Trust. At first it starts with google analytical. I don't know if that it useful. As for IE I honestly never use it. However, I did pull up IE and found the attached information. It wasn't set on Yahoo like I had it set up originally, it was a blank Ashampoo google page??? I hope some of this is useful.

Blade81
2011-02-04, 08:24
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

cathylm
2011-02-05, 02:37
Here are the latest logs you requested. I wish to thank you for helping. You guys and gals help a lot of people. So thank you from Tennessee.

Blade81
2011-02-05, 11:53
Hi,

ComboFix item was some shortcut. Please copy-paste contents of c:\ComboFix.txt file back in your reply.

cathylm
2011-02-05, 17:12
I apologize, here is combofix.

Blade81
2011-02-05, 19:22
Hi,

Does it still redirect? Is the system behind a router? If it is, does it have other systems plugged in?

cathylm
2011-02-07, 04:58
Yes it still pulls up and redirects a second window to another website, usually ones that Web Of Trust deems dangerous. I'm not sure about the router thing. My computer's internet is where you get a bundle deal like phone, internet and TV. I also have an additional line hooked up by a router I expect. I very seldom us that computer. It's usually turned completely off.

Blade81
2011-02-07, 08:20
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)


I also have an additional line hooked up by a router I expect. I very seldom us that computer. It's usually turned completely off.
Could you test how that other system works?

cathylm
2011-02-08, 00:13
I am including the zipfile for the TTDSSKiller.

The second line has a USB Netgear stick and is connected by Netgear router to the bundled telephone touchtone modem. I hope this info helps.

Blade81
2011-02-08, 11:03
Did you check if the other system has any of those redirect issues?

cathylm
2011-02-10, 05:33
I'm sorry I did not get back with you yesterday, a migraine.

I turned on the older computer and checked to see if it redirects and it does not. The computer I use does not redirect with Internet Explorer, but it does with Mozilla Firefox which is what I always use.

Blade81
2011-02-10, 17:07
Hi,

Please try to reinstall Firefox by doing complete uninstall first (remember to select "Remove my Firefox personal data and customizations" option).

cathylm
2011-02-14, 03:15
I uninstalled firefox and lost most of my passwords. I have the more important ones though. It didn't do any good to unintall it. I still continued to have a secondary page pop of under the web of trust red sites. And trying use internet explorer was a nightmare. However, good news, I did find a way to stop the problem. It has to do with scripts. I only enabled some of the ones I had to have. It seems to work for now. If I run into a problem may I possibly contact you again? Thank you for your help Blade81.

Blade81
2011-02-14, 12:15
Hi,

Let's ensure Firefox is completely removed. Please uninstall it as instructed above (don't reinstall yet). Create fresh dds logs when ready.

cathylm
2011-02-16, 03:05
I haven't had a chance to sit down and uninstall firefox. Hopefully I can get to it tomorrow after work. I'm still freezing up, etc.

Blade81
2011-02-16, 07:24
Ok, thanks for the heads up.

cathylm
2011-02-16, 23:58
Well I uninstalled Firefox and ran the logs. Hopefully it will show I'm clean, my system. Use to Spybot was set up where it asked me about any program trying to open or set up on my computer. That was on my older computer, which everything on that is outdated. But do you know how I can get that setup on this computer. I miss that program.

Blade81
2011-02-17, 07:43
Please re-run DDS and copy-paste dds.txt & attach.txt contents back here (those will be created as an output for DDS).

cathylm
2011-02-18, 17:34
Blade8 I'm including the info you requeted. My computer has been a nightmare. Today when I pulled up the internet I was redirected to information that my computer was infected. I was using IE. Here is what was reported. and security threat.

Nuwar.GDM - High
XF.Jugunay!dam - Medium
W32.SillyFDC.BDM - Medium
Backdoor.Win32.Bifros.cqqy - High
Banker-MGB - Critical

This was found in Shared Documents and on the Hard Drive.

Here is the ddx.txt log.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by cat at 9:20:09.06 on Fri 02/18/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.3827 [GMT -6:00]

AV: Norton Security Suite *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files (x86)\iWin Games\iWinTrusted.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\comcasttb\CIDGlobalLight.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\cat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZX1FUZ86\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwag.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwag.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - C:\Program Files (x86)\comcasttb\auxi\comcastAu.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwag.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Toolbar - Big Fish Games: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
TB: Toolbar - Big Fish Games: {c7c9fc25-88b0-4682-9c9f-2608e9117647} - C:\Program Files (x86)\bfgbartb\BfgBarDx.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwag.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [Jenkat Arcade] C:\Users\cat\AppData\Roaming\Jenkat\Jenkat Games Arcade\notifyapp.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\cat\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CNETTE~1.LNK - C:\Users\cat\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EXPRES~1.LNK - C:\Program Files (x86)\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OFFICE~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRunOnce-x64: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-16 55280]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0308000.029\SymEFA64.sys [2010-2-3 402992]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\N360x64\0308000.029\BHDrvx64.sys [2010-2-3 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0308000.029\cchpx64.sys [2010-2-3 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110217.001\IDSviA64.sys [2011-2-17 476792]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [2010-9-21 118888]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2010-9-2 176408]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-1 1153368]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-7 2314240]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-16 240160]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-16 283824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-6-10 132656]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-16 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-11-16 233984]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2010-8-9 143464]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\N360x64\0308000.029\symndisv.sys [2010-2-3 56880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
S2 Third_Party_Install.exe;Your Service;C:\Program Files (x86)\Youdagames\Jade Rousseau - The Fall of Sant Antonio\Third_Party_Install.exe [2010-7-1 301153]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-9-26 4924336]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-27 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-02-18 15:17:44 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{970D68B7-7C49-4395-9741-D2B790C066B2}\mpengine.dll
2011-02-18 03:57:38 -------- d-----w- C:\Program Files (x86)\Maestro - Music of Death Collector's Edition
2011-02-18 03:56:31 -------- d-s---w- C:\ComboFix
2011-02-17 01:28:34 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-02-17 01:28:32 -------- d-----w- C:\Program Files (x86)\Swag_Bucks
2011-02-13 06:29:08 -------- d-----w- C:\Users\cat\AppData\Roaming\WhiteBirdsProductions
2011-02-12 15:18:50 -------- d-----w- C:\Users\cat\AppData\Roaming\Dying for Daylight Shared
2011-02-12 15:18:50 -------- d-----w- C:\Users\cat\AppData\Roaming\Dying for Daylight
2011-02-12 14:18:55 -------- d-----w- C:\Program Files (x86)\Dying_for_Daylight
2011-02-12 01:00:36 -------- d-----w- C:\Program Files (x86)\bfgbartb
2011-02-12 00:59:47 941920 ----a-w- C:\Users\cat\bfgtb_2.1.0.13.exe
2011-02-12 00:36:17 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2011-02-11 18:43:59 -------- d-----w- C:\Users\cat\AppData\Roaming\Oberon Media
2011-02-11 18:43:57 -------- d-----w- C:\PROGRA~3\GamesBar
2011-02-11 18:43:43 -------- d-----w- C:\PROGRA~3\Oberon Media
2011-02-10 15:40:13 -------- d-----w- C:\Program Files (x86)\Stray Souls - Dollhouse Story Collector's Edition
2011-02-10 03:31:36 -------- d-----w- C:\Program Files (x86)\The Secret Legacy - A Kate Brooks Adventure
2011-02-08 20:44:25 -------- d-----w- C:\Program Files (x86)\Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue
2011-02-05 15:13:15 -------- d-sh--w- C:\$RECYCLE.BIN
2011-02-05 00:10:02 98816 ----a-w- C:\Windows\sed.exe
2011-02-05 00:10:02 89088 ----a-w- C:\Windows\MBR.exe
2011-02-05 00:10:02 256512 ----a-w- C:\Windows\PEV.exe
2011-02-05 00:10:02 161792 ----a-w- C:\Windows\SWREG.exe
2011-02-02 13:55:49 -------- d-----w- C:\Users\cat\AppData\Roaming\Malwarebytes
2011-02-02 13:55:40 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-02 13:55:40 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-02 13:55:36 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-02 13:55:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-29 07:02:20 -------- d-----w- C:\Users\cat\AppData\Roaming\CursedOnboard
2011-01-27 11:52:20 -------- d-----w- C:\Program Files (x86)\Shadow Wolf Mysteries - Curse of the Full Moon Collector's Edition
2011-01-26 04:40:03 -------- d-----w- C:\Users\cat\AppData\Roaming\TikisLab
2011-01-22 17:39:20 -------- d-----w- C:\Program Files (x86)\Spirit Seasons - Little Ghost Story
2011-01-22 17:29:25 -------- d-----w- C:\Program Files (x86)\Haunted Hotel II - Believe the Lies
2011-01-22 04:47:41 -------- d-----w- C:\Program Files (x86)\The Stroke of Midnight
2011-01-21 14:30:27 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-01-21 02:19:46 -------- d-----w- C:\Program Files (x86)\Treasure Seekers - The Time Has Come Collector's Edition
2011-01-19 23:23:42 -------- d-----w- C:\Users\cat\AppData\Roaming\GameInvest

==================== Find3M ====================

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-29 23:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

============= FINISH: 9:20:59.16 ===============


Here is the attached.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/30/2010 5:38:48 PM
System Uptime: 2/15/2011 8:50:09 AM (73 hours ago)

Motherboard: Gateway | | H57M01
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz | CPU 1 | 2933/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 919 GiB total, 760.551 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

10 Days To Save the World: The Adventures of Diana Salinger
1001 Nights - The Adventures of Sindbad
1912 Titanic Mystery
20,000 Leagues Under The Sea - Captain Nemo
3 Days - Amulet Secret
3D Waterfall Screensaver 1.0
4 Elements
7 Wonders - Treasures of Seven
7 Wonders 2 (remove only)
A Fairy Tale
A Gypsy's Tale: The Tower of Secrets
Abundante!
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Adventure Chronicles: The Search for Lost Treasure
Adventures of Robinson Crusoe
Agatha Christie Bundle - 3 in 1
Age Of Emerald
Age Of Oracles: Tara`s Journey
Alabama Smith in the Quest of Fate
Alawar Game Box
Alchemist's Apprentice
Alchemy Mahjong 1.0.0.0
Alexandra Fortune - Mystery of the Lunar Archipelago
Aloha Solitaire
Aloha TriPeaks
Amazing Adventures The Caribbean Secret(TM)
Amazing Adventures: The Lost Tomb
Amazing Heists(TM) - Dillinger
Amazing Pyramids
Amber Pyramids Solitaire
Ancient Hearts and Spades
Ancient Quest of Saqqarah
Ancient Secrets
Ancient Spider Solitaire
Ancient Spirits - Columbus' Legacy BETA
Angela Young's Dream Adventure
Angela Young 2 - Escape the Dreamscape
Annabel
Apple Application Support
Apple Software Update
Around the World in 80 Days
Art Detective
Artifacts of the Past: Ancient Mysteries
Atlantis Quest
Awakening: Moonfell Wood
Awakening: The Dreamless Castle
Azada ®
Azada: Ancient Magic ™
B209a-m
Babylonia
Bato
Be a King 1.2 Lost Lands
Becky Brogan: The Mystery of Meane Manor
Behind the Reflection
Bejeweled 2 Deluxe
Bejeweled Blitz
Big City Adventure(TM) - Vancouver
Big Fish Games: Game Manager
Big Kahuna Reef
Big Kahuna Reef 2 - Chain Reaction
Big Kahuna Words
Biggest Little Adventure
Blood Oath
Bloodline of the Fallen - Anna's Sacrifice
Book of Legends (remove only)
Born Into Darkness
Brunhilda 1.23
BufferChm
Build-a-lot
CA Pest Patrol Realtime Protection
CA Yahoo! Anti-Spy (remove only)
Cafe Mahjongg
Campfire Legends - The Babysitter
Campfire Legends - The Hookman
Caribbean Mah Jong
Cassandra's Journey: The Legacy of Nostradamus
Charlaine Harris: Dying for Daylight
Charm Tale 2 - Mermaid Lagoon
Classic Adventures: The Great Gatsby Beta
CNET TechTracker
Columbus: Ghost of the Mystery Stone
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.5
Compatibility Pack for the 2007 Office system
Conduit Engine
Coupon Printer for Windows
Cradle of Rome (remove only)
Curse of the Pharaoh: Napoleon's Secret ™
Curse of the Pharaoh: Tears of Sekhmet
Curse of the Pharaoh: The Quest for Nefertiti
Cursed House
D3DX10
Dark Parables: Curse of Briar Rose Collector's Edition
Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
Dark Tales: ™ Edgar Allan Poe's The Black Cat Collector's Edition
Deadtime Stories
Death at Fairing Point: A Dana Knightstone Novel Collector's Edition
Deep Blue Sea 2 - The Amulet of Light
Department 42: The Mystery of the Nine
Destinations
Detective Agency
DeviceDiscovery
Diamon Jones: Eye of the Dragon
Diamond Detective
Dominic Crane's Dreamscape Mystery
Downtown Secrets Beta
Dracula 3: The Path of the Dragon
Dracula Origin
DragonStone
DragonStone (remove only)
Drawn: Dark Flight ® Collector's Editon
Drawn: The Painted Tower ™
Dream Aquarium
Dream Chronicles(R) Trilogy 1 Bundle
Dream Chronicles: The Book of Air Collector's Edition
Dream Chronicles: The Chosen Child
Dream Mysteries - Case of the Red Fox
DreamWoods
Dungeon Rider
E.M. Total Video Player 1.31
Echoes of the Past: Royal House of Stone
Echoes of the Past: The Castle of Shadows Collector's Edition
Eco Match
EcoRescue - Project Rainforest
Eden's Quest - The Hunt for Akua
Egypt III: The Fate of Ramses
Eldorado Puzzle
Elementals: The Magic Key
Elf Bowling - Hawaiian Vacation
Elf Bowling 7 1/7: The Last Insult
Elf Bowling Collection
Elixir of Immortality
Empress of the Deep - The Darkest Secret
Enlightenus
Enlightenus II: The Timeless Tower Collector's Edition
Epic Adventures - La Jangada
ERUNT 1.1j
Escape from Lost Island
Escape the Lost Kingdom
Escape the Museum (remove only)
Escape the Museum 2 (remove only)
Eternal Night: Realm of Souls
Eternity
Exorcist
Faerie Solitaire
Faerie Solitaire(TM)
Fairies
Fairway Solitaire
FATE - The Traitor Soul
Fear for Sale: The Mystery of McInroy Manor Collector's Edition
Feedback Tool
Fiction Fixers - Adventures in Wonderland
Fiction Fixers: The Curse of OZ
Finders Keepers 1.5
Fishdom - Frosty Splash
Fishdom 2
Fishdom 2 Premium Edition
Flux Family Secrets: The Rabbit Hole Collector's Edition
Flux Family Secrets: The Ripple Effect
Forgotten Places - Lost Circus
FRANKENSTEIN - The Dismembered Bride
Full Tilt Poker
G.H.O.S.T. Chronicles - Phantom of the Renaissance Faire
G.H.O.S.T. Hunters (remove only)
Galapago
Gallic Puzzle
GameHouse Solitaire Challenge
GamesBar 2.0.1.55
Gateway InfoCentre
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Ghost in the Sheet
Ghost Town Mysteries(TM) - Bodie
Gift Puzzle
Glyph (remove only)
GOG.com Downloader
Golden Dozen Solitaire
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Grace's Quest: To Catch An Art Thief
Great Mahjong
Great Secrets DaVinci
Great Secrets: Nostradamus
Hallmark Card Studio Express
Haunted Halls: Green Hills Sanitarium Collector's Edition
Haunted Hotel
Haunted Hotel II: Believe the Lies
Haunted Legends: The Queen of Spades Collector's Edition
Haunted Manor: Lord of Mirrors
Hawaiian Explorer: Lost Island (remove only)
Hawaiian Explorer: Pearl Harbor (remove only)
Heartwild Solitaire - Book Two
Hidden Expedition ® - Devil's Triangle
Hidden Expedition: Amazon ™
Hidden Expedition: Everest ™
Hidden Expedition: Titanic ™
Hidden in Time: Mirror Mirror
Hidden Magic
Hidden Magic (remove only)
Hidden Mysteries: Buckingham Palace ™
Hidden Mysteries: Civil War
Hidden Mysteries: Salem Secrets
Hidden Mysteries: Vampire Secrets
Hidden Relics
Hidden Wonders of the Depths
Hidden Wonders of the Depths 2
Hidden Wonders of the Depths 3: Atlantis Adventures
Hide & Secret 3 - Pharaoh's Quest
Hide and Secret 2 Cliffhanger Castle (remove only)
HijackThis 2.0.2
Hollywood - The Director's Cut
Hotel Mahjong Deluxe
Hoyle Enchanted Puzzles
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Identity Card
Imperial Sudoku
Insider Tales: The Stolen Venus (remove only)
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Island: The Lost Medallion
iWin Games (remove only)
Jade Rousseau - The Fall of Sant Antonio
Jane Angel - Templar Mystery
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 23
Jenkat Games Arcade
Jetsetter
Jewel Quest - Heritage
Jewel Quest Mysteries: Trail of the Midnight Heart
Jewel Quest: The Sleepless Star (remove only)
JMicron JMB36X Driver
Joan Jade and the Gates of Xibalba
Journalist Journey - The Eye of Odin
Journalist Journey: The Eye of Odin
Journey of Hope
Journey to the Center of the Earth
Junk Mail filter update
Kate Arrow: Deserted Wood
King Arthur
Kuros
Lamp of Aladdin
Laura Jones and the Secret Legacy of Nikola Tesla
Lilly Wu and the Terra Cotta Mystery
Liong: The Lost Amulets
Little Shop of Treasures
Lost Chronicles: Salem
Lost Fortunes
Lost in Reefs
Lost in the City ™
Lost in Time: The Clockwork Tower
Lost Lagoon: The Trail of Destiny
Lost Realms: Legacy of the Sun Princess (remove only)
Lost Realms: The Curse of Babylon
Lost Secrets: Ancient Mysteries
Lost Treasures of Alexandria (remove only)
Lost Treasures of Eldorado
Love & Death ™: Bitten ™
Love Chronicles: The Spell
Lure of the Temptress
Maestro: Music of Death Collector's Edition
Magic Academy
Magic Academy II
Magic Encyclopedia - Moon Light
Magic Encyclopedia 3: Illusions
Magic Encyclopedia. First Story
Magic Pets ver 1.0
Magic Runes
Magic Vines™
Magical Forest (remove only)
Magician's Handbook 2: Blacklore (remove only)
Mah Jong Medley
Mah Jong Quest II (remove only)
Mah Jong Quest III (remove only)
Mahjong Escape Ancient China
Mahjong Memoirs
Mahjong Roadshow (remove only)
Mahjong_artifacts (remove only)
Mahjongg Dimensions Deluxe
Malwarebytes' Anti-Malware
Margrave Manor 2: The Lost Ship
Marine Puzzle
MarketResearch
Marooned
Marooned 2 - Secrets of the Akoni
Masters of Mystery - Blood of Betrayal
Masters of Mystery: Blood of Betrayal (remove only)
Mesh Runtime
Messenger Companion
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Single Image 2010 (Beta)
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Midnight Mysteries 2 - Salem Witch Trials
Midnight Mysteries: The Edgar Allan Poe Conspiracy
Mind's Eye - Secrets of the Forgotten
Mind Medley
MONOPOLY HERE & NOW EDITION
Monster Mash (remove only)
MonsterQuest
Mortimer Beckett and the Lost King
Mortimer Beckett and the Secrets of Spooky Manor
Mortimer Beckett and the Time Paradox
Move Media Player
Mr. Biscuits 1.10
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mummy's Curse
Murder, She Wrote
Myst Masterpiece Edition
Mysteries of Magic Island
Mysterious Worlds - The Secret of Oak Island
Mystery Age: The Dark Priests
Mystery Age: The Imperial Staff
Mystery Case Files ®: 13th Skull ™ Collector's Edition
Mystery Case Files®: Dire Grove™ Collector's Edition
Mystery Case Files: Madame Fate ®
Mystery Case Files: Ravenhearst ®
Mystery Case Files: Return to Ravenhearst ™
Mystery Chronicles: Murder Among Friends
Mystery in London ™
Mystery Legends: The Phantom of the Opera Collector's Edition
Mystery of Mortlake Mansion
Mystery of the Earl
Mystery of Unicorn Castle
Mystery P.I. - The London Caper
Mystery Stories Island of Hope (remove only)
Mystery Trackers: The Void Collector's Edition
Mystery Valley
Mystic Diary: Haunted Island
Mystic Diary: Lost Brother
Mystic Gateways: The Celestial Quest (remove only)
Mystic Gateways: The Celestial Quest
Mystic Inn ™
Mythic Mahjong (remove only)
Nancy Drew: Legend of the Crystal Skull
Nancy Drew: The Haunting of Castle Malloy
Nancy Drew: Treasure in the Royal Tower
Nat Geo Adventure: Lost City of Z (remove only)
Natalie Brooks - Mystery at Hillcrest High
Natalie Brooks - The Treasures of the Lost Kingdom
National Geographic Adventure - Lost City of Z
Nemo's Secret: The Nautilus
NG Explorer - Ghost Fleet
Nightfall Mysteries - Curse of the Opera
Nightfall Mysteries: Asylum Conspiracy
Nightmare Adventures: The Witch's Prison
Nightmare on the Pacific
Nightmare on the Pacific Premium Edition
Nightshift Legacy: The Jaguar's Eye (remove only)
Nora Roberts - Vision In White
Norton Security Scan
Norton Security Suite
Nostradamus: The Last Prophecy
NVIDIA GAME System Software 2.8.1
NVIDIA PhysX v8.10.13
OpenAL
OpenOffice.org 3.2
Opera 10.62
Pahelika: Secret Legends
Paige Harper and the Tome of Mystery
Pantheon
Paradise Quest
Paranormal Agency
Paranormal Agency (remove only)
Pathfinders: Lost at Sea
Peggle World of Warcraft Edition
Penny Dreadfuls™ Sweeney Todd
Persian Puzzle
Phantasmat Collector's Edition
Pharaoh Puzzle
Photo Explosion Special Edition
Pirate Island (remove only)
Pirates: Battle for the Caribbean
PJ Pride Pet Detective: Destination Europe (remove only)
Poker Superstars III
Polar Bowler from WildGames (remove only)
Princess Isabella: A Witch's Curse
PS_AIO_06_B209a-m_SW_Min
Puppet Show: Souls of the Innocent Collector's Edition
PuppetShow: Mystery of Joyville ™
Pure Hidden
Puzzle Quest
Puzzle Solitaire
QuickTime
Rainbow Web 2
RainbowMystery (remove only)
Rainbowweb (remove only)
Rainbowweb2 (remove only)
Rainforest Adventure
Real Bowling
Real Crimes(TM) - Jack the Ripper
Real Poker
Realtek High Definition Audio Driver
Redemption Cemetery: Curse of the Raven Collector's Edition
Redrum ™
Reincarnations: Awakening
Reincarnations: Uncover the Past Collector's Edition
Relic Hunt
Rhapsody MP3 Download Manager
Riddle of the Sphinx
Righteous Kill - Revenge of the Poet Killer
Robin's Quest: A Legend Born
Romance of Rome (remove only)
Romancing the Seven Wonders: Great Pyramids
Romancing the Seven Wonders: Taj Mahal
Rome Puzzle
Rome: Curse of the Necklace
Route 66
Roxio Burn
Roxio Update Manager
Royal Trouble
RunAlyzer
Runes of Magic
Safari
Samantha Swift and the Fountains of Fate
Samantha Swift and the Fountains of Youth (remove only)
Samantha Swift and the Golden Touch
Samantha Swift and the Hidden Roses of Athena
Samantha Swift: Mystery From Atlantis
Sarah Maribu and the Lost World
Scan
Season Match 2
Season of Mystery - The Cherry Blossom Murders
Secret Mission: The Forgotten Island
Secrets of the Dragon Wheel
Secrets of the Vatican - The Holy Lance
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Shadow Wolf Mysteries: Curse of the Full Moon Collector's Edition
Shaolin Mystery: Tale of the Jade Dragon Staff
Sherlock Holmes - The Awakened - Remastered
Sherlock Holmes and the Hound of the Baskervilles Collector's Edition
Sherlock Holmes versus Jack the Ripper
Sherlock Holmes: The Hound of the Baskervilles Collector's Edition
Sherlock Holmes: The Mystery of the Persian Carpet
Shutter Island
Sinister City
Skymist - The Lost Spirit Stones
Slotwords
SmartWebPrinting
Snapshot Adventures - Secret of Bird Island
Snark Busters: Welcome to the Club
Software Informer 1.0 BETA
SolutionCenter
Spirit of Wandering - The Legend
Spirit Seasons: Little Ghost Story
Splash
Sprill - The Mystery of The Bermuda Triangle
Sprill (remove only)
Spybot - Search & Destroy
StarBurn Version 12r10 (Build 0x20091021)
Status
Strange Cases: The Tarot Card Mystery
Stray Souls: Dollhouse Story Collector's Edition
Sunset Studio - Love on the High Seas
Super Collapse! II
Super TextTwist
Swag Bucks Toolbar
Syberia II
System Requirements Lab for Intel
Tahiti Hidden Pearls (remove only)
Tales of Monkey Island - Launch of the Screaming Narwhal
Tamara the 13th
The Clockwork Man
The Clockwork Man - The Hidden World Premium Edition
The Conjurer
The Count of Monte Cristo
The Curse of the Ring
The Dark Hills of Cherai
The Dragon Dance
The Enchanted Kingdom - Elisa's Adventure
The Enchanting Islands
The Fall Trilogy Chapter 2: Reconstruction
The Fall Trilogy: Chapter 1
The Heritage
The Hidden Prophecies of Nostradamus (remove only)
The Institute - A Becky Brogan Adventure
The Legend of El Dorado
The Lost Cases of 221B Baker St.
The Magician's Handbook II - BlackLore
The Margrave Mysteries
The Mysterious Case of Dr. Jekyll and Mr. Hyde
The Mysterious Past of Gregory Phoenix
The Mystery of the Crystal Portal
The Mystery of the Crystal Portal: Beyond the Horizon
The Mystery of the Mary Celeste
The Mystery of the Mummy
The Rise of Atlantis
The Seawise Chronicles: Untamed Legacy
The Secret Legacy: A Kate Brooks Adventure
The Secret of the Silver Earring
The Secrets of Da Vinci
The Serpent of Isis ™
The Stroke of Midnight
The Sultan's Labyrinth: A Royal Sacrifice
The Tarot's Misfortune
The Time Machine - Trapped in Time
The Treasures of Montezuma 2
The Treasures of Mystery Island: The Gates of Fate
The Tudors
Tibet Quest
Tiger Eye - Part I: Curse of the Riddle Box
Time Mysteries: Inheritance
Tinseltown Dreams - The 50's
Toolbar - Big Fish Games
Toolbox
Trapped the Abduction (remove only)
TrayApp
Treasure Seekers: Follow the Ghosts
Treasure Seekers: The Enchanted Canvases
Treasure Seekers: The Time Has Come Collector's Edition
Treasure Seekers: Visions of Gold ™
Treasures of the Ancient Cavern
Trinklit (remove only)
Tropical Fish Shop
Tropix(TM) 2 - The Quest For the Golden Banana
Tulula: Legend of a Vulcano
Twisted Lands: Shadow Town Collector's Edition
Twisted: A Haunted Carol
Underwater Puzzle
Vampire Brides - Love over Death
Vampire Romance
Vampire Saga: Pandora's Box
Vampireville
Veronica Rivers: Portals to the Unknown ™
Veronica Rivers: The Order Of Conspiracy
Vesuvia Beta
Virtual Villagers
Virtual Villagers - The Secret City
VIVA MEDIA GAME CENTER
Web Games Player Plugin
WebReg
Wedding Dash
Welcome Center
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Wisegal
Wizard's Hat
Women's Murder Club Death in Scarlet (remove only)
Word Slinger
World Adventure
World of Kuros(TM) Bundle
World Voyage (remove only)
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
Yahtzee Download Edition
Youda Legend Pack
Youda Survivor - Survey Version

==== End Of File ===========================

Blade81
2011-02-18, 17:41
Hi,

Post contents of c:\ComboFix.txt file and then do the following.

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

cathylm
2011-02-20, 00:17
Hi Blade 81 - I'm going to have to submit the logs into two replies. It's too long. Here is the TSSKiller Log.

2011/02/19 16:11:09.0325 4104 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/19 16:11:10.0339 4104 ================================================================================
2011/02/19 16:11:10.0339 4104 SystemInfo:
2011/02/19 16:11:10.0339 4104
2011/02/19 16:11:10.0339 4104 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/19 16:11:10.0339 4104 Product type: Workstation
2011/02/19 16:11:10.0339 4104 ComputerName: CAT-PC
2011/02/19 16:11:10.0339 4104 UserName: cat
2011/02/19 16:11:10.0339 4104 Windows directory: C:\Windows
2011/02/19 16:11:10.0339 4104 System windows directory: C:\Windows
2011/02/19 16:11:10.0339 4104 Running under WOW64
2011/02/19 16:11:10.0339 4104 Processor architecture: Intel x64
2011/02/19 16:11:10.0339 4104 Number of processors: 4
2011/02/19 16:11:10.0339 4104 Page size: 0x1000
2011/02/19 16:11:10.0339 4104 Boot type: Normal boot
2011/02/19 16:11:10.0339 4104 ================================================================================
2011/02/19 16:11:10.0823 4104 Initialize success
2011/02/19 16:11:19.0450 1592 ================================================================================
2011/02/19 16:11:19.0450 1592 Scan started
2011/02/19 16:11:19.0450 1592 Mode: Manual;
2011/02/19 16:11:19.0450 1592 ================================================================================
2011/02/19 16:11:19.0793 1592 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/19 16:11:19.0809 1592 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/19 16:11:19.0840 1592 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/19 16:11:19.0918 1592 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/19 16:11:19.0949 1592 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/19 16:11:19.0980 1592 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/19 16:11:20.0027 1592 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/19 16:11:20.0058 1592 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/19 16:11:20.0074 1592 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/19 16:11:20.0089 1592 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/19 16:11:20.0105 1592 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/19 16:11:20.0121 1592 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/19 16:11:20.0167 1592 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/19 16:11:20.0183 1592 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/19 16:11:20.0214 1592 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/19 16:11:20.0261 1592 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/19 16:11:20.0401 1592 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/19 16:11:20.0464 1592 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/19 16:11:20.0526 1592 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/19 16:11:20.0557 1592 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/19 16:11:20.0589 1592 atksgt (64f07381335e37c142f6d176705ffca6) C:\Windows\system32\DRIVERS\atksgt.sys
2011/02/19 16:11:20.0667 1592 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/19 16:11:20.0760 1592 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/19 16:11:20.0807 1592 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/19 16:11:20.0901 1592 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
2011/02/19 16:11:20.0932 1592 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/19 16:11:20.0963 1592 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/19 16:11:20.0979 1592 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/19 16:11:21.0025 1592 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/19 16:11:21.0057 1592 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/19 16:11:21.0088 1592 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/19 16:11:21.0119 1592 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/19 16:11:21.0135 1592 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/19 16:11:21.0166 1592 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/19 16:11:21.0291 1592 ccHP (1b79efc84b924a6932bb9d2a549de5c9) C:\Windows\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
2011/02/19 16:11:21.0322 1592 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/19 16:11:21.0369 1592 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/19 16:11:21.0415 1592 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/19 16:11:21.0462 1592 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/19 16:11:21.0509 1592 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/19 16:11:21.0556 1592 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/19 16:11:21.0603 1592 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/19 16:11:21.0634 1592 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/19 16:11:21.0681 1592 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/19 16:11:21.0712 1592 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/19 16:11:21.0759 1592 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/19 16:11:21.0774 1592 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/19 16:11:21.0805 1592 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/19 16:11:21.0868 1592 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/02/19 16:11:21.0946 1592 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/02/19 16:11:22.0008 1592 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/02/19 16:11:22.0086 1592 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/19 16:11:22.0149 1592 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/19 16:11:22.0227 1592 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
2011/02/19 16:11:22.0320 1592 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/19 16:11:22.0492 1592 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/02/19 16:11:22.0632 1592 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/19 16:11:22.0726 1592 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/02/19 16:11:22.0757 1592 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/19 16:11:22.0804 1592 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/19 16:11:22.0866 1592 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/19 16:11:22.0897 1592 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/19 16:11:22.0944 1592 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/19 16:11:22.0960 1592 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/19 16:11:22.0991 1592 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/19 16:11:23.0038 1592 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/19 16:11:23.0069 1592 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/19 16:11:23.0131 1592 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/02/19 16:11:23.0209 1592 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/19 16:11:23.0272 1592 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/19 16:11:23.0319 1592 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/19 16:11:23.0381 1592 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/19 16:11:23.0428 1592 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/19 16:11:23.0459 1592 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/19 16:11:23.0506 1592 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/19 16:11:23.0521 1592 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/02/19 16:11:23.0537 1592 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/19 16:11:23.0584 1592 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/19 16:11:23.0615 1592 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/19 16:11:23.0662 1592 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/19 16:11:23.0709 1592 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/19 16:11:23.0771 1592 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/19 16:11:23.0787 1592 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/19 16:11:23.0818 1592 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/19 16:11:23.0896 1592 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
2011/02/19 16:11:23.0911 1592 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/19 16:11:24.0145 1592 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110218.003\IDSvia64.sys
2011/02/19 16:11:24.0348 1592 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/02/19 16:11:24.0567 1592 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/19 16:11:24.0645 1592 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/19 16:11:24.0691 1592 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/02/19 16:11:24.0707 1592 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/19 16:11:24.0738 1592 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/19 16:11:24.0769 1592 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/19 16:11:24.0801 1592 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/19 16:11:24.0832 1592 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/19 16:11:24.0879 1592 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/19 16:11:24.0925 1592 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/19 16:11:24.0957 1592 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/19 16:11:25.0050 1592 JRAID (2224abc439d115a44edb5630a92c1d7e) C:\Windows\system32\DRIVERS\jraid.sys
2011/02/19 16:11:25.0081 1592 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/19 16:11:25.0113 1592 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/19 16:11:25.0128 1592 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/19 16:11:25.0175 1592 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/19 16:11:25.0206 1592 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/19 16:11:25.0284 1592 lirsgt (83ba097acaad0b00505634a62d90f93a) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/02/19 16:11:25.0331 1592 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/19 16:11:25.0362 1592 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/19 16:11:25.0393 1592 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/19 16:11:25.0425 1592 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/19 16:11:25.0471 1592 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/19 16:11:25.0503 1592 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/19 16:11:25.0518 1592 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/19 16:11:25.0565 1592 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/19 16:11:25.0659 1592 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/19 16:11:25.0705 1592 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/19 16:11:25.0737 1592 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/19 16:11:25.0752 1592 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/19 16:11:25.0768 1592 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/19 16:11:25.0783 1592 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/19 16:11:25.0815 1592 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/19 16:11:25.0846 1592 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/19 16:11:25.0893 1592 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/19 16:11:25.0908 1592 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/19 16:11:25.0955 1592 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/19 16:11:25.0971 1592 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/19 16:11:25.0986 1592 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/19 16:11:26.0033 1592 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/19 16:11:26.0049 1592 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/19 16:11:26.0080 1592 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/19 16:11:26.0127 1592 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/19 16:11:26.0158 1592 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/19 16:11:26.0173 1592 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/19 16:11:26.0220 1592 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/19 16:11:26.0236 1592 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/19 16:11:26.0251 1592 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/19 16:11:26.0283 1592 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/19 16:11:26.0329 1592 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/19 16:11:26.0376 1592 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/19 16:11:26.0563 1592 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110219.002\ENG64.SYS
2011/02/19 16:11:26.0673 1592 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110219.002\EX64.SYS
2011/02/19 16:11:26.0735 1592 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/19 16:11:26.0766 1592 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/19 16:11:26.0813 1592 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/19 16:11:26.0844 1592 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/19 16:11:26.0891 1592 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/19 16:11:26.0922 1592 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/19 16:11:26.0953 1592 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/19 16:11:26.0969 1592 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/19 16:11:27.0016 1592 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/19 16:11:27.0047 1592 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/19 16:11:27.0078 1592 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/19 16:11:27.0125 1592 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/19 16:11:27.0156 1592 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/19 16:11:27.0187 1592 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/19 16:11:27.0219 1592 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/19 16:11:27.0250 1592 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/19 16:11:27.0297 1592 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/19 16:11:27.0359 1592 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/19 16:11:27.0390 1592 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/19 16:11:27.0437 1592 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/19 16:11:27.0468 1592 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/19 16:11:27.0499 1592 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/19 16:11:27.0546 1592 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/19 16:11:27.0609 1592 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/19 16:11:27.0718 1592 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/19 16:11:27.0733 1592 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/19 16:11:27.0796 1592 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/19 16:11:27.0843 1592 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/02/19 16:11:27.0921 1592 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/19 16:11:27.0983 1592 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/19 16:11:28.0030 1592 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/19 16:11:28.0061 1592 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/19 16:11:28.0092 1592 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/19 16:11:28.0108 1592 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/19 16:11:28.0139 1592 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/19 16:11:28.0155 1592 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/19 16:11:28.0170 1592 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/19 16:11:28.0201 1592 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/19 16:11:28.0233 1592 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/19 16:11:28.0264 1592 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/19 16:11:28.0295 1592 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/19 16:11:28.0311 1592 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/19 16:11:28.0342 1592 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/19 16:11:28.0389 1592 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/19 16:11:28.0482 1592 SbieDrv (b7e1ff02c6a9bcde9a34de801e379844) C:\Program Files\Sandboxie\SbieDrv.sys
2011/02/19 16:11:28.0513 1592 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/19 16:11:28.0576 1592 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/19 16:11:28.0638 1592 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/19 16:11:28.0669 1592 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/19 16:11:28.0701 1592 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/19 16:11:28.0747 1592 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/19 16:11:28.0794 1592 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/19 16:11:28.0810 1592 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/19 16:11:28.0841 1592 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/19 16:11:28.0872 1592 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/19 16:11:28.0919 1592 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/19 16:11:28.0950 1592 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/19 16:11:28.0997 1592 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/19 16:11:29.0044 1592 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/19 16:11:29.0106 1592 sptd (131575cdf93fdf365de107d0242e52d8) C:\Windows\system32\Drivers\sptd.sys
2011/02/19 16:11:29.0106 1592 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 131575cdf93fdf365de107d0242e52d8
2011/02/19 16:11:29.0122 1592 sptd - detected Locked file (1)
2011/02/19 16:11:29.0200 1592 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
2011/02/19 16:11:29.0247 1592 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
2011/02/19 16:11:29.0293 1592 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/19 16:11:29.0356 1592 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/19 16:11:29.0403 1592 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/19 16:11:29.0481 1592 StarPortLite (415205b445c60b09e779f78d6df25667) C:\Windows\system32\DRIVERS\StarPortLite.sys
2011/02/19 16:11:29.0512 1592 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/19 16:11:29.0559 1592 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/19 16:11:29.0605 1592 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
2011/02/19 16:11:29.0683 1592 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/02/19 16:11:29.0746 1592 SYMFW (6320bf296b62d324890866a13a296fc0) C:\Windows\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
2011/02/19 16:11:29.0777 1592 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/02/19 16:11:29.0793 1592 SYMNDISV (21dcc664a1e0af7bf4c8aded8c9ff9d5) C:\Windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
2011/02/19 16:11:29.0808 1592 SYMTDI (56a1cb71b8bb7ba9c41d2c9706df43cd) C:\Windows\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
2011/02/19 16:11:29.0902 1592 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/19 16:11:30.0042 1592 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/19 16:11:30.0105 1592 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/19 16:11:30.0136 1592 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/19 16:11:30.0167 1592 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/19 16:11:30.0198 1592 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/19 16:11:30.0214 1592 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/19 16:11:30.0276 1592 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/19 16:11:30.0339 1592 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/19 16:11:30.0354 1592 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/19 16:11:30.0370 1592 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/19 16:11:30.0417 1592 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/19 16:11:30.0432 1592 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/19 16:11:30.0463 1592 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/19 16:11:30.0495 1592 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/19 16:11:30.0510 1592 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/19 16:11:30.0541 1592 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/19 16:11:30.0557 1592 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/19 16:11:30.0573 1592 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/19 16:11:30.0604 1592 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/19 16:11:30.0651 1592 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/19 16:11:30.0729 1592 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/19 16:11:30.0760 1592 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/19 16:11:30.0807 1592 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/19 16:11:30.0838 1592 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/19 16:11:30.0869 1592 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/19 16:11:30.0885 1592 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/19 16:11:30.0900 1592 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/19 16:11:30.0931 1592 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/19 16:11:30.0947 1592 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/19 16:11:30.0978 1592 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/19 16:11:30.0994 1592 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/19 16:11:31.0025 1592 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/19 16:11:31.0056 1592 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/19 16:11:31.0087 1592 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/19 16:11:31.0103 1592 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/19 16:11:31.0134 1592 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/19 16:11:31.0181 1592 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/19 16:11:31.0228 1592 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/19 16:11:31.0243 1592 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/19 16:11:31.0337 1592 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/19 16:11:31.0368 1592 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/19 16:11:31.0399 1592 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/19 16:11:31.0415 1592 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/19 16:11:31.0509 1592 ================================================================================
2011/02/19 16:11:31.0509 1592 Scan finished
2011/02/19 16:11:31.0509 1592 ================================================================================
2011/02/19 16:11:31.0509 4000 Detected object count: 1
2011/02/19 16:11:42.0195 4000 Locked file(sptd) - User select action: Skip

cathylm
2011-02-20, 00:23
Here is the other log. I ran into problems after I ran this one. I couldn't get any programs to run etc. I got this message that said it wasn't working or stopped working or wasn't found. I forgot exactly. I was trying to get the location. It's C:\Windows\System\32\GfxUI/exe. I had to reinstall firefox, I couldn't pull up anything with IE. It was all crazy.

ComboFix 11-02-19.01 - cat 02/19/2011 14:54:04.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4364 [GMT -6:00]
Running from: c:\users\cat\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Security Suite *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))))
.

2011-02-19 21:14 . 2011-02-19 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-19 20:51 . 2011-02-19 20:51 -------- d-----w- C:\32788R22FWJFW
2011-02-18 15:17 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{970D68B7-7C49-4395-9741-D2B790C066B2}\mpengine.dll
2011-02-18 03:57 . 2011-02-18 03:58 -------- d-----w- c:\program files (x86)\Maestro - Music of Death Collector's Edition
2011-02-17 01:28 . 2011-02-17 01:28 -------- d-----w- c:\program files (x86)\ConduitEngine
2011-02-17 01:28 . 2011-02-17 01:28 -------- d-----w- c:\program files (x86)\Swag_Bucks
2011-02-13 06:29 . 2011-02-13 06:29 -------- d-----w- c:\users\cat\AppData\Roaming\WhiteBirdsProductions
2011-02-12 15:18 . 2011-02-12 15:21 -------- d-----w- c:\users\cat\AppData\Roaming\Dying for Daylight Shared
2011-02-12 15:18 . 2011-02-12 15:18 -------- d-----w- c:\users\cat\AppData\Roaming\Dying for Daylight
2011-02-12 14:18 . 2011-02-12 14:19 -------- d-----w- c:\program files (x86)\Dying_for_Daylight
2011-02-12 01:00 . 2011-02-12 01:00 -------- d-----w- c:\program files (x86)\bfgbartb
2011-02-12 00:59 . 2011-02-12 00:59 941920 ----a-w- c:\users\cat\bfgtb_2.1.0.13.exe
2011-02-12 00:36 . 2011-02-12 00:36 -------- d-----w- c:\program files (x86)\Feedback Tool
2011-02-11 18:43 . 2011-02-11 18:43 -------- d-----w- c:\users\cat\AppData\Roaming\Oberon Media
2011-02-11 18:43 . 2011-02-11 18:43 -------- d-----w- c:\programdata\GamesBar
2011-02-11 18:43 . 2011-02-11 18:43 -------- d-----w- c:\programdata\Oberon Media
2011-02-10 15:40 . 2011-02-10 15:40 -------- d-----w- c:\program files (x86)\Stray Souls - Dollhouse Story Collector's Edition
2011-02-10 03:31 . 2011-02-10 03:32 -------- d-----w- c:\program files (x86)\The Secret Legacy - A Kate Brooks Adventure
2011-02-08 20:44 . 2011-02-08 20:45 -------- d-----w- c:\program files (x86)\Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue
2011-02-02 13:55 . 2011-02-02 13:55 -------- d-----w- c:\users\cat\AppData\Roaming\Malwarebytes
2011-02-02 13:55 . 2011-02-02 13:55 -------- d-----w- c:\programdata\Malwarebytes
2011-02-02 13:55 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-02 13:55 . 2011-02-02 19:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-02 13:55 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 00:50 . 2011-02-18 03:54 -------- d-----w- c:\program files (x86)\ERUNT
2011-01-29 07:02 . 2011-01-29 07:02 -------- d-----w- c:\users\cat\AppData\Roaming\CursedOnboard
2011-01-27 11:52 . 2011-01-27 11:54 -------- d-----w- c:\program files (x86)\Shadow Wolf Mysteries - Curse of the Full Moon Collector's Edition
2011-01-26 04:40 . 2011-01-26 04:40 -------- d-----w- c:\users\cat\AppData\Roaming\TikisLab
2011-01-22 17:39 . 2011-01-22 17:39 -------- d-----w- c:\program files (x86)\Spirit Seasons - Little Ghost Story
2011-01-22 17:38 . 2011-01-22 17:38 -------- d-----w- c:\programdata\McAfee
2011-01-22 17:29 . 2011-02-17 01:28 -------- d-----w- c:\users\cat\AppData\Roaming\HPAppData
2011-01-22 17:29 . 2011-01-22 17:29 -------- d-----w- c:\program files (x86)\Haunted Hotel II - Believe the Lies
2011-01-22 04:47 . 2011-01-22 17:41 -------- d-----w- c:\program files (x86)\The Stroke of Midnight
2011-01-21 14:30 . 2011-01-21 14:30 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-01-21 14:30 . 2011-01-21 14:30 -------- d-----w- c:\users\cat\AppData\Roaming\SystemRequirementsLab
2011-01-21 02:19 . 2011-01-21 02:20 -------- d-----w- c:\program files (x86)\Treasure Seekers - The Time Has Come Collector's Edition

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2011-02-05_00.16.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-09 11:30 . 2010-12-21 05:38 51200 c:\windows\SysWOW64\wscapi.dll
+ 2011-02-09 11:30 . 2010-12-21 05:38 14336 c:\windows\SysWOW64\slwga.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 11776 c:\windows\SysWOW64\mshta.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 10240 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 64512 c:\windows\SysWOW64\jsproxy.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 78848 c:\windows\SysWOW64\inseng.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 35840 c:\windows\SysWOW64\imgutil.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 74752 c:\windows\SysWOW64\iesetup.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 66048 c:\windows\SysWOW64\icardie.dll
+ 2011-02-09 11:30 . 2010-12-21 05:34 80384 c:\windows\SysWOW64\davclnt.dll
+ 2009-07-14 04:54 . 2011-02-19 21:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-02-02 02:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-02-19 21:18 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-02 02:13 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-02 02:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-19 21:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-09 11:30 . 2011-01-07 07:27 34304 c:\windows\SysWOW64\atmlib.dll
- 2010-12-15 23:11 . 2010-10-20 04:54 34304 c:\windows\SysWOW64\atmlib.dll
+ 2011-02-09 11:30 . 2010-12-21 06:16 97280 c:\windows\system32\wscsvc.dll
- 2009-07-13 23:48 . 2009-07-14 01:41 97280 c:\windows\system32\wscsvc.dll
+ 2011-02-09 11:30 . 2010-12-21 06:16 62976 c:\windows\system32\wscapi.dll
+ 2009-11-16 10:00 . 2011-02-19 21:20 50284 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-19 21:20 36020 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-01-30 23:40 . 2011-02-02 02:16 10122 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-718865605-1680525341-3695622365-1000_UserData.bin
+ 2010-01-30 23:40 . 2011-02-19 20:45 10122 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-718865605-1680525341-3695622365-1000_UserData.bin
+ 2011-02-09 11:30 . 2010-12-21 06:15 15360 c:\windows\system32\slwga.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 65024 c:\windows\system32\pngfilt.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 48640 c:\windows\system32\mshtmler.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 96256 c:\windows\system32\mshtmled.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 12288 c:\windows\system32\mshta.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 10240 c:\windows\system32\msfeedssync.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 30720 c:\windows\system32\licmgr10.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 85504 c:\windows\system32\jsproxy.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 49664 c:\windows\system32\imgutil.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 85504 c:\windows\system32\iesetup.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 39936 c:\windows\system32\iernonce.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 89088 c:\windows\system32\ie4uinit.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 82432 c:\windows\system32\icardie.dll
- 2009-12-07 14:17 . 2011-02-04 00:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-07 14:17 . 2011-02-19 20:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-07 14:17 . 2011-02-19 20:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-07 14:17 . 2011-02-04 00:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-19 20:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-04 00:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-15 23:11 . 2010-10-20 05:20 46080 c:\windows\system32\atmlib.dll
+ 2011-02-09 11:30 . 2011-01-07 08:06 46080 c:\windows\system32\atmlib.dll
- 2010-02-26 19:46 . 2011-02-02 02:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-26 19:46 . 2011-02-11 19:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-02-19 20:47 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-02-26 19:46 . 2011-02-11 19:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-26 19:46 . 2011-02-02 02:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-26 19:46 . 2011-02-02 02:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-26 19:46 . 2011-02-11 19:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-30 23:37 . 2011-02-02 02:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-30 23:37 . 2011-02-19 20:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-30 23:37 . 2011-02-19 20:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-30 23:37 . 2011-02-02 02:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-02 02:13 . 2011-02-02 02:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-19 21:18 . 2011-02-19 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-02 02:13 . 2011-02-02 02:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-19 21:18 . 2011-02-19 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-09 11:30 . 2010-12-21 05:38 350720 c:\windows\SysWOW64\winhttp.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 152064 c:\windows\SysWOW64\wextract.exe
+ 2011-02-09 11:30 . 2010-12-21 05:38 204800 c:\windows\SysWOW64\WebClnt.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 203776 c:\windows\SysWOW64\webcheck.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 420864 c:\windows\SysWOW64\vbscript.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 231936 c:\windows\SysWOW64\url.dll
+ 2011-02-09 11:30 . 2010-12-21 05:38 204288 c:\windows\SysWOW64\upnp.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 123392 c:\windows\SysWOW64\occache.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 162304 c:\windows\SysWOW64\msrating.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 161280 c:\windows\SysWOW64\msls31.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 580096 c:\windows\SysWOW64\msfeeds.dll
- 2009-07-13 23:35 . 2009-07-14 01:15 541184 c:\windows\SysWOW64\kerberos.dll
+ 2011-02-09 11:30 . 2010-12-18 05:29 541184 c:\windows\SysWOW64\kerberos.dll
- 2010-02-24 03:17 . 2009-12-02 08:17 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 150528 c:\windows\SysWOW64\iexpress.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2010-12-15 23:11 . 2010-11-04 05:48 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 117760 c:\windows\SysWOW64\iepeers.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 356664 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 223744 c:\windows\SysWOW64\dxtrans.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 353792 c:\windows\SysWOW64\dxtmsft.dll
- 2010-01-31 23:24 . 2011-02-02 02:13 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-31 23:24 . 2011-02-19 21:18 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-02-09 11:30 . 2011-01-07 05:33 294400 c:\windows\SysWOW64\atmfd.dll
- 2010-12-15 23:11 . 2010-10-20 02:58 294400 c:\windows\SysWOW64\atmfd.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 101888 c:\windows\SysWOW64\admparse.dll
+ 2011-02-09 11:30 . 2010-12-21 06:16 214016 c:\windows\system32\winsrv.dll
- 2009-07-13 23:38 . 2009-07-14 01:41 214016 c:\windows\system32\winsrv.dll
+ 2011-02-09 11:30 . 2010-12-21 06:16 442880 c:\windows\system32\winhttp.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 160256 c:\windows\system32\wextract.exe
+ 2011-02-09 11:30 . 2010-12-21 06:16 258048 c:\windows\system32\WebClnt.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 249344 c:\windows\system32\webcheck.dll
+ 2010-01-31 01:58 . 2011-02-19 20:17 315862 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-02-12 00:43 . 2011-02-12 00:43 603648 c:\windows\system32\vbscript.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 236544 c:\windows\system32\url.dll
+ 2011-02-09 11:30 . 2010-12-21 06:15 264192 c:\windows\system32\upnp.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 149504 c:\windows\system32\occache.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 197120 c:\windows\system32\msrating.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 696832 c:\windows\system32\msfeeds.dll
+ 2011-02-09 11:30 . 2010-12-18 06:11 714752 c:\windows\system32\kerberos.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 817664 c:\windows\system32\jscript.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 103936 c:\windows\system32\inseng.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 165888 c:\windows\system32\iexpress.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 173056 c:\windows\system32\ieUnatt.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 248320 c:\windows\system32\ieui.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 111616 c:\windows\system32\iesysprep.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 145408 c:\windows\system32\iepeers.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 406840 c:\windows\system32\iedkcs32.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 163840 c:\windows\system32\ieakui.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 267776 c:\windows\system32\ieaksie.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 160256 c:\windows\system32\ieakeng.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 135168 c:\windows\system32\IEAdvpack.dll
- 2009-07-14 04:45 . 2010-12-16 09:39 544016 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-02-10 09:37 544016 c:\windows\system32\FNTCACHE.DAT
+ 2011-02-12 00:43 . 2011-02-12 00:43 282624 c:\windows\system32\dxtrans.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 453632 c:\windows\system32\dxtmsft.dll
+ 2011-02-09 11:30 . 2011-01-26 06:53 265088 c:\windows\system32\drivers\dxgmms1.sys
- 2011-01-12 15:42 . 2010-11-02 05:21 982912 c:\windows\system32\drivers\dxgkrnl.sys
+ 2011-02-09 11:30 . 2011-01-26 06:53 982912 c:\windows\system32\drivers\dxgkrnl.sys
+ 2011-02-09 11:30 . 2010-12-21 06:10 100864 c:\windows\system32\davclnt.dll
+ 2011-02-09 11:30 . 2011-01-26 06:31 144384 c:\windows\system32\cdd.dll
- 2011-01-12 15:42 . 2010-11-02 04:59 144384 c:\windows\system32\cdd.dll
+ 2011-02-09 11:30 . 2011-01-07 05:49 366080 c:\windows\system32\atmfd.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 114176 c:\windows\system32\admparse.dll
+ 2009-07-14 05:01 . 2011-02-19 21:17 496652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-02-02 02:12 496652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-01-24 21:32 . 2011-02-02 02:01 496652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-718865605-1680525341-3695622365-1000-8192.dat
+ 2011-01-24 21:32 . 2011-02-11 19:11 496652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-718865605-1680525341-3695622365-1000-8192.dat
+ 2011-02-12 00:43 . 2011-02-12 00:43 1125376 c:\windows\SysWOW64\wininet.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 1098240 c:\windows\SysWOW64\urlmon.dll
+ 2011-02-09 11:30 . 2010-10-27 04:43 3901824 c:\windows\SysWOW64\ntoskrnl.exe
+ 2011-02-09 11:30 . 2010-10-27 04:43 3957120 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2011-02-09 11:30 . 2010-10-27 04:40 1293120 c:\windows\SysWOW64\ntdll.dll
+ 2011-02-09 11:30 . 2010-12-21 05:36 1389568 c:\windows\SysWOW64\msxml6.dll
+ 2011-02-09 11:30 . 2010-12-21 05:36 1236992 c:\windows\SysWOW64\msxml3.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 1791488 c:\windows\SysWOW64\jscript9.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 1784832 c:\windows\SysWOW64\iertutil.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 9593344 c:\windows\SysWOW64\ieframe.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2011-02-12 00:43 . 2011-02-12 00:43 1387520 c:\windows\system32\wininet.dll
+ 2011-02-09 11:30 . 2011-01-05 04:00 3127808 c:\windows\system32\win32k.sys
+ 2011-02-12 00:43 . 2011-02-12 00:43 1339392 c:\windows\system32\urlmon.dll
+ 2011-02-09 11:30 . 2010-10-27 05:18 5510528 c:\windows\system32\ntoskrnl.exe
+ 2011-02-09 11:30 . 2010-10-27 05:16 1739176 c:\windows\system32\ntdll.dll
+ 2011-02-09 11:30 . 2010-12-21 06:13 2003968 c:\windows\system32\msxml6.dll
+ 2011-02-09 11:30 . 2010-12-21 06:13 1880576 c:\windows\system32\msxml3.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 2272768 c:\windows\system32\jscript9.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 2136064 c:\windows\system32\iertutil.dll
+ 2011-02-12 00:43 . 2011-02-12 00:43 3695416 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2011-02-19 20:46 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-01-29 15:28 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-02-12 00:36 . 2011-02-12 00:36 1994752 c:\windows\Installer\1286d8b.msi
+ 2010-01-31 05:34 . 2011-02-11 19:07 7873024 c:\windows\Downloaded Installations\{BF9A5F93-0556-477E-951D-21856805F9EB}\CA Pest Patrol Realtime Protection.msi
- 2010-01-31 05:34 . 2010-07-26 20:24 7873024 c:\windows\Downloaded Installations\{BF9A5F93-0556-477E-951D-21856805F9EB}\CA Pest Patrol Realtime Protection.msi
+ 2011-02-12 00:43 . 2011-02-12 00:43 12213760 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2011-02-04 20:53 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-02-19 21:00 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-02-12 00:43 . 2011-02-12 00:43 17700352 c:\windows\system32\mshtml.dll
+ 2010-01-31 22:23 . 2011-02-10 09:02 39403464 c:\windows\system32\MRT.exe
+ 2011-02-12 00:43 . 2011-02-12 00:43 10772480 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\tbSwag.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{164d3751-cac6-4a6d-becd-ea67df61d232}]
2010-12-22 14:39 265176 ----a-w- c:\program files (x86)\comcasttb\auxi\comcastAu.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 18:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2010-12-09 18:51 3911776 ----a-w- c:\program files (x86)\Swag_Bucks\tbSwag.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\tbSwag.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-05-16 213936]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]
"Jenkat Arcade"="c:\users\cat\AppData\Roaming\Jenkat\Jenkat Games Arcade\notifyapp.exe" [2010-04-11 524288]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-16 39408]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-08-09 565480]
"SearchEngineProtection"="c:\program files (x86)\Gamesbar\SearchEngineProtection.exe" [2010-05-31 568312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

c:\users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\cat\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2010-12-2 2621952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ExpressPLNRnote.lnk - c:\program files (x86)\Creative Home\Hallmark Card Studio Express\Planner\PLNRnote.exe [2006-1-16 28200]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
OfficeSAS.lnk - c:\program files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-9-26 202648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R2 Third_Party_Install.exe;Your Service;c:\program files (x86)\Youdagames\Jade Rousseau - The Fall of Sant Antonio\Third_Party_Install.exe [2010-07-02 301153]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4924336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-21 867824]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS [2010-01-30 402992]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys [2010-01-30 334384]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360x64\0308000.029\ccHPx64.sys [2010-01-30 583296]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110218.003\IDSvia64.sys [2010-11-09 476792]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2009-03-02 118888]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 iWinTrusted;iWinTrusted;c:\program files (x86)\iWin Games\iWinTrusted.exe [2010-09-02 176408]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-01-30 117640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 132656]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 233984]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [2010-01-30 56880]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 00:06]

2011-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 00:06]

2011-02-19 c:\windows\Tasks\Norton Security Scan for cat.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-04 11:32]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-718865605-1680525341-3695622365-1000\Software\SecuROM\License information*]
"datasecu"=hex:2c,02,8e,2e,07,a7,99,83,0c,62,d7,e0,0c,91,b9,5c,4c,71,08,2b,13,
8b,a9,a5,e5,80,b3,28,35,07,69,dc,e1,90,27,77,8a,45,cc,a2,4b,9b,8d,db,c9,62,\
"rkeysecu"=hex:11,b9,26,9b,3a,d9,3d,3b,ed,3f,c2,c2,5c,2e,85,0f

[HKEY_USERS\S-1-5-21-718865605-1680525341-3695622365-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):38,16,1b,b9,f6,24,cd,50,d8,87,7a,93,d2,36,aa,8d,04,a2,33,13,1a,
af,ab,ab,d3,dc,b1,ed,bb,e8,ec,0c,6d,1a,4a,36,1b,da,7a,20,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-718865605-1680525341-3695622365-1000_Classes\Wow6432Node\CLSID\{88d102dd-ea11-4789-8d33-c67bc35ce5da}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000124
"Therad"=dword:00000012

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2011-02-19 15:29:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-19 21:29
ComboFix2.txt 2011-02-05 00:18

Pre-Run: 818,285,289,472 bytes free
Post-Run: 817,972,211,712 bytes free

- - End Of File - - FBBCCD0FBAAF7AF8BA3E6AE41491895F

Blade81
2011-02-20, 13:11
Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:



@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0



Go to the File menu at the top of the Notepad and select Save as.
Select save in: desktop
Fill in File name: test.bat
Save as type: All file types (*.*)
Click save.
Close the Notepad.
Locate and double-click test.bat on the desktop.
A notepad opens, copy and paste the content it (log1.txt) to your reply.

cathylm
2011-02-20, 16:21
Hi Blade, Here is the latest log. Have I ever thanked you yet. Well in case, thank you.
Windows IP Configuration

Host Name . . . . . . . . . . . . : cat-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82578DC Gigabit Network Connection
Physical Address. . . . . . . . . : 90-FB-A6-2B-A1-D4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a042:a579:80b1:15c5%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, February 20, 2011 7:55:44 AM
Lease Expires . . . . . . . . . . : Monday, February 21, 2011 7:55:44 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 194050982
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AE-C3-BA-90-FB-A6-2B-A1-D4
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1F5C7C15-192B-4BC0-938E-2B980CCA38C1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:241f:180:bbcb:3d35(Preferred)
Link-local IPv6 Address . . . . . : fe80::241f:180:bbcb:3d35%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.104
72.14.204.147
72.14.204.103
72.14.204.99


Pinging google.com [72.14.204.99] with 32 bytes of data:
Reply from 72.14.204.99: bytes=32 time=39ms TTL=52
Reply from 72.14.204.99: bytes=32 time=40ms TTL=52

Ping statistics for 72.14.204.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 39ms, Maximum = 40ms, Average = 39ms
===========================================================================
Interface List
11...90 fb a6 2b a1 d4 ......Intel(R) 82578DC Gigabit Network Connection
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:241f:180:bbcb:3d35/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::241f:180:bbcb:3d35/128
On-link
11 276 fe80::a042:a579:80b1:15c5/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Blade81
2011-02-21, 11:07
Hi,

How was this system plugged into network again? Let me know what device ethernet cable is connected to.

cathylm
2011-02-22, 06:26
My computer is hooked up to a modem with the phone line and also has cable. Attached to that modem is a router I believe it's called for the computer in the bedroom. I rarely ever have the bedroom computer on.

Blade81
2011-02-22, 08:09
Hi,

I can't find any other possible cause behind redirections than hacked modem or router (infections can do this if device doesn't have custom password set). Both those devices should be resetted back to factory default state and then their passwords changed.

cathylm
2011-02-22, 23:56
My computer is part of a bundle package. I have the phone and internet hooked into a modem. I think the cable does too. But I believe the phone and internet are connected. I also have a router that runs into that modem as well for the computer in the bedroom. That has a USB stick and is rarely turned on. My internet service is provided by Comcast. Perhaps you may have some knowledge of the workings there.

I'm attaching a list of attempts to redirect my computer I think. I listed several dates and address lines. The first one I supplied with all the information Norton had listed on it. I can easily pull up the rest if you should need that. I hope maybe that will give a clue.

Today when I got in from work, my computer would not do anything. I tried to restart it and i with through the check file system. When it went to restart it listed some errors. I didn't get the blue screen, but the errors didn't seem to good. It suggested that I do a system restore to an earlier time. I haven't decided to do that yet. Not only am I have unsolicited browser pages load, my system locks up, etc.

Hopefully this info can help and thank you for you time.

Blade81
2011-02-23, 18:08
Hi,

Is it possible to plug modem directly to this system with symptoms (unplug router completely) and see if the issue still happens? We have to narrow down DNS changer possibility here.

cathylm
2011-02-24, 03:42
Hi - this morning I got up and my computer had shut down and then when I tried to restart it, it went through that check disk thing, errored out, went to a blue screen, etc. I finally did get it to pull back up. This afternoon I removed the router. I only have the computer plugged directly into the modem. I really didn't need internet for the bedroom computer. My boyfriend informed me for the first time that people around talk about how they can pick up the internet from us, the router I presume? Good to know, ha, ha. He has no idea about computers, NONE. I have tried to navigate around the internet to see if disconnecting router helped and so far I haven't had any problems like before. My computer isn't freezing up and hanging. It was off the browser too that I had problems. Now I'll run it a couple days and see how it behaves. I do need to get that check disk and blue screen taken care of. Priorities. I'll let you know more tomorrow. Thanks.

Blade81
2011-02-24, 07:53
Ok. Shall wait for the status update :)


people around talk about how they can pick up the internet from us, the router I presume?That's possible if router has WLAN enabled and not protected well enough.

cathylm
2011-02-27, 18:25
Hi Blade, I've given the browsing issue a really fair shake. The good news is that I no longer experience the second browser popping up uninvited. I've elected to leave the router off since I really don't use the other computer. I think it's best to leave well enough alone, haha.

I'm still experiencing the browser freeze though not the the same extent. I also have still been experiencing the nightly computer shut down (not by me) and the reboot disk check and blue screen. I decided to try and use the sleep mode and that seems to help. I'm not having to go through all the disk check and blue screen. I'm not sure what to do about this problem or problems.

Soooo, even though it's much better, I don't feel I'm quite out of the woods yet.

Blade81
2011-02-28, 07:47
Hi,

If you're going to use that router you have to restore it back to factory default state first and then change its password (both should be instructed in router manual).

Those remaining problems may all be related to same, non malware thing. Run disk check (http://windows.microsoft.com/en-US/windows-vista/Check-your-hard-disk-for-errors). What error message does it show in bluescreen window?

cathylm
2011-03-02, 22:37
I ran the disk check and it came up with nothing. No error messages at all. I did find where you can view performance details in event logs. I have been trying to figure a way that I can capture the complete chosen section for you to view. It's almost a daily thing from multiple warnings to critical. I did manage to capture a blue screen log from one previous to contacting Safer Networking.

Blue Screen:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 9088
BCP1: FFFFF880064128C0
BCP2: FFFFF880064128C4
BCP3: FFFFF880064128D0
BCP4: FFFFF880064128D4
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\122210-54194-01.dmp
C:\Users\cat\AppData\Local\Temp\WER-170446-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

Let me know if you think the even logs would be helpful and if so, what I should be looking to copy for you.

Blade81
2011-03-03, 11:50
Hi,

It might be more helpful if you could post error message given on that blue screen itself.

cathylm
2011-03-06, 08:23
I'm sorry, I haven't had a chance to get back to you. The blue screen info I sent was what I copied from the blue screen. I will see what I can do to get more info on the critical errors, etc.

Blade81
2011-03-06, 10:59
The blue screen info I sent was what I copied from the blue screen.
So it was not copied from event log? That namely looked like an event log entry to me.

cathylm
2011-03-11, 04:55
I could have sworn I copied that from the blue screen. I copied a blue screen and then labeled it. I haven't fool with anything because I'm frustrated with the browser freezing up all the time. I'll go back through and see if I can get those critical event logs copied. That's all I know to do. I'll do that this weekend.

Blade81
2011-03-11, 19:33
Hi,

It shouldn't be possible to save blue screen error in other way than by taking a picture of it with camera or by writing it down. Could you provide a picture of it so I know if we're talking about same bluescreen here?

cathylm
2011-03-13, 20:05
I don't have a picture of it. I did look at what I copied and it says blue screen under problem event. All I know is a blue screen popped up and I copied it and that is what I sent to you. Where do I need to go from here? Do I need to try and copy critical events and send that to you?

Blade81
2011-03-13, 21:54
Hi,

To make sure we both are talking about same thing could you verify that blue screen you saw was something similar like behind this link (http://3.bp.blogspot.com/_EpXwi3RpXe4/TBcp_IKlzTI/AAAAAAAACNo/KjRUTvwpb9c/s1600/blue-screen-of-death1.jpg)? It's that kind of thing I'd like to see.

cathylm
2011-03-16, 01:24
Yes, this is what I saw. I've seen this on more than one occasion too. Is it possible that it copied information on the blue screen and it came in a different format? Normally I only see the blue screen for a hot moment. But the one I copied from took longer. Maybe I'm losing it.

Blade81
2011-03-16, 10:54
Disable automatic restart automatic restart after a system crash:
1.Right-click on My Computer and choose Properties.
2.Now click on Advanced System Settings on the left hand menu.
3.Click on the Advanced tab and then click on Settings under Startup and Recovery.
4.Finally, go ahead and uncheck the Automatically restart box under the System failure heading.
5.Click OK and close all the previous windows. Now when a system error or crash occurs, you will be able to see the entire message instead of it just flickering on the screen for half a second.

What are current problems with the system?

Blade81
2011-03-21, 08:54
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.

tashi
2011-03-28, 19:31
Thank you Blade81. :)