Inactive My desktop is infected with Backdoor.Tidserv.I!inf and only starts in safe mode

[debdubey]

Hi, My desktop runs windows XP prof. and is infected with Backdoor.Tidserv.I!inf. It has Norton Antivirus 2011 but this obviously is no help. I originally ran a scan and it told me my pc was infected, and to download tdsskiller and run that.(Per Norton website) I did, but it didn't get rid of it. But after that initial try to remove it, it no longer shows up in a scan. When I reboot my pc it freezes at the blue screen, so the removal tool never finishes because one of it's steps reboots the computer. The only way I can run the pc is if I start it in safe mode, and it does run with limited connectivity in safe mode. However when I try to disable norton antivirus to run the Gmer tool there is no way for me disable it. No matter how I click on it, it just asks me if I want to run a virus scan. So I did run the tools in safe mode but with norton still active as far as I could tell. I'll post the log files I have and if you need me to run anything else, I'm more than happy to. I appreciate any help you can give me, it seems like you've helped a lot of people with this one.
Thanks,
Deb

Here is the malwarebytes log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7390

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/5/2011 7:25:35 PM
mbam-log-2011-08-05 (19-25-35).txt

Scan type: Quick scan
Objects scanned: 244149
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-15 15:05:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160811AS rev.3.AAE
Running: lp8ejilt.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxldapog.sys


---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@ C:\WINDOWS\system32\scardssp.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\InprocServer32@ThreadingModel Free
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\ProgID@ Scardssp.SCardDatabase.1
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\TypeLib@ {82C38704-19F1-11D3-A11F-00C04F79F800}
Reg HKLM\SOFTWARE\Classes\CLSID\{A40F8BBE-77CD-78A3-DF6D-3C14B7105899}\VersionIndependentProgID@ Scardssp.SCardDatabase

---- EOF - GMER 1.0.15 ----

.DDS.txt
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 15:13:11 on 2011-08-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1487 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\lp8ejilt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints toolbar 2.0\Toolbar.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints toolbar 2.0\Toolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10d.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SMCWUSB-N2 Wireless Utility] "c:\program files\smc\smcwusb-n2\SMCWUSB-N2 Wireless Utility.exe" -nogui
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRunOnce: [FixTDSS] cmd /c start /D "c:\documents and settings\administrator\Desktop" /B FixTDSS.exe -postboot
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} - hxxp://www.worldwinner.com/games/v41/mines/mines.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader55.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172154408062
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.disneyphotopass.com/software/ImageUploader4.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - hxxp://www.worldwinner.com/games/v46/sol/sol.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v50/luxor/luxor.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file:///D:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} - hxxp://www.photomax.com/web/PhotomaxUploader.CAB
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v53/wwspades/wwspades.cab
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.disneyphotopass.com/software/ImageUploader4.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6E6154BC-1DA8-4D9B-9526-E9D09ECE7C1F} : DhcpNameServer = 192.168.2.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2011-8-5 26872]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-9 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-9 744568]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-2-20 11264]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 arusb(SMC);SMCWUSB-N2 802.11n Wireless USB 2.0 Adapter Service(SMC);c:\windows\system32\drivers\arusb.sys [2010-3-29 458240]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110518.001\BHDrvx86.sys [2011-5-18 802936]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-2-20 13696]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-9 136312]
S2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2010-10-26 3744]
S2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2010-10-26 3904]
S2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-9 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110603.003\IDSXpx86.sys [2011-6-4 341944]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110603.038\NAVENG.SYS [2011-6-4 86008]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110603.038\NAVEX15.SYS [2011-6-4 1542392]
S3 s3chipid;s3chipid;\??\c:\docume~1\debora~1\locals~1\temp\s3chipid.sys --> c:\docume~1\debora~1\locals~1\temp\s3chipid.sys [?]
S3 TIDHOOK;TIDHOOK;\??\c:\docume~1\admini~1\locals~1\temp\fxpbjvd1.tmp\tidhook.sys --> c:\docume~1\admini~1\locals~1\temp\fxpbjvd1.tmp\tidhook.sys [?]
.
=============== Created Last 30 ================
.
2011-08-05 22:04:17 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-08-05 22:04:17 -------- d-----w- c:\documents and settings\administrator\application data\FixTDSS
2011-08-05 20:42:08 -------- d-sha-r- C:\cmdcons
2011-08-05 20:38:45 98816 ----a-w- c:\windows\sed.exe
2011-08-05 20:38:45 518144 ----a-w- c:\windows\SWREG.exe
2011-08-05 20:38:45 256000 ----a-w- c:\windows\PEV.exe
2011-08-05 20:38:45 208896 ----a-w- c:\windows\MBR.exe
2011-08-05 20:32:46 -------- d-----w- c:\documents and settings\administrator\application data\Tific
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-03-08 15:58:34 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-06-24 14:25:36 1803952 -c--a-w- c:\program files\KODAK EASYSHARE Gallery Upload Software, V2.1.exe
.
============= FINISH: 15:13:34.62 ===============




DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/20/2007 1:26:45 PM
System Uptime: 8/5/2011 6:07:20 PM (237 hours ago)
.
Motherboard: | | K8M800-8237
Processor: AMD Sempron(tm) Processor 3400+ | Socket 940 | 1999/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 64.794 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
23_24_2500Tour
2400
2400_2500Help
2400_2500trb
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe PhotoDeluxe Home Edition 4.0
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Self Support Tool
Bonjour
BroadJump Client Foundation
Bubble Bonanza
BufferChm
CCleaner
CheckIt Diagnostics
Compatibility Pack for the 2007 Office system
Cook'n Recipe Organizer
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Defraggler
Destinations
Director
DocProc
DocumentViewer
EasyRecovery Professional
EVGA Display Driver
Fax
Free Realms Installer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.2
HP Update
HPODiscovery
HPSystemDiagnostics
InstantShare
Intel® Create & Share® Software
iTunes
Jane’s Combat Simulations USAF
Java(TM) 6 Update 13
Java(TM) 6 Update 7
JumpStart Languages
Kazoo Player
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Web Publishing Wizard
MobileMe Control Panel
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MyPoints Toolbar 2.0
Nero 7 Essentials
NetJet 2.0
Norton AntiVirus
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
OGA Notifier 2.0.0048.0
OmniFile Collection Software
OpenOffice.org Installer 1.0
overland
Pando Media Booster
PanoStandAlone
PayPal Plug-In
PhotoGallery
Picasa 3
Platform
PowerDVD
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.0
RealUpgrade 1.1
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sierra Home Architect
SimCity™ Societies
SimCity™ Societies Destinations
SkinsHP1
SMCWUSB-N2 Wireless Utility
SPORE™ Creature Creator Trial Edition
System Requirements Lab
TrayApp
U.B. Funkeys
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Visual Studio 2005 Tools for Office Second Edition Runtime
VoiceOver Kit
WebFldrs XP
WebReg
Windows Defender
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Wizard101
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
Zynga Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/15/2011 3:05:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File =================

 

[Bobbye]

Welcome to TechSpot!

Did you get a log after running this? If, yes, I'd like to see it. Please do not run it again now- just leave log if you have it.
2011-08-05 22:04:17 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-08-05 22:04:17 -------- d-----w- c:\documents and settings\administrator\application data\FixTDSS
=======================================
You also have 25+ Active X entries for worldwinner.com games. This is a tremendous vulnerability! They have to get that cash to give away- did you ever wonder how?
=======================================
Both the Adobe Reader and Java are way out of date. These are more vulnerabilities
=======================================
There is a multitude of bad entries that need to be removed. They are contributing to more malware.
You need to run Combofix- You can download it to a flash drive, update on the download, then run on the problem computer. Just skip the Recovery Console if you're in Safe Mode:

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=============================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please hold off on those games while I'm helping clean the system

 

[debdubey]

Ready to run combofix, but can't stop antivirus.

Thanks for the quick response. I looked for a log from running FixTDSS and couldn't find one. At some point during its process it restarts my computer which ends up freezing at the blue screen and the program never finishes. All I can find are the sys files. I've uninstalled combofix and reinstalled from your link and I'm ready to run, but I can't seem to stop norton antivirus. When I click on it it asks me if I want to run a full scan. Even right clicking only gives me the option to run a scan, not disable. The instructions from the website say to click on the icon in my system tray in the bottom right corner of my screen, but in safe mode I don't have any icons there. Should I still run combofix or can you help me disable Norton Antivirus 2011?
I know there is a lot of issues with my desktop- my 12 yr old is the one that uses it the most. My husband and I have our own laptops. Now that they are back in school I need to get their pc up and running again.LOL The virus was a good excuse over the summer for not using it at all.
Is it OK that I downloaded combofix directly onto this computer, or should I use the flash drive method? I'll download using my laptop onto a flash if you think that would be best. But I can connect with this computer.
I'll wait to hear from you before proceeding. Thanks.

 

[Bobbye]

See this for directions and screen shots to disable Symantec Endpoint Protection:
http://www.columbia.edu/acis/software/nav/pc-basics.html#disable

It's fine that you downloaded Combofix directly to problem computer. Flash drive is only needed if there is no internet access.

 

[debdubey]

I don't have symantec endpoint protection

I checked the link you posted and the beginning item is to open endpoint protection, but I just have Norton Antivirus 2011 and no matter what I click, my only option is to run a full scan or cancel. I'm in safe mode and there is no icon in my system tray, and I can't reboot my computer in standard mode because it freezes at the blue screen. Is my only option to uninstall? and is it safe to to that? Sorry, I seem to be running in circles here. I feel kinda ridiculous that I can't figure out how to stop my virus software temporarily. Can I just run combofix anyway?
Thanks, Deb

BTW-Can I stop it using Task Manager?

 

[debdubey]

Wondering if I can run combofix

I'm wondering if I can run combofix in safe mode even though I can't disable Norton Antivirus 2011

 

[Bobbye]

I think you may be having the problem because you have 3 Norton installs:

Norton AntiVirus
Norton Security Scan
Norton Security Scan (Symantec Corporation)

--------------------------------------
Let me clarify some things for you. There were no instructions to disable the AV to run GMER, DDS or Malwarebytes.
There is a direction to disable security when running Combofix
==========================================
Norton has a feature called Auto Protect That's what needs to be disabled for Combofix
From Symantec: Turn off Auto-Protect temporarily

• Right-click the Auto-Protect icon, which is located by the clock in the Windows system tray.
• Click Disable.
• If an Options popup Window appears > select the period for which you want Auto-Protect turned off, and then click OK.
• A red circle with a slash through its center appears, which indicates that Auto-Protect is disabled.

----------------------------------
1. Please go ahead and run Combofix in Safe Mode if you can't run it in Normal Mode.
2. Please do a right click> Delete on this file:
C:\Documents and Settings\Administrator\Desktop\lp8ejilt.exe
3. Uninstall this program FixTDSS Make sure it's gone from the Startup Menu. Use Windows Explorer (right click on Start> Explore_> My Computer> Double click on Local Drive(C)> Programs> find the program folder for FixTDSS and do a right click> Delete.
===============================================

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is required after disinfection.

=========================================

BTW-Can I stop it using Task Manager?

What are you doing with the Task Manager? And why are you doing it?

Logs from Combofix and TDSSKiller in next reply please.

 

[debdubey]

There are no Icons in my system tray

I didn't worry about the AV when I ran the other scans. I'm at the point where I want to run combofix but can't disable auto protect. The only icon in my system tray next to the clock is a microphone. None of the icons that are usually present are there, otherwise I would have been able to stop AV temporarily. When I go to programs the only things there are Norton Antivirus and Security Scan, but left or right clicking either doesn't give any option to disable. That was why I asked about task manager. I haven't done anything but run the scans you originally asked me to run, I'm just stuck at the combofix one because a warning popped up telling me to stop my AV software before running combofix. When I checked the symantec website it gave the same instructions that you just did, but I have no icon to right click. I've tried expanding the system tray, thinking they were hidden but there are no icons in the system tray. I do understand the directions you're giving me, I just can't complete them. So.. is there another way to stop auto protect, or do I run combofix anyway?

 

[Bobbye]

If you can bypass the AV warning, go ahead and do it to run Combofix. If you can't override it, run Combofix in Safe Mode.

 

[debdubey]

Logs for combofix and TDSSKiller

Ran combofix then TDSSKiller both in safe mode. TDSSKiller said it didn't find anything so there was no quarantine and reboot after running it. I also removed FixTDSS per your instructions and did everything in the order you had them in. Thanks


ComboFix 11-08-19.01 - Administrator 08/19/2011 15:22:37.4.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1417 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))
.
.
2011-08-05 22:04 . 2011-08-05 22:04 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-08-05 22:04 . 2011-08-05 22:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\FixTDSS
2011-08-05 20:32 . 2011-08-05 20:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 12:59 . 2010-10-26 21:43 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-08-16 12:59 . 2010-10-26 21:43 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-06 23:52 . 2010-06-24 14:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-06-24 14:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-03-08 15:58 . 2008-03-08 15:58 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-06-24 14:25 . 2007-06-24 14:25 1803952 -c--a-w- c:\program files\KODAK EASYSHARE Gallery Upload Software, V2.1.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2009-11-29 23:25 1444864 ----a-w- c:\program files\MyPoints Toolbar 2.0\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-03-28 16:22 176936 ----a-w- c:\program files\Zynga\prxtbZyn2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-29 1444864]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn2.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-30 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SMCWUSB-N2 Wireless Utility"="c:\program files\SMC\SMCWUSB-N2\SMCWUSB-N2 Wireless Utility.exe" [2009-08-07 557171]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FixTDSS"="start" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk.disabled]
backup=c:\windows\pss\HP Image Zone Fast Start.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SoundMan"=SOUNDMAN.EXE
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb99.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"LoadMSvcmm"="c:\program files\Movielink\MovielinkManager\Movielink User.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Symantec NetDriver Monitor"=c:\progra~1\SYMNET~1\SNDMon.exe /Consumer
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56951:TCP"= 56951:TCPando Media Booster
"56951:UDP"= 56951:UDPando Media Booster
.
R0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [8/5/2011 6:04 PM 26872]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/9/2011 7:03 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/9/2011 7:03 PM 744568]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 arusb(SMC);SMCWUSB-N2 802.11n Wireless USB 2.0 Adapter Service(SMC);c:\windows\system32\drivers\arusb.sys [3/29/2010 7:58 AM 458240]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [5/18/2011 5:36 PM 802936]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2/20/2007 4:37 PM 13696]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/9/2011 7:03 PM 136312]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [10/26/2010 5:07 PM 3744]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [10/26/2010 5:07 PM 3904]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/24/2010 10:10 AM 366640]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/9/2011 7:03 PM 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 8:08 PM 105592]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110603.003\IDSXpx86.sys [6/4/2011 7:57 AM 341944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/24/2010 10:10 AM 22712]
S3 s3chipid;s3chipid;\??\c:\docume~1\DEBORA~1\LOCALS~1\Temp\s3chipid.sys --> c:\docume~1\DEBORA~1\LOCALS~1\Temp\s3chipid.sys [?]
S3 TIDHOOK;TIDHOOK;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\fxpbjvd1.tmp\tidhook.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\fxpbjvd1.tmp\tidhook.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPOD_SERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-02-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2011-08-16 c:\windows\Tasks\Norton AntiVirus.job
- c:\progra~1\NORTON~3\Engine\1860~1.29\uistub.exe [2011-05-09 00:28]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1013.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-05-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1013.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\User_Feed_Synchronization-{9607B5EA-95BD-4B0B-840F-917E9456301F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} - hxxp://www.photomax.com/web/PhotomaxUploader.CAB
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-19 15:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-220523388-1425521274-725345543-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-220523388-1425521274-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3568)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3148)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\WININET.dll
.
Completion time: 2011-08-19 15:30:49
ComboFix-quarantined-files.txt 2011-08-19 19:30
ComboFix2.txt 2011-08-05 21:38
.
Pre-Run: 69,448,327,168 bytes free
Post-Run: 69,465,939,968 bytes free
.
- - End Of File - - 2F99BA398911A8F0802488821E738D15

2011/08/19 15:46:57.0546 2820 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
2011/08/19 15:46:57.0843 2820 ================================================================================
2011/08/19 15:46:57.0843 2820 SystemInfo:
2011/08/19 15:46:57.0843 2820
2011/08/19 15:46:57.0843 2820 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/19 15:46:57.0843 2820 Product type: Workstation
2011/08/19 15:46:57.0843 2820 ComputerName: DESKTOP
2011/08/19 15:46:57.0843 2820 UserName: Administrator
2011/08/19 15:46:57.0843 2820 Windows directory: C:\WINDOWS
2011/08/19 15:46:57.0843 2820 System windows directory: C:\WINDOWS
2011/08/19 15:46:57.0843 2820 Processor architecture: Intel x86
2011/08/19 15:46:57.0843 2820 Number of processors: 1
2011/08/19 15:46:57.0843 2820 Page size: 0x1000
2011/08/19 15:46:57.0843 2820 Boot type: Safe boot with network
2011/08/19 15:46:57.0843 2820 ================================================================================
2011/08/19 15:46:58.0437 2820 Initialize success
2011/08/19 15:47:20.0000 2628 ================================================================================
2011/08/19 15:47:20.0000 2628 Scan started
2011/08/19 15:47:20.0000 2628 Mode: Manual;
2011/08/19 15:47:20.0000 2628 ================================================================================
2011/08/19 15:47:23.0359 2628 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/08/19 15:47:23.0718 2628 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/19 15:47:23.0859 2628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/19 15:47:24.0265 2628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/19 15:47:24.0421 2628 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/08/19 15:47:25.0109 2628 ALCXWDM (5003d2e3f6b220ed3b0f1ac2816c2a18) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/08/19 15:47:25.0531 2628 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/19 15:47:25.0703 2628 arusb(SMC) (d8aa72b3760402b4a30925d9778e4688) C:\WINDOWS\system32\DRIVERS\arusb.sys
2011/08/19 15:47:26.0406 2628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/19 15:47:26.0546 2628 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/19 15:47:26.0843 2628 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/19 15:47:27.0015 2628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/19 15:47:27.0125 2628 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/08/19 15:47:27.0343 2628 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
2011/08/19 15:47:27.0515 2628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/19 15:47:27.0796 2628 BHDrvx86 (925a191c8c06124426c63ceb2ea93085) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110518.001\BHDrvx86.sys
2011/08/19 15:47:27.0968 2628 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys
2011/08/19 15:47:28.0406 2628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/19 15:47:28.0562 2628 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/19 15:47:28.0859 2628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/19 15:47:28.0968 2628 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/19 15:47:29.0171 2628 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/19 15:47:30.0171 2628 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/19 15:47:30.0406 2628 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/19 15:47:30.0578 2628 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/19 15:47:30.0671 2628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/19 15:47:30.0875 2628 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/19 15:47:31.0218 2628 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/19 15:47:31.0359 2628 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/19 15:47:31.0531 2628 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/19 15:47:31.0765 2628 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/19 15:47:31.0937 2628 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/19 15:47:32.0078 2628 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/08/19 15:47:32.0250 2628 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/08/19 15:47:32.0328 2628 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/19 15:47:32.0437 2628 FixTDSS (77d6ffaa3010b66fb4692532d75a585f) C:\WINDOWS\system32\drivers\FixTDSS.sys
2011/08/19 15:47:32.0593 2628 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/19 15:47:32.0750 2628 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/19 15:47:32.0937 2628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/19 15:47:33.0250 2628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/19 15:47:33.0484 2628 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/08/19 15:47:33.0609 2628 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/08/19 15:47:33.0796 2628 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/19 15:47:33.0953 2628 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/19 15:47:34.0203 2628 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/19 15:47:34.0500 2628 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/19 15:47:34.0640 2628 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/19 15:47:34.0765 2628 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/19 15:47:34.0953 2628 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/19 15:47:35.0359 2628 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/19 15:47:35.0515 2628 ICAM3NT5 (67ad57ae9aa6a2f02561325ea1b3e4b2) C:\WINDOWS\system32\Drivers\ICAM3D2.SYS
2011/08/19 15:47:35.0859 2628 IDSxpx86 (50fa4c70534cf3b5c17ec83debe07afd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110603.003\IDSxpx86.sys
2011/08/19 15:47:36.0031 2628 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/19 15:47:36.0218 2628 InCDfs (38fb07e8d1d1ef073048630a64f20bbd) C:\WINDOWS\system32\drivers\InCDFs.sys
2011/08/19 15:47:36.0390 2628 InCDPass (36bf2c76b64868479c2f4028301753e7) C:\WINDOWS\system32\drivers\InCDPass.sys
2011/08/19 15:47:36.0531 2628 InCDrec (148385c44b3449a4d66162a804e7f713) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/08/19 15:47:36.0656 2628 incdrm (cb7eee4831e3b57f8e97eec6f3d6be7c) C:\WINDOWS\system32\drivers\InCDRm.sys
2011/08/19 15:47:37.0140 2628 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/19 15:47:37.0312 2628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/19 15:47:37.0406 2628 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/19 15:47:37.0500 2628 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/19 15:47:37.0687 2628 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/19 15:47:37.0843 2628 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/19 15:47:38.0015 2628 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/19 15:47:38.0203 2628 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/19 15:47:38.0296 2628 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/19 15:47:38.0437 2628 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/19 15:47:38.0593 2628 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/19 15:47:39.0062 2628 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
2011/08/19 15:47:39.0234 2628 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/19 15:47:39.0453 2628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/19 15:47:39.0546 2628 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/19 15:47:39.0750 2628 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/19 15:47:39.0875 2628 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/19 15:47:40.0171 2628 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/08/19 15:47:40.0421 2628 MREMPR5 (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/08/19 15:47:40.0593 2628 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/08/19 15:47:40.0718 2628 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/08/19 15:47:40.0984 2628 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/19 15:47:41.0140 2628 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/19 15:47:41.0375 2628 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/08/19 15:47:41.0531 2628 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/19 15:47:41.0703 2628 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/19 15:47:41.0843 2628 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/19 15:47:41.0984 2628 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/19 15:47:42.0125 2628 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/19 15:47:42.0265 2628 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/19 15:47:42.0437 2628 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/08/19 15:47:42.0625 2628 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/19 15:47:42.0765 2628 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/19 15:47:43.0031 2628 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110603.038\NAVENG.SYS
2011/08/19 15:47:43.0375 2628 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110603.038\NAVEX15.SYS
2011/08/19 15:47:43.0578 2628 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/19 15:47:43.0703 2628 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/19 15:47:43.0859 2628 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/19 15:47:43.0953 2628 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/19 15:47:44.0046 2628 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/19 15:47:44.0187 2628 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/19 15:47:44.0312 2628 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/19 15:47:44.0437 2628 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/19 15:47:44.0703 2628 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/19 15:47:44.0875 2628 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/19 15:47:44.0984 2628 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/19 15:47:45.0171 2628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/19 15:47:45.0625 2628 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/19 15:47:46.0093 2628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/19 15:47:46.0187 2628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/19 15:47:46.0343 2628 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/19 15:47:46.0546 2628 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys
2011/08/19 15:47:46.0718 2628 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/19 15:47:46.0843 2628 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/19 15:47:47.0031 2628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/19 15:47:47.0187 2628 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/19 15:47:47.0453 2628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/19 15:47:47.0578 2628 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/19 15:47:48.0718 2628 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/19 15:47:48.0906 2628 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/19 15:47:49.0093 2628 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/19 15:47:49.0234 2628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/19 15:47:49.0437 2628 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/19 15:47:50.0203 2628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/19 15:47:50.0406 2628 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/19 15:47:50.0609 2628 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/19 15:47:50.0718 2628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/19 15:47:50.0890 2628 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/19 15:47:51.0015 2628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/19 15:47:51.0203 2628 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/19 15:47:51.0359 2628 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/19 15:47:51.0484 2628 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/19 15:47:52.0015 2628 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/19 15:47:52.0187 2628 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/19 15:47:52.0359 2628 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/19 15:47:52.0562 2628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/08/19 15:47:52.0890 2628 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/19 15:47:53.0062 2628 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/19 15:47:53.0343 2628 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/19 15:47:53.0546 2628 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/19 15:47:53.0765 2628 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
2011/08/19 15:47:53.0937 2628 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
2011/08/19 15:47:54.0140 2628 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/19 15:47:54.0375 2628 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/19 15:47:54.0531 2628 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/19 15:47:54.0640 2628 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/19 15:47:55.0109 2628 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMDS.SYS
2011/08/19 15:47:55.0265 2628 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
2011/08/19 15:47:55.0437 2628 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/08/19 15:47:55.0609 2628 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NAV\1206000.01D\Ironx86.SYS
2011/08/19 15:47:55.0781 2628 SYMTDI (dec35ccaf7a222df918306cd2fdfbd39) C:\WINDOWS\System32\Drivers\NAV\1206000.01D\SYMTDI.SYS
2011/08/19 15:47:56.0234 2628 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/19 15:47:56.0468 2628 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/19 15:47:56.0625 2628 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/19 15:47:56.0765 2628 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/19 15:47:56.0906 2628 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/19 15:47:57.0437 2628 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/19 15:47:57.0750 2628 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/19 15:47:57.0984 2628 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/19 15:47:58.0125 2628 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/19 15:47:58.0312 2628 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/19 15:47:58.0453 2628 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/19 15:47:58.0593 2628 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/19 15:47:58.0687 2628 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/19 15:47:58.0812 2628 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/19 15:47:58.0984 2628 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/19 15:47:59.0156 2628 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/19 15:47:59.0281 2628 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/19 15:47:59.0437 2628 viagfx (58d3c5bc2cbe43f127d768c020b0b018) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/08/19 15:47:59.0609 2628 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/08/19 15:47:59.0781 2628 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
2011/08/19 15:47:59.0875 2628 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/19 15:48:00.0109 2628 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/19 15:48:00.0390 2628 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/19 15:48:00.0671 2628 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\WINDOWS\system32\drivers\windrvr6.sys
2011/08/19 15:48:01.0000 2628 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/19 15:48:01.0187 2628 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2011/08/19 15:48:01.0296 2628 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/19 15:48:01.0468 2628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/19 15:48:01.0562 2628 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2011/08/19 15:48:01.0750 2628 xfilt (fcbc27869092850cdb75139f3818653a) C:\WINDOWS\system32\DRIVERS\xfilt.sys
2011/08/19 15:48:01.0968 2628 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/19 15:48:02.0156 2628 Boot (0x1200) (1f542a05d5cfd60266ba8e0fc2d6bca8) \Device\Harddisk0\DR0\Partition0
2011/08/19 15:48:02.0187 2628 ================================================================================
2011/08/19 15:48:02.0187 2628 Scan finished
2011/08/19 15:48:02.0187 2628 ================================================================================
2011/08/19 15:48:02.0250 3304 Detected object count: 0
2011/08/19 15:48:02.0250 3304 Actual detected object count: 0

 

[Bobbye]

I think I may have found the problem in Combofix. This might be the problem stopping Norton:
This is what is running: Symantec Host IDS
Click on Start> Run> type in services.msc> enter> look for this Service: Symantec Host IDS Agent> double click to open> Change Startup type to Disabled> Stop the Service.
Exit Services and run the Combofix script in Normal Mode
================================
Be sure to copy all of the script in the code box- there is a lot of it. You system, is full of undesirable entries.
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\windows\system32\drivers\FixTDSS.sys
c:\docume~1\DEBORA~1\LOCALS~1\Temp\s3chipid.sys
c:\docume~1\ADMINI~1\LOCALS~1\Temp\fxpbjvd1.tmp\tidhook .sy
Folder::
c:\documents and settings\Administrator\Application Data\FixTDSS
c:\documents and settings\Administrator\Application Data\Tific
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"=-
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"=-
[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FixTDSS"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=-
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=-
DDS::
BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints toolbar 2.0\Toolbar.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints toolbar 2.0\Toolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
mRunOnce: [FixTDSS] cmd /c start /D "c:\documents and settings\administrator\Desktop" /B FixTDSS.exe -postboot
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Driver::
FixTDSS
s3chipid
TIDHOOK

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================

 

[debdubey]

There is no 'Symantec Host IDS Agent'

I still can only boot my system in SAFE mode. When I try to boot into normal mode it gets to the Windows blue screen and I can see it trying to start then after about a minute the screen just goes blank, black and stays there. In safe mode when I type in 'services.msc' in my run box, it opens to Services(local). When I scroll down looking for symantec host IDS agent, it is not there. the items that have 'started' next to them are
Computer Browser
CryptSvc
DCOM Server Process Launcher
DHCP Client
DNS Client
Event Log
Help and Support
Logical Disk Manager
Network Connections
Plug and play
Remote Procedure Call(RPC)
Server
System Restore Service
TCP/IP NetBIOS Helper
Terminal Services
Windows Management Instrumentation
Wireless Zero Configuration
Workstation

I haven't proceeded beyond trying to do that first task since I can't find that service. Although when I first turned on my desktop I let it try to boot normally and it just freezes, so I know it still only boots in safe mode. The thing is- if I highlight the Norton Antivirus line under services - off to the left it says ' Start the service ' like it isn't running, but combofix says that it is active. I did not run Combofix again though since I couldn't disable 'symantec host IDS agent' or try to run in normal mode. I also can't copy and paste the whole services page for you to see, that was why I gave you what it said was running. Do you still want me to copy that code into notepad and drag into combofix?
Deb

 

[Bobbye]

Okay. Boot into Safe Mode and run the script:

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

 

[debdubey]

Here is the log

Copied the script and drag n dropped onto the combofix icon on my desktop. It asked me to update combofix and warned me again about antivirus.

ComboFix 11-08-22.04 - Administrator 08/22/2011 23:36:35.5.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1756 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\fxpbjvd1.tmp\tidhook .sy"
"c:\docume~1\DEBORA~1\LOCALS~1\Temp\s3chipid.sys"
"c:\windows\system32\drivers\FixTDSS.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\FixTDSS
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\ACPI.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\afd.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\atapi.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\Beep.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\BHDrvx86.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\BIOS.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\Cdaudio.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\cdrom.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\disk.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\dmio.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\dmload.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\eeCtrl.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\Fips.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\FixTDSS.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\fltmgr.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\ftdisk.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\gagp30kx.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\i8042prt.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\imapi.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\InCDPass.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\InCDRm.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\ipsec.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\Ironx86.SYS
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\isapnp.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\kbdclass.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\kbdhid.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\KSecDD.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\MBR.dat
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\mnmdd.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\mouclass.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\MountMgr.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\mrxsmb.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\Msfs.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\Mup.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\NDIS.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\netbios.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\netbt.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\Npfs.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\Null.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\ohci1394.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\PartMgr.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\pci.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\pciide.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\processr.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\PxHelp20.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\rasacd.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\rdbss.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\RDPCDD.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\redbook.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\serial.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\sr.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\SRTSPX.SYS
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\SYMDS.SYS
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\SYMEFA.SYS
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\SYMTDI.SYS
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\tcpip.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\termdd.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\vga.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\viaide.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\videX32.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\VolSnap.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\WudfPf.sys
c:\documents and settings\Administrator\Application Data\FixTDSS\Archive\xfilt.sys
c:\documents and settings\Administrator\Application Data\Tific
c:\documents and settings\Administrator\Application Data\Tific\Environment.tfc
c:\documents and settings\Administrator\Application Data\Tific\tificocs.symantec.com.tfc
c:\program files\mypoints toolbar 2.0\Toolbar.dll
c:\program files\zynga\prxtbZyn2.dll
c:\windows\system32\drivers\FixTDSS.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FIXTDSS
-------\Legacy_S3CHIPID
-------\Legacy_TIDHOOK
-------\Service_FixTDSS
-------\Service_s3chipid
-------\Service_TIDHOOK
.
.
((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 12:59 . 2010-10-26 21:43 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-08-16 12:59 . 2010-10-26 21:43 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-06 23:52 . 2010-06-24 14:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-06-24 14:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-03-08 15:58 . 2008-03-08 15:58 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-06-24 14:25 . 2007-06-24 14:25 1803952 -c--a-w- c:\program files\KODAK EASYSHARE Gallery Upload Software, V2.1.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-30 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SMCWUSB-N2 Wireless Utility"="c:\program files\SMC\SMCWUSB-N2\SMCWUSB-N2 Wireless Utility.exe" [2009-08-07 557171]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk.disabled]
backup=c:\windows\pss\HP Image Zone Fast Start.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SoundMan"=SOUNDMAN.EXE
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb99.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"LoadMSvcmm"="c:\program files\Movielink\MovielinkManager\Movielink User.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Symantec NetDriver Monitor"=c:\progra~1\SYMNET~1\SNDMon.exe /Consumer
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56951:TCP"= 56951:TCPando Media Booster
"56951:UDP"= 56951:UDPando Media Booster
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/9/2011 7:03 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/9/2011 7:03 PM 744568]
R3 arusb(SMC);SMCWUSB-N2 802.11n Wireless USB 2.0 Adapter Service(SMC);c:\windows\system32\drivers\arusb.sys [3/29/2010 7:58 AM 458240]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [5/18/2011 5:36 PM 802936]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2/20/2007 4:37 PM 13696]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/9/2011 7:03 PM 136312]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [10/26/2010 5:07 PM 3744]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [10/26/2010 5:07 PM 3904]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/9/2011 7:03 PM 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 8:08 PM 105592]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110603.003\IDSXpx86.sys [6/4/2011 7:57 AM 341944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/24/2010 10:10 AM 22712]
S3 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/24/2010 10:10 AM 366640]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-02-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
2011-08-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2011-08-22 c:\windows\Tasks\Norton AntiVirus.job
- c:\progra~1\NORTON~3\Engine\1860~1.29\uistub.exe [2011-05-09 00:28]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1013.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-05-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1013.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\User_Feed_Synchronization-{9607B5EA-95BD-4B0B-840F-917E9456301F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} - hxxp://www.photomax.com/web/PhotomaxUploader.CAB
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-23 00:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-220523388-1425521274-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1552)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-08-23 00:08:10 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-23 04:08
ComboFix2.txt 2011-08-19 19:30
ComboFix3.txt 2011-08-05 21:38
.
Pre-Run: 69,483,728,896 bytes free
Post-Run: 69,344,382,976 bytes free
.
- - End Of File - - FE3FAABD167BF7CE095D7EE04ED27B98

 

[Bobbye]

I can't reconcile the scan dates given in the logs:

1.Combofix shows it was run on ComboFix3.txt 2011-08-05 21:38, before we started
2. You ran ran the Fix TDSS program on 8/5
3. mbam-log-2011-08-05 (19-25-35).txt> before we started
4. DDS & GMER were run on 8/15
5. ComboFix2.txt 2011-08-19 19:30<<<<< This is what you finally ran for me
6. ComboFix-quarantined-files.txt 2011-08-23 04:08<<<< This was from running the script

So you gave me an old Mbam log and didn't follow the directions in Combofix which said:

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
* Click START> then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

If you had done the above, I would not see the 8/5 date that you ran Combofix. Although I didn't see that log, I also didn't see whether it removed anything or had to replace any files.
=======================================
I am surprised this system moves at all! There are over 20 programs starting on boot. You only need the AV, FW, touchpad process if on laptop.
=======================================
Be sure to copy all of the script in the code box- there is a lot of it. You system, is full of undesirable entries.
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
DDS::
BHO: Freecause Toolbar BHO: {614bda1f-9bef-4cd1-bde4-fa4804929b4a} - c:\program files\mypoints toolbar 2.0\Toolbar.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
TB: MyPoints Point Finder: {89a2510a-b4b6-4683-bec9-1b96700bc7f1} - c:\program files\mypoints toolbar 2.0\Toolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\prxtbZyn2.dll
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRunOnce: [FixTDSS] cmd /c start /D "c:\documents and settings\administrator\Desktop" /B FixTDSS.exe -postboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cab
DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} - hxxp://www.worldwinner.com/games/v41/mines/mines.cab
DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} - hxxp://www.worldwinner.com/games/v46/sol/sol.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v50/luxor/luxor.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v53/wwspades/wwspades.cab
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=-
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Go on to next reply.

 

[Bobbye]

Update both of these
Java: Java Updates
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.

Adobe Reader: Adobe Reader site
After the updates, remove the outdated versions of each In add/Remove Programs. They are vulnerabilities.
============================================
There will be malware in the Java cache:
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
==============================================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

• Extract it to a directory on your hard drive called c:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
=======================================

SuperAntiSpyware Home Edition Free Version

• Please download SuperAntiSpyware from HERE
• Launch SuperAntiSpyware and click on 'Check for updates'.
• Wait for the updates to be installed
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click on 'Preferences'.
• Click on the 'Statistics/Logs' tab.
• Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply

 

[debdubey]

Response

1+2. In my first post I explained I had tried removing the virus before contacting the forum hence the Fix TDSS(this didn't work or produce a log, as previously explained), combofix(no fix was performed), malwarebytes already on my computer. When that didn't work I came to this forum after looking at multiple help sights.

3.After joining this sight(on 8/5) I read the Preliminary removal instructions and proceeded to follow those steps. The mbam-log-2011-08-05(19-25-35).txt was the first one I ran for this post(Not an old one), and yes it was before my first post because I was following the steps.

4. DDS and GMER were run on 8/15 because of time constraints on my part. Nothing else was done to the PC in between running Mbam and the other two, it just took me time to get all three done to post in my first thread.

5. ComboFix2.txt 2011-08-19 19:30 I ran at your request and I DID follow directions. I ran the ComboFix /Uninstall and thought it had worked. The icon was removed from my desktop and when I checked the folder it was gone. I've had to do all this in SAFE mode and my PC has trouble rebooting each time, so I don't know if that matters, but I did think the older version was gone before I clicked on your link to download it new. Again, had to run combofix in safe mode with AV warning popping up(previously explained).

6. ComboFix-Quarantined-Files.txt on 2011-08-23 04:08 as stated from your first scrpt.

Here is the log from the second script you provided:

ComboFix 11-08-23.06 - Administrator 08/23/2011 22:24:29.6.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1763 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\common~1\micros~1\dw\dwtrig20.exe
c:\program files\common files\adobe\updater5\AdobeUpdater.exe
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 12:59 . 2010-10-26 21:43 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-08-16 12:59 . 2010-10-26 21:43 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-06 23:52 . 2010-06-24 14:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-06-24 14:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-03-08 15:58 . 2008-03-08 15:58 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-06-24 14:25 . 2007-06-24 14:25 1803952 -c--a-w- c:\program files\KODAK EASYSHARE Gallery Upload Software, V2.1.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SMCWUSB-N2 Wireless Utility"="c:\program files\SMC\SMCWUSB-N2\SMCWUSB-N2 Wireless Utility.exe" [2009-08-07 557171]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk.disabled]
backup=c:\windows\pss\HP Image Zone Fast Start.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SoundMan"=SOUNDMAN.EXE
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb99.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"LoadMSvcmm"="c:\program files\Movielink\MovielinkManager\Movielink User.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Symantec NetDriver Monitor"=c:\progra~1\SYMNET~1\SNDMon.exe /Consumer
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56951:TCP"= 56951:TCPando Media Booster
"56951:UDP"= 56951:UDPando Media Booster
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/9/2011 7:03 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/9/2011 7:03 PM 744568]
R3 arusb(SMC);SMCWUSB-N2 802.11n Wireless USB 2.0 Adapter Service(SMC);c:\windows\system32\drivers\arusb.sys [3/29/2010 7:58 AM 458240]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110518.001\BHDrvx86.sys [5/18/2011 5:36 PM 802936]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2/20/2007 4:37 PM 13696]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/9/2011 7:03 PM 136312]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [10/26/2010 5:07 PM 3744]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [10/26/2010 5:07 PM 3904]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/9/2011 7:03 PM 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 8:08 PM 105592]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110603.003\IDSXpx86.sys [6/4/2011 7:57 AM 341944]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/24/2010 10:10 AM 22712]
S3 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/24/2010 10:10 AM 366640]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-02-01 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
2011-08-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2011-08-22 c:\windows\Tasks\Norton AntiVirus.job
- c:\progra~1\NORTON~3\Engine\1860~1.29\uistub.exe [2011-05-09 00:28]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1013.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-05-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1013.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-06-04 c:\windows\Tasks\User_Feed_Synchronization-{9607B5EA-95BD-4B0B-840F-917E9456301F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} - hxxp://www.photomax.com/web/PhotomaxUploader.CAB
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-23 22:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-220523388-1425521274-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
.
Completion time: 2011-08-23 22:35:26
ComboFix-quarantined-files.txt 2011-08-24 02:35
ComboFix2.txt 2011-08-23 04:08
ComboFix3.txt 2011-08-19 19:30
ComboFix4.txt 2011-08-05 21:38
.
Pre-Run: 69,280,120,832 bytes free
Post-Run: 69,297,549,312 bytes free
.
- - End Of File - - 1F717EBE95A13409F89773A3E8B92CB6


Next I updated Java without yahoo toolbar being offered, so not installed to my knowledge.
Updated Adobe Reader and removed older version
Cleared the Jave Plug-in cache

Downloaded HijackThis and ran + saved log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:12:14 PM, on 8/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SMCWUSB-N2 Wireless Utility] "C:\Program Files\SMC\SMCWUSB-N2\SMCWUSB-N2 Wireless Utility.exe" -nogui
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) - http://www.auctiva.com/Aurigma/ImageUploader55.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172154408062
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} (Wizard101GameLauncher) - https://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///D:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
O16 - DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} (PhotomaxUploader.ActiveXControl) - http://www.photomax.com/web/PhotomaxUploader.CAB
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.disneyphotopass.com/software/ImageUploader4.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9277 bytes
See next post for superantispyware log

 

[debdubey]

Superantispyware log

Downloaded SuperAntiSpyware and updated and ran complete scan. I checked everything found and let the program fix and the computer rebooted with some trouble.(took a few trys to fully reboot and still only in safe mode)

Here is that log:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/24/2011 at 01:57 AM

Application Version : 5.0.1118

Core Rules Database Version : 7595
Trace Rules Database Version: 5407

Scan type : Complete Scan
Total Scan Time : 00:50:59

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 271
Memory threats detected : 0
Registry items scanned : 39934
Registry threats detected : 0
File items scanned : 46807
File threats detected : 302

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@account.norton[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@account.norton[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@account.norton[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.webkinz[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anrtx.tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ar.atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@c.gigcount[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kontera[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@legolas-media[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@liveperson[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@lucidmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediabrandsww[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnbc.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mynortonaccount[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pointroll[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@segment-pixel.invitemedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda.at.atwola[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.mynortonaccount[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yieldmanager[1].txt
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificmedia.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ASHLEY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\DOCUMENTS AND SETTINGS\DEBORAH DUBEY\COOKIES\DEBORAH_DUBEY@MEDIA6DEGREES[2].TXT
C:\DOCUMENTS AND SETTINGS\DEBORAH DUBEY\COOKIES\DEBORAH_DUBEY@TRIBALFUSION[1].TXT
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sonyonlineentertainment.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kitnmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftwlsearchcrm.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media303.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.oasn04.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.gigcount.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adecn.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediabrandsww.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdn1.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdn1.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.addfreestats.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cms.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.addynamix.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.addynamix.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.tltrack.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.pixeltrack66.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.addynamix.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
trafficking.nabbr.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.trafficrevenue.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.sellmeyourtraffic.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficrevenue.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adknowledge.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adknowledge.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adknowledge.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
optimize.indieclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
pixel.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KATIE\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

PUP.Whitesmoke
C:\Program Files\WHITESMOKE

 

[Bobbye]

Okay, let's start with this: Each of the account names below need to have Cookies reset:

administrator
ASHLEY
DEBORAH DUBEY
KATIE
This should prevent the Tracking Cookies, ads and some of the 'junk' that gets picked up on sites.

Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=====================================
Please check and see how much RAM is on the system: Click on Start> Control Panel> System> the Properties page will have the RAM figure.

There is good possibility that your system doesn't have enough RAM to load all the startups you have and run in Normal Mode. Additionally, you have several excess Scheduled Tasks. These will load on boot and each will be contacting the internet all day, every day, looking for updates:

To stop the Tasks:

• Click on All Programs> Accessories> System Tools> Scheduled Tasks
• Right click on each Tasks
• Click End Task.
• You might experience a delay (up to three minutes) before the task shuts down.
• Exit when finished

Note: Some of these Tasks were set several years ago
Stop these Scheduled Tasks:
[o]AppleSoftwareUpdate
[o]RealUpgradeLogonTask>>> There are 13 0f these> all dated 2011-03-29
[o]Disk Cleanup <<<< Do you still use this and want the task?
[o]MP Scheduled Scan <<<< Do you still use this and want the tasks? (Windows Defender)
[o]Norton AntiVirus uistub.exe<<< This is or Norton Protection Center. If it's on the Startu menu, you don't need to set it here. The AV will update regularly and you can scan intermittanly.
[o]User_Feed_Synchronization<<< Set up in 2006-10-17.<<<< Do you still use this and want the tasks?

If it turns up that you are short of RAM, you are going to have to stop as much as you can, safely, so that resources can be used to run the system, not check for updates.
======================================.
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys
c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys
C:\Documents and Settings\Administrator\Desktop\lp8ejilt.exe
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=-
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=-
Driver::
BCMNTIO
MAPMEM
FCopy::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.

 

[debdubey]

Cookies reset

I reset the cookies on each account. BTW I use Internet explorer, so you don't need to list instructions for firefox, hope that will save you time and effort. Sorry if I had not given you that info previously.

I checked my RAM and I have 2GB,

Looks like the tasks got scheduled under multiple accounts. I can still only boot in safe mode, so when I go to scheduled tasks and right click each one, the menu pops up, but 'end task' was non-clickable. when I clicked on properties it said 'Task Scheduler Service is not running" When I clicked OK on that notice another window pops up with the task schedule and settings. Under 'Schedule task' the choice selected on every one was either start 'at logon' or 'daily'. There was not a choice for 'never'. but you could choose run task 'once'. Under settings there is a box for 'Delete task if it is not scheduled to run again" which sets the next run time to 'never', but doesn't remove the task until it is completed.
Right now I don't need any of those tasks scheduled. I'd like as little as possible to start up when the computer is booted up. But I don't think I'll be able to completely get rid of those scheduled tasks until I can boot into normal mode where the programs have full function, and I can click on 'end Task'. Then I can just schedule my virus scan or do it manually as you suggested.

I ran the CFScript and it asked me to update and then restarted, but it took me 3 tries to get the computer booted back into safe mode. When CF started back up automatically it warned me that Norton Antivirus was running and I still have no way to stop it, so bypassed again and ran CF

Here is the log from CF:

ComboFix 11-08-27.01 - Administrator 08/27/2011 0:31.7.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1734 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
FILE ::
"c:\documents and settings\Administrator\Desktop\lp8ejilt.exe"
"c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys"
"c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys
c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BCMNTIO
-------\Legacy_MAPMEM
-------\Service_BCMNTIO
-------\Service_MAPMEM
.
.
((((((((((((((((((((((((( Files Created from 2011-07-27 to 2011-08-27 )))))))))))))))))))))))))))))))
.
.
2011-08-24 06:31 . 2011-08-16 12:48 7152464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{2D141A6B-724F-43D2-AA17-CC26E2B30103}\mpengine.dll
2011-08-24 04:48 . 2011-08-24 04:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-08-24 04:48 . 2011-08-24 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-08-24 04:48 . 2011-08-25 14:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-24 04:48 . 2011-08-24 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-24 03:05 . 2010-05-14 20:08 388608 ----a-w- C:\HijackThis.exe
2011-08-24 02:45 . 2011-08-24 02:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-24 02:40 . 2011-07-19 09:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-24 03:10 . 2011-08-24 03:04 305771 ----a-w- C:\HijackThis.zip
2011-08-16 12:59 . 2010-10-26 21:43 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-08-16 12:59 . 2010-10-26 21:43 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-08-16 12:48 . 2010-10-31 11:59 7152464 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2011-07-19 06:40 . 2008-10-08 12:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-06 23:52 . 2010-06-24 14:10 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-06-24 14:10 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-03-08 15:58 . 2008-03-08 15:58 774144 -c--a-w- c:\program files\RngInterstitial.dll
2007-06-24 14:25 . 2007-06-24 14:25 1803952 -c--a-w- c:\program files\KODAK EASYSHARE Gallery Upload Software, V2.1.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-19_19.28.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-20 18:27 . 2011-08-24 06:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-02-20 18:27 . 2008-09-05 02:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-02-20 18:27 . 2011-08-24 06:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-02-20 18:27 . 2008-09-05 02:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-24 06:52 . 2011-08-24 06:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-24 02:45 . 2011-08-24 02:45 28160 c:\windows\Installer\295139.msi
- 2009-12-17 21:35 . 2011-02-02 22:11 222080 c:\windows\system32\MpSigStub.exe
+ 2009-12-17 21:35 . 2011-05-24 23:14 222080 c:\windows\system32\MpSigStub.exe
+ 2011-08-24 02:40 . 2011-07-19 09:05 157472 c:\windows\system32\javaws.exe
+ 2011-08-24 02:40 . 2011-07-19 09:05 145184 c:\windows\system32\javaw.exe
+ 2011-08-24 02:40 . 2011-07-19 09:05 145184 c:\windows\system32\java.exe
+ 2011-08-24 06:52 . 2011-08-24 06:52 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2011-08-24 02:41 . 2011-08-24 02:41 203776 c:\windows\Installer\295134.msi
+ 2011-08-24 02:49 . 2011-08-24 02:49 2295808 c:\windows\Installer\295426.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-24 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SMCWUSB-N2 Wireless Utility"="c:\program files\SMC\SMCWUSB-N2\SMCWUSB-N2 Wireless Utility.exe" [2009-08-07 557171]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-26 273544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk.disabled]
backup=c:\windows\pss\HP Image Zone Fast Start.lnk.disabledCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 20:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"SoundMan"=SOUNDMAN.EXE
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb99.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"LoadMSvcmm"="c:\program files\Movielink\MovielinkManager\Movielink User.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"Symantec NetDriver Monitor"=c:\progra~1\SYMNET~1\SNDMon.exe /Consumer
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56951:TCP"= 56951:TCPando Media Booster
"56951:UDP"= 56951:UDPando Media Booster
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/9/2011 7:03 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/9/2011 7:03 PM 744568]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 8:02 PM 116608]
R3 arusb(SMC);SMCWUSB-N2 802.11n Wireless USB 2.0 Adapter Service(SMC);c:\windows\system32\drivers\arusb.sys [3/29/2010 7:58 AM 458240]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [7/22/2011 8:21 PM 815736]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2/20/2007 4:37 PM 13696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/9/2011 7:03 PM 136312]
S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/9/2011 7:03 PM 130008]
S3 EraserUtilDrv11113;EraserUtilDrv11113;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [8/24/2011 2:44 AM 105592]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 8:08 PM 105592]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110822.031\IDSXpx86.sys [8/23/2011 12:17 AM 356280]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/24/2010 10:10 AM 22712]
S3 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/24/2010 10:10 AM 366640]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-08-27 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 00:12]
.
2011-08-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
2011-08-22 c:\windows\Tasks\Norton AntiVirus.job
- c:\progra~1\NORTON~3\Engine\1860~1.29\uistub.exe [2011-05-09 00:28]
.
2011-08-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1425521274-725345543-1013.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1010.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1011.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1425521274-725345543-1013.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-08-27 c:\windows\Tasks\User_Feed_Synchronization-{9607B5EA-95BD-4B0B-840F-917E9456301F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.1
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {DABFA9AD-4E31-43F4-9D60-4CDD20F57F28} - hxxp://www.photomax.com/web/PhotomaxUploader.CAB
DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - hxxp://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-27 00:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-220523388-1425521274-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,e7,cb,9b,7a,5b,25,4e,b4,1c,6d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(948)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-08-27 00:58:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-27 04:58
ComboFix2.txt 2011-08-24 02:35
ComboFix3.txt 2011-08-23 04:08
ComboFix4.txt 2011-08-19 19:30
ComboFix5.txt 2011-08-27 04:30
.
Pre-Run: 68,849,946,624 bytes free
Post-Run: 68,877,889,536 bytes free
.
- - End Of File - - 84DB7B5EF545038AE4D017FA8F971E35

 

[Bobbye]

Deb, I'd like to try and find out what is causing the BSOD when you try to boot into Normal Mode. The next time you get the BSOD, note the time on the computer clock- that's important and you can try to force it if you want.

With that time in mind:

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for an Error that corresponds to the time of the BSOD>
[3] .Right click on the Error> Properties>
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES

• You can ignore Warnings and Information Events.
• If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
• You don't need to include the lines of code in the box below the Description, if any.
• Please do not copy the entire Event log.

Since you are in Safe Mode, there will be a lot of Errors about various Services not starting>>>> this is to be expected and it's not what we're looking for, that's why the time of important. Errors are time coded.
==========================================
I will share this with you. Many Norton users have complained about the following, thinking Norton is advising them of the infection:

If you look on the right, you may see: Blocked and No action required and lastly, a button to click on saying Stop notifying me

Both screen show Risk Name: HTTP TIDserv Request
-----------------------------------------
This has fooled many Norton users into thinking they have the rootkit- but they are actually only seeing normal internet traffic. Are you seeing either of the above?

 

[debdubey]

Error log

I restarted the computer and wrote down the time. Under 'system', the errors logged at that time are below. When I click on 'application' The most recent error is logged on the 23rd of Aug. and the most recent date for an 'information' line is the 27th. There is nothing for today's date

These 2 errors were right next to each other in the event log, even though there is @ 6 min time difference.
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10005
Date: 8/30/2011
Time: 3:33:07 PM
User: NT AUTHORITY\SYSTEM
Computer: DESKTOP
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 8/30/2011
Time: 3:39:45 PM
User: N/A
Computer: DESKTOP
Description:
The following boot-start or system-start driver(s) failed to load:
BHDrvx86
BIOS
eeCtrl
Fips
Processor
SASDIFSV
SASKUTIL
SRTSPX
SymIRON
SYMTDI

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


When I originally ran Norton Antivirus it was in normal mode, and when I got the results of the scan it said it had found the Tidserv and couldn't fix it. (I ran the scan because my daughter told me the pc was randomly rebooting itself and I saw it do this) I got a message to go to the Norton website to download a fix tool that might remove it. That was the Fix TDSS that I tried to run. But that tool restarts the pc as part of the removal process and by that time my pc wouldn't reboot into normal mode, so I could never verify if the virus was gone. Malwarebytes showed it the first time I ran that but hadn't shown it again after that first run. I don't know if any of the warning windows popped up- it's definately possible that happened while the kids were on the pc. It's also possible that I'm not remembering 100% from that first scan. It was quite a while ago, and I haven't run any programs since joining this site except the ones I've been told to. If you think it might be gone or was never there, we can concentrate on why it won't boot into normal. I know that might be something totally different, so I'm open to any suggestions you might have. I do know that I got the suggestion to go to the Symantec website for the fix tool. I wasn't surprised because a number of years ago I had that happen with a different trojan and I was able to get rid of it without any problems. This one has me stumped and I didn;t want to try anything else on my own after the original fix tool didn't seem to work. That was when I searched and found this forum.
Sorry so long,
Deb

 

[Bobbye]

Deb, I'd like to try and find out what is causing the BSOD when you try to boot into Normal Mode. The next time you get the BSOD, note the time on the computer clock- that's important and you can try to force it if you want.

Since you are in Safe Mode, there will be a lot of Errors about various Services not starting>>>> this is to be expected and it's not what we're looking for, that's why the time of important. Errors are time coded.

The 2 error events you left are examples of what I referred to above and of no use to use for this problem. These are the errors I told you to ignore.

When you get the BSOD on an attempt to boot into Normal Mode, I either need you to tell me what the white writing is on the blue screen-or-see if there is a corresponding error at that attempt time.

This is what I'm trying to identify:

When I reboot my pc it freezes at the blue screen,

And I need to distinguish "blue screen." For instance, what I boot my laptop, I get a quick black screen, followed by the white dots going across the screen. When that finishes, I get a brief plain blue screen, followed immediately by my logon with password box. That is all normal with no freezing. But the BSOD is different- there is white writing on it with the error message, but it difficult to read it quickly. So by checking the Event Viewer, looking only at that specific time for an error that corresponds to the BSOD, it gives us something o work with.

I am not sure you ever had that infection and one thing I noticed was the large number of entries for the FixTSS. I'm not familiar with that program. But when the TDSSKiller is run, it makes a nice, neat entry with the quarantines and doesn't spread entries all over the system.

I want you to boot into Normal Mode. When whatever happens when you try to do this happens>>> look at the time<<< then see if there is any error tht corresponds to that time.