Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my hijackthis log


  • This topic is locked This topic is locked
26 replies to this topic

#1 mickeddie

mickeddie

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 24 March 2011 - 05:29 PM

I am being redirected when I use the google search engine in Firefox. No other search engines, nor other browsers seem to be infected. Hopefully someone can help me.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:21:15 PM, on 3/24/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Goldberg\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\POPFile\popfileib.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\Goldberg\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Goldberg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Goldberg\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASDR - Unknown owner - C:\Windows\System32\ASDR.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Human Interface Device Access (hidserv32) - Unknown owner - C:\Windows\system32\CertPolEng32.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe

--
End of file - 7359 bytes

Edited by Orange Blossom, 24 March 2011 - 09:06 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 AM

Posted 30 March 2011 - 05:51 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 mickeddie

mickeddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 30 March 2011 - 09:33 PM

Thank you for your assistance, Etaveres! And no need to apologize for the delay in response - your giving free help after all!
all!!

Here are the two logs from OTL:

OTL logfile created on: 3/30/2011 9:11:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Goldberg\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 47.80 Gb Free Space | 17.11% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 26.31 Gb Free Space | 11.30% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 411.21 Gb Free Space | 88.29% Space Free | Partition Type: NTFS

Computer Name: GOLDBERG-PC | User Name: Goldberg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/30 21:10:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Goldberg\Desktop\OTL.exe
PRC - [2011/03/30 16:50:57 | 000,620,112 | ---- | M] (Copyright 2010 eSupport.com. All Rights Reserved.) -- C:\Users\Goldberg\AppData\Local\eSupport.com\driveragent.exe
PRC - [2011/03/20 20:34:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/08 12:25:04 | 001,405,384 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/03/05 15:15:55 | 012,587,696 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/02/28 22:18:18 | 000,939,848 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 15:05:46 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/20 18:44:18 | 001,462,544 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/01 17:44:10 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Goldberg\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/12/01 15:22:54 | 000,061,952 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Windows\System32\ATKFUSService.exe
PRC - [2009/11/30 16:17:00 | 000,417,792 | ---- | M] () -- C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe
PRC - [2009/08/16 17:33:26 | 000,106,582 | ---- | M] (The POPFile Project) -- C:\Program Files\POPFile\popfileib.exe
PRC - [2009/07/27 12:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\System32\ASDR.exe


========== Modules (SafeList) ==========

MOD - [2011/03/30 21:10:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Goldberg\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (hidserv32)
SRV - [2011/03/09 00:52:54 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/03/08 12:25:04 | 001,405,384 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/20 18:44:18 | 001,462,544 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2010/03/10 04:03:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/01 17:44:10 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/01 15:22:54 | 000,061,952 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\System32\ATKFUSService.exe -- (ATKFUSService)
SRV - [2009/07/27 12:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ASDR.exe -- (ASDR)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/03/30 16:51:59 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011/03/14 14:58:33 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110325.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/03/09 05:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011/03/09 05:21:34 | 007,723,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/03/09 00:17:24 | 000,239,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/02/28 22:21:08 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/20 18:43:48 | 000,080,272 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2010/12/16 05:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110330.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/16 05:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110330.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 17:44:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/01 17:44:17 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/03/01 17:44:17 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/03/01 17:44:17 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/03/01 17:44:17 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/03/01 17:44:17 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/03/01 17:44:17 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/01 17:44:17 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/03/01 17:44:15 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/01 17:44:15 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/18 21:52:09 | 000,014,336 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\EIO.sys -- (EIO)
DRV - [2009/11/18 19:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/02/17 19:22:14 | 000,030,976 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV - [2009/02/17 19:22:14 | 000,015,232 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008/06/27 02:40:18 | 000,335,872 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A 1B 1B 33 E0 97 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F5 02 FE 00 86 2B 7D 45 88 0F 32 65 69 9C 39 E8 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/22 17:47:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/20 20:34:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 18:17:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/05 15:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/18 17:06:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Extensions
[2010/01/17 22:02:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/02 22:17:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\tknch6cd.default\extensions
[2010/03/01 19:44:05 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\tknch6cd.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}
[2010/12/06 23:45:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\tknch6cd.default\extensions\{9e5facfc-350c-46aa-a095-652ec2edd799}
[2011/03/27 20:39:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions
[2010/04/13 21:26:05 | 000,000,000 | ---D | M] (Abaca classic) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}
[2010/03/01 19:44:05 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}
[2010/12/06 23:45:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{9e5facfc-350c-46aa-a095-652ec2edd799}
[2011/02/13 22:03:02 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011/02/13 22:03:02 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011/02/13 22:57:37 | 000,000,000 | ---D | M] ("FoxFilter") -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\foxfilter@inspiredeffect.net
[2011/02/15 22:31:54 | 000,000,000 | ---D | M] ("Multiple Tab Handler") -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\multipletab@piro.sakura.ne.jp
[2010/04/13 21:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{3713a489-0634-4472-8456-dc7abd7eba00}\chrome\mozapps\extensions
[2009/11/18 19:37:08 | 000,002,254 | ---- | M] () -- C:\Users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\tknch6cd.default\searchplugins\askcom.xml
[2011/03/23 20:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/07 19:08:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/20 20:34:04 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/03/07 19:07:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Goldberg\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run POPFile.lnk = C:\Program Files\POPFile\runpopfile.exe (The POPFile Project)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Security Suite\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/30 06:32:46 | 000,000,288 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe - (PalmSource, Inc)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Goldberg\AppData\Roaming\Dropbox\bin\Dropbox.exe - ()
MsConfig - StartUpFolder: C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpFolder: C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketTorrents (Minimized).lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Run POPFile.lnk - C:\Program Files\POPFile\runpopfile.exe - (The POPFile Project)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ASUSGamerOSD - hkey= - key= - C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
MsConfig - StartUpReg: ATICustomerCare - hkey= - key= - C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: DVDtoiPodConverter_upgrade - hkey= - key= - File not found
MsConfig - StartUpReg: HotSync - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: Microsoft Default Manager - hkey= - key= - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSN Toolbar - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDBPL - hkey= - key= - File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
MsConfig - StartUpReg: V0350Mon.exe - hkey= - key= - File not found
MsConfig - State: "startup" - 2

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)


========== Files/Folders - Created Within 30 Days ==========

[2011/03/30 21:10:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Goldberg\Desktop\OTL.exe
[2011/03/30 16:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/03/30 16:55:31 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/03/30 16:51:59 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2011/03/30 16:51:59 | 000,000,000 | ---D | C] -- C:\Users\Goldberg\AppData\Local\eSupport.com
[2011/03/24 18:20:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Goldberg\Desktop\HijackThis.exe
[2011/03/21 19:56:06 | 000,051,712 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/03/17 19:07:51 | 000,000,000 | ---D | C] -- C:\Users\Goldberg\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/17 19:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/03/17 18:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/17 18:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/16 16:26:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/14 03:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Maker
[2011/03/13 22:25:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/03/13 22:23:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/13 22:14:58 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/03/10 17:40:23 | 000,000,000 | ---D | C] -- C:\Users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/09 00:53:18 | 000,393,216 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2011/03/09 00:52:54 | 000,176,128 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2011/03/09 00:51:56 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2011/03/09 00:51:28 | 000,015,872 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2011/03/07 19:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/03/07 19:09:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/04 22:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 12
[2011/03/02 18:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/03/07 18:06:35 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Goldberg\AppData\Roaming\pcouffin.sys
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/30 21:10:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Goldberg\Desktop\OTL.exe
[2011/03/30 20:44:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884901708-1802843103-2556975195-1000UA.job
[2011/03/30 20:31:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/30 16:52:22 | 000,001,109 | ---- | M] () -- C:\Users\Goldberg\Desktop\Find Drivers with DriverAgent.lnk
[2011/03/30 16:51:59 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys
[2011/03/30 16:44:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884901708-1802843103-2556975195-1000Core.job
[2011/03/30 16:30:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/30 16:30:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/27 18:48:49 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/27 18:48:49 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/27 18:36:24 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/27 13:25:36 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/27 13:25:36 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/26 21:08:02 | 000,002,419 | ---- | M] () -- C:\Users\Goldberg\Desktop\Google Chrome.lnk
[2011/03/24 18:20:19 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Goldberg\Desktop\HijackThis.exe
[2011/03/24 18:17:13 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/23 20:38:16 | 249,631,876 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/03/21 19:56:22 | 000,059,904 | ---- | M] () -- C:\Windows\System32\OVDecode.dll
[2011/03/21 19:56:06 | 000,051,712 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/03/20 20:34:26 | 000,001,994 | -H-- | M] () -- C:\Users\Goldberg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/17 18:57:01 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/17 18:44:49 | 000,024,656 | ---- | M] () -- C:\Users\Goldberg\Documents\cc_20110317_184359.reg
[2011/03/16 16:26:19 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/14 03:32:59 | 000,425,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/09 00:57:08 | 000,152,384 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2011/03/09 00:53:18 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2011/03/09 00:52:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2011/03/09 00:51:56 | 000,159,744 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2011/03/09 00:51:28 | 000,015,872 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2011/03/09 00:11:04 | 000,052,736 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll
[2011/03/08 23:33:44 | 000,790,592 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2011/03/07 19:51:22 | 000,001,411 | ---- | M] () -- C:\Users\Goldberg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/06 18:01:08 | 000,134,670 | ---- | M] () -- C:\Users\Goldberg\Desktop\photo.JPG
[6 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/30 16:52:22 | 000,001,109 | ---- | C] () -- C:\Users\Goldberg\Desktop\Find Drivers with DriverAgent.lnk
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/17 18:57:01 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/17 18:44:17 | 000,024,656 | ---- | C] () -- C:\Users\Goldberg\Documents\cc_20110317_184359.reg
[2011/03/16 16:26:19 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/13 22:16:34 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/03/13 22:14:30 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/03/13 22:14:17 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/03/10 17:46:47 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/10 17:40:38 | 000,002,419 | ---- | C] () -- C:\Users\Goldberg\Desktop\Google Chrome.lnk
[2011/03/10 17:39:16 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884901708-1802843103-2556975195-1000UA.job
[2011/03/10 17:39:07 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3884901708-1802843103-2556975195-1000Core.job
[2011/03/09 00:57:08 | 000,152,384 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2011/03/08 23:33:44 | 000,790,592 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2011/03/07 20:16:51 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/07 19:51:22 | 000,001,411 | ---- | C] () -- C:\Users\Goldberg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/07 19:51:21 | 000,001,417 | ---- | C] () -- C:\Users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/03/06 18:01:04 | 000,134,670 | ---- | C] () -- C:\Users\Goldberg\Desktop\photo.JPG
[2011/03/04 22:30:36 | 000,001,204 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 12.lnk
[2011/02/01 18:01:14 | 000,227,586 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/12 23:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/10/14 13:03:17 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/10/10 15:40:23 | 000,001,185 | ---- | C] () -- C:\ProgramData\1751970752
[2010/10/10 15:40:23 | 000,000,149 | -HS- | C] () -- C:\ProgramData\1212602604
[2010/10/10 15:39:27 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/08/08 22:27:47 | 000,195,348 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/03/07 18:06:35 | 000,087,608 | ---- | C] () -- C:\Users\Goldberg\AppData\Roaming\inst.exe
[2010/03/07 18:06:35 | 000,007,887 | ---- | C] () -- C:\Users\Goldberg\AppData\Roaming\pcouffin.cat
[2010/03/07 18:06:35 | 000,001,144 | ---- | C] () -- C:\Users\Goldberg\AppData\Roaming\pcouffin.inf
[2010/02/28 17:05:11 | 000,000,960 | ---- | C] () -- C:\Users\Goldberg\AppData\Roaming\23a15b25
[2010/02/27 17:42:09 | 000,000,048 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/02/07 16:54:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/02/06 19:26:41 | 000,007,168 | ---- | C] () -- C:\Users\Goldberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 14:23:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asrussian.dll
[2010/01/21 14:23:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\askorean.dll
[2010/01/21 14:23:43 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asjapan.dll
[2010/01/21 14:23:43 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asgerman.dll
[2010/01/21 14:23:43 | 000,053,248 | ---- | C] () -- C:\Windows\System32\asfrench.dll
[2010/01/21 14:23:43 | 000,053,248 | ---- | C] () -- C:\Windows\System32\aseng.dll
[2010/01/21 14:23:43 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ASCHT.dll
[2010/01/21 14:23:43 | 000,053,248 | ---- | C] () -- C:\Windows\System32\aschs.dll
[2010/01/21 14:23:42 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/21 14:23:42 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/19 16:38:00 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/01/18 20:29:37 | 000,162,220 | ---- | C] () -- C:\Windows\hphins31.dat
[2010/01/18 20:29:37 | 000,000,724 | ---- | C] () -- C:\Windows\hphmdl31.dat
[2010/01/17 22:02:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/17 21:14:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/27 12:13:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\ASDR.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,425,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/08/13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010/04/24 14:38:34 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\Amazon
[2009/12/19 21:11:22 | 000,000,000 | -H-D | M] -- C:\Users\Goldberg\AppData\Roaming\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2010/01/08 23:58:26 | 000,000,000 | -H-D | M] -- C:\Users\Goldberg\AppData\Roaming\DAEMON Tools Lite
[2011/03/29 20:40:48 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\Dropbox
[2010/09/16 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\FOG Downloader
[2011/02/14 22:13:30 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\FrostWire
[2010/02/07 16:54:36 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\GetRightToGo
[2010/09/29 20:45:27 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\HandBrake
[2009/08/09 17:30:07 | 000,000,000 | -H-D | M] -- C:\Users\Goldberg\AppData\Roaming\HotSync
[2009/10/06 17:36:54 | 000,000,000 | -H-D | M] -- C:\Users\Goldberg\AppData\Roaming\Leadertech
[2010/02/26 23:15:11 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\Leawo
[2010/09/24 22:28:53 | 000,000,000 | -H-D | M] -- C:\Users\Goldberg\AppData\Roaming\MP3Rocket
[2010/01/09 15:07:59 | 000,000,000 | -H-D | M] -- C:\Users\Goldberg\AppData\Roaming\NVD
[2010/01/19 18:29:53 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\OpenOffice.org
[2011/03/30 21:09:28 | 000,000,000 | -H-D | M] -- C:\Users\Goldberg\AppData\Roaming\POPFile
[2010/07/01 22:13:21 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\RocketTorrents
[2010/07/15 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\SEGA Corporation
[2010/02/27 17:42:16 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\SlySoft
[2010/01/14 16:21:11 | 000,000,000 | -H-D | M] -- C:\Users\Goldberg\AppData\Roaming\SoftGrid Client
[2010/01/18 17:54:50 | 000,000,000 | -H-D | M] -- C:\Users\Goldberg\AppData\Roaming\Thunderbird
[2010/01/09 15:08:43 | 000,000,000 | -H-D | M] -- C:\Users\Goldberg\AppData\Roaming\TP
[2011/03/27 21:07:57 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\TuneUpMedia
[2010/08/08 21:12:56 | 000,000,000 | ---D | M] -- C:\Users\Goldberg\AppData\Roaming\Vso
[2010/12/20 18:06:10 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2011/01/04 23:51:01 | 002,330,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2010/07/29 16:37:26 | 000,086,528 | ---- | M] () -- C:\2010 GS Cookies.xls
[2011/02/23 21:15:47 | 000,112,128 | ---- | M] () -- C:\2011 GS Cookies 2.22.11.xls
[2011/02/23 18:37:36 | 000,116,224 | ---- | M] () -- C:\2011 GS Cookies.xls
[2011/03/27 18:36:21 | 000,043,318 | ---- | M] () -- C:\aaw7boot.log
[2006/11/03 13:57:31 | 000,000,040 | ---- | M] () -- C:\Auth (2).prof
[2006/11/03 13:57:31 | 000,000,040 | ---- | M] () -- C:\Auth.prof
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2007/02/17 03:28:21 | 000,000,213 | -HS- | M] () -- C:\Boot.BAK
[2007/02/17 15:57:44 | 000,000,357 | RHS- | M] () -- C:\Boot.ini (2).saved
[2007/02/17 15:57:44 | 000,000,357 | RHS- | M] () -- C:\Boot.ini.saved
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/17 21:08:33 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/02/03 22:16:53 | 000,003,176 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2009/02/13 17:52:21 | 000,000,074 | ---- | M] () -- C:\CMLoader (2).log
[2009/02/13 17:52:21 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2009/12/19 21:10:16 | 000,000,034 | ---- | M] () -- C:\comcast_access_log.txt
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/20 15:00:07 | 000,092,160 | ---- | M] () -- C:\Copy of 2010 GS Cookies.xls
[2008/09/05 20:37:53 | 000,024,417 | ---- | M] () -- C:\CybDefInstallInfo (2).log
[2008/09/05 20:37:53 | 000,024,417 | ---- | M] () -- C:\CybDefInstallInfo.log
[2009/06/12 20:22:02 | 000,000,471 | ---- | M] () -- C:\faxend (2).log
[2009/06/12 20:22:02 | 000,000,471 | ---- | M] () -- C:\faxend.log
[2009/06/12 20:22:02 | 000,000,242 | ---- | M] () -- C:\faxendPdoc (2).log
[2009/06/12 20:22:02 | 000,000,242 | ---- | M] () -- C:\faxendPdoc.log
[2009/06/12 20:22:00 | 000,000,366 | ---- | M] () -- C:\faxfile (2).log
[2009/06/12 20:22:00 | 000,000,366 | ---- | M] () -- C:\faxfile.log
[2011/03/27 18:36:24 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/15 20:58:12 | 000,000,000 | ---- | M] () -- C:\hpfr5550 (2).xml
[2009/06/15 20:58:12 | 000,000,000 | ---- | M] () -- C:\hpfr5550.xml
[2009/06/15 20:58:42 | 000,025,301 | ---- | M] () -- C:\hph7550 (2).log
[2009/06/15 20:58:42 | 000,025,301 | ---- | M] () -- C:\hph7550.log
[2006/10/13 21:54:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/23 22:49:48 | 000,217,319 | ---- | M] () -- C:\january receipts.jpg
[2009/06/15 22:32:57 | 000,277,299 | ---- | M] () -- C:\lxct (2).log
[2009/06/15 22:32:57 | 000,277,299 | ---- | M] () -- C:\lxct.log
[2010/07/25 21:56:52 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/10/13 21:54:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 09:25:07 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/12 09:25:13 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/03/27 18:36:23 | 2146,557,952 | -HS- | M] () -- C:\pagefile.sys
[2007/02/12 20:52:39 | 000,001,807 | ---- | M] () -- C:\rapport (2).txt
[2007/02/12 20:52:39 | 000,001,807 | ---- | M] () -- C:\rapport.txt
[2006/10/22 19:58:21 | 000,000,493 | ---- | M] () -- C:\RHDSetup (2).log
[2006/10/22 19:58:21 | 000,000,493 | ---- | M] () -- C:\RHDSetup.log
[2007/09/02 13:43:04 | 000,000,000 | ---- | M] () -- C:\sfcdetails (2).txt
[2007/09/02 13:43:04 | 000,000,000 | ---- | M] () -- C:\sfcdetails.txt
[2011/03/24 18:33:40 | 000,071,520 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_24.03.2011_18.32.19_log.txt
[2011/03/24 18:54:27 | 000,071,520 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_24.03.2011_18.52.52_log.txt
[2009/03/06 22:47:20 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2006/10/22 20:05:01 | 000,000,185 | ---- | M] () -- C:\wifi (2).log
[2006/10/22 20:05:01 | 000,000,185 | ---- | M] () -- C:\wifi.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/13 21:15:26 | 000,307,200 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzppw72.dll
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2010/11/20 08:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 680 bytes -> C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 680 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM

< End of report >

OTL Extras logfile created on: 3/30/2011 9:11:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Goldberg\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 47.80 Gb Free Space | 17.11% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 26.31 Gb Free Space | 11.30% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 411.21 Gb Free Space | 88.29% Space Free | Partition Type: NTFS

Computer Name: GOLDBERG-PC | User Name: Goldberg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00387F6E-9495-90A8-F15A-150239AFC986}" = CCC Help Thai
"{068A2E6A-96CD-9FAB-8D3E-8CC3F5FC62CC}" = CCC Help English
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087EDCC7-4990-78D0-E299-424AEB163B59}" = AMD Drag and Drop Transcoding
"{0962CD6B-56D7-B756-9768-7FF9EF300BD7}" = CCC Help Polish
"{0A7D2791-832B-DC65-17B6-BDED89997E61}" = CCC Help Portuguese
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DEDD4FD-2846-40E0-94E9-2CAB56F108DD}" = MMI
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{21E1339F-33CE-EB99-E385-222FD00CA8A4}" = CCC Help Turkish
"{2335E359-2E45-AF33-B64C-0CF164498FA4}" = CCC Help Czech
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{26ED4308-E0A5-4AE2-A1BC-7A55BC7DD32C}" = The Silver Lining
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F478590-A2A6-43E3-A567-A89A5F38AAC4}" = HP Photosmart D7500 Printer Driver Software 13.0 Rel. 4
"{2FAD5D8B-56E2-1C4D-E84E-ED162C32D4C5}" = Catalyst Control Center Graphics Light
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3A511085-B564-A665-38C4-D97B0455858E}" = CCC Help Norwegian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{429EB318-B113-136B-7BEA-FEE01EB991A8}" = CCC Help Japanese
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B8C04D7-47E2-AB0B-B573-65893836AD10}" = ccc-core-static
"{4BC34938-0FBB-E9F6-9036-46CEACEBB570}" = CCC Help Greek
"{4D4D100E-78DE-41C5-AE77-E28D5CEE7CC3}" = WealthBuilder
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54FB1D26-CB8F-2B7C-1B22-344AA1896FE1}" = Catalyst Control Center Graphics Full Existing
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EB4D930-5BBD-A8DB-BF68-2CA26FFEC8F6}" = CCC Help Russian
"{61891281-E38C-6872-DD52-13273FE00CBB}" = CCC Help Italian
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68C52B94-94A4-4A0F-B85B-BAB09D79FA31}_is1" = Web Wheels
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C7399D9-5E0A-D70C-B87F-39416C07ACB2}" = CCC Help Chinese Traditional
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{72AF0D20-AC75-3335-97C3-84599E1385BB}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85466D35-4A30-4D87-A4D3-EF8DCA30492B}" = D7500
"{88B93C28-CD83-F376-50DA-CFFBB021CE97}" = CCC Help Chinese Standard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C9BD943-2017-7E76-D945-DF02DF919D96}" = Catalyst Control Center Core Implementation
"{8F2F98F2-3219-4FAB-A3E1-359CD6DDF9CD}" = PS_SF_04_D7500_Software_Min
"{8F536DC9-1462-E99E-2D96-080B22DE3607}" = CCC Help Korean
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B7432E38-2691-7D67-9173-71072006325D}" = CCC Help Finnish
"{B794F825-BBA6-C4BB-79C4-CC657CA130AA}" = Catalyst Control Center Graphics Previews Vista
"{BBC25C82-FE8E-9A34-07B9-F182879E44CD}" = Catalyst Control Center Localization All
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BFBE0D03-E31F-DB05-15BE-435A613A3611}" = CCC Help Swedish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C557027F-424E-6514-40EF-02F91ED52851}" = CCC Help Hungarian
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE186519-9D34-3BA5-4CAB-8C3457D18F65}" = Catalyst Control Center Graphics Full New
"{CEFB6BDD-6D06-8320-1421-899071FC7F00}" = CCC Help Spanish
"{D17CC8DA-5189-3600-9EB1-C21795495631}" = CCC Help French
"{D4CE9F38-D686-83F1-5CF2-FD03C153257F}" = CCC Help Dutch
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E747A330-9628-AB37-6D16-8AEE2FB0CDF1}" = ccc-utility
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6346957-2547-FB00-4871-FC4E92CBAA05}" = CCC Help Danish
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection 4.2.48
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"Handbrake" = Handbrake 0.9.4
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"iSkysoft DVD to iPhone Converter_is1" = iSkysoft DVD to iPhone Converter(Build 2.3.3.0)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"N360" = Norton Security Suite
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Shop for HP Supplies" = Shop for HP Supplies
"TuneUpMedia" = TuneUp Companion 1.9.0
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"POPFile" = POPFile 1.1.1
"POPFile_Data" = POPFile Data (Goldberg)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2011 12:24:32 PM | Computer Name = Goldberg-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15819

Error - 3/29/2011 8:38:38 PM | Computer Name = Goldberg-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/29/2011 8:38:38 PM | Computer Name = Goldberg-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29663435

Error - 3/29/2011 8:38:38 PM | Computer Name = Goldberg-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29663435

Error - 3/29/2011 8:38:54 PM | Computer Name = Goldberg-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/29/2011 8:38:54 PM | Computer Name = Goldberg-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29679050

Error - 3/29/2011 8:38:54 PM | Computer Name = Goldberg-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29679050

Error - 3/29/2011 10:28:41 PM | Computer Name = Goldberg-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/29/2011 10:28:41 PM | Computer Name = Goldberg-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15662

Error - 3/29/2011 10:28:41 PM | Computer Name = Goldberg-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15662

[ System Events ]
Error - 3/27/2011 6:41:32 PM | Computer Name = Goldberg-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Font Cache Service service failed to start due to the
following error: %%1053

Error - 3/27/2011 6:42:18 PM | Computer Name = Goldberg-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 3/27/2011 6:42:18 PM | Computer Name = Goldberg-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the upnphost service.

Error - 3/27/2011 6:42:18 PM | Computer Name = Goldberg-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1053

Error - 3/27/2011 6:44:13 PM | Computer Name = Goldberg-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/27/2011 9:21:47 PM | Computer Name = Goldberg-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 3/29/2011 8:47:34 AM | Computer Name = Goldberg-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 3/29/2011 9:02:57 AM | Computer Name = Goldberg-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 3/30/2011 4:57:25 PM | Computer Name = Goldberg-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the AMD
External Events Utility service to connect.

Error - 3/30/2011 4:57:25 PM | Computer Name = Goldberg-PC | Source = Service Control Manager | ID = 7000
Description = The AMD External Events Utility service failed to start due to the
following error: %%1053


< End of report >

And here's the rootkit log:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-30 22:32:17
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-7 ST3300622AS rev.3.AAH
Running: gmer.exe; Driver: C:\Users\Goldberg\AppData\Local\Temp\kwdyrkob.sys


---- System - GMER 1.0.15 ----

SSDT 862733D0 ZwAlertResumeThread
SSDT 86276B90 ZwAlertThread
SSDT 86AC9D28 ZwAllocateVirtualMemory
SSDT 85FB2AB0 ZwAlpcConnectPort
SSDT 86AD45C8 ZwAssignProcessToJobObject
SSDT 86AD1E40 ZwCreateMutant
SSDT 86AD5398 ZwCreateSymbolicLinkObject
SSDT 863C6D00 ZwCreateThread
SSDT 86AD5868 ZwCreateThreadEx
SSDT 86ACD048 ZwDebugActiveProcess
SSDT 86AC9F40 ZwDuplicateObject
SSDT 86AC9708 ZwFreeVirtualMemory
SSDT 86A60050 ZwImpersonateAnonymousToken
SSDT 86277598 ZwImpersonateThread
SSDT 8602F490 ZwLoadDriver
SSDT 86AC9568 ZwMapViewOfSection
SSDT 86A60298 ZwOpenEvent
SSDT 86AC82B8 ZwOpenProcess
SSDT 86273D00 ZwOpenProcessToken
SSDT 86AC9050 ZwOpenSection
SSDT 86AC8128 ZwOpenThread
SSDT 86AD40B8 ZwProtectVirtualMemory
SSDT 86160B58 ZwResumeThread
SSDT 8618CA80 ZwSetContextThread
SSDT 86AC9350 ZwSetInformationProcess
SSDT 86ACB048 ZwSetSystemInformation
SSDT 86AC60B8 ZwSuspendProcess
SSDT 86274440 ZwSuspendThread
SSDT 86178250 ZwTerminateProcess
SSDT 86189148 ZwTerminateThread
SSDT 86275168 ZwUnmapViewOfSection
SSDT 86AC9A18 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 82C509C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C70512 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 13A3 82C77770 8 Bytes [D0, 33, 27, 86, 90, 6B, 27, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BB 82C77788 4 Bytes [28, 9D, AC, 86]
.text ntoskrnl.exe!KeRemoveQueueEx + 13C7 82C77794 4 Bytes [B0, 2A, FB, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 141B 82C777E8 4 Bytes [C8, 45, AD, 86] {ENTER 0xad45, 0x86}
.text ntoskrnl.exe!KeRemoveQueueEx + 1497 82C77864 4 Bytes [40, 1E, AD, 86]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9601C000, 0x388539, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A1255000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A1255123 629 Bytes [05, 25, A1, FE, 05, 34, 05, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A1255399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A12553FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A12554AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!LdrLoadDll 76F622B8 5 Bytes JMP 00071410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- EOF - GMER 1.0.15 ----

Thank you!!

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 AM

Posted 31 March 2011 - 05:32 PM

Hello, mickeddie.

Yeah, you have some malicious Firefox add-ons that are impacting FF only. We'll start with GooredFix..that usually solves this.



Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578




Step 1

Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 mickeddie

mickeddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 31 March 2011 - 08:08 PM

Thanks - here's the Gooredfix log.

And thanks for the info about Ccleaner - I use it frequently, and it does back up the registry before making changes.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:06 on 31/03/2011 (Goldberg)
Firefox version 4.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:46 10/03/2011]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [23:08 07/03/2011]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [23:08 07/03/2011]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [23:08 07/03/2011]

C:\Users\Goldberg\Application Data\Mozilla\Firefox\Profiles\tknch6cd.default\extensions\
{3841ca68-6de3-4b25-ad82-c2a2b5611bd9} [21:04 28/02/2010]

C:\Users\Goldberg\Application Data\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\
foxfilter@inspiredeffect.net [02:57 14/02/2011]
multipletab@piro.sakura.ne.jp [02:31 16/02/2011]
{3713a489-0634-4472-8456-dc7abd7eba00} [01:26 14/04/2010]
{3841ca68-6de3-4b25-ad82-c2a2b5611bd9} [21:04 28/02/2010]
{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [02:03 14/02/2011]
{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [02:03 14/02/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" [21:47 22/04/2010]

-=E.O.F=-

#6 mickeddie

mickeddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 31 March 2011 - 08:09 PM

Thanks - here's the Gooredfix log.

And thanks for the info about Ccleaner - I use it frequently, and it does back up the registry before making changes.

GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:06 on 31/03/2011 (Goldberg)
Firefox version 4.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:46 10/03/2011]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [23:08 07/03/2011]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [23:08 07/03/2011]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [23:08 07/03/2011]

C:\Users\Goldberg\Application Data\Mozilla\Firefox\Profiles\tknch6cd.default\extensions\
{3841ca68-6de3-4b25-ad82-c2a2b5611bd9} [21:04 28/02/2010]

C:\Users\Goldberg\Application Data\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\
foxfilter@inspiredeffect.net [02:57 14/02/2011]
multipletab@piro.sakura.ne.jp [02:31 16/02/2011]
{3713a489-0634-4472-8456-dc7abd7eba00} [01:26 14/04/2010]
{3841ca68-6de3-4b25-ad82-c2a2b5611bd9} [21:04 28/02/2010]
{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [02:03 14/02/2011]
{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [02:03 14/02/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" [21:47 22/04/2010]

-=E.O.F=-

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 AM

Posted 01 April 2011 - 05:41 PM

Hello, mickeddie.

Be careful as CCleaner's backups can't be restored if you end up with an unbootable computer after running a registry clean with it.

Goored Fix didn't see the new variant, so we'll move to Combofix. It's a bit more invasive, but will do the trick well.



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 mickeddie

mickeddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 02 April 2011 - 03:48 PM

Hi,

Here is the log of combofix. I have Norton Security Suite that I was unable to shut down, but I did turn off the antivirus portion that was running, in addition to turning off other antispyware programs.

ComboFix 11-04-02.01 - Goldberg 04/02/2011 15:27:30.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1065 [GMT -4:00]
Running from: c:\users\Goldberg\Desktop\estaveresCF.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\install.rdf
c:\programdata\SysWoW32
c:\programdata\SysWoW32\_u1112330982v0
c:\programdata\SysWoW32\mu1112330982v4
c:\programdata\SysWoW32\mu1112330982v4.kwd
c:\programdata\SysWoW32\mu1112330982v5
c:\programdata\SysWoW32\mu1112330982v5.kwd
c:\programdata\SysWoW32\mu1112330982v6
c:\programdata\SysWoW32\mu1112330982v6.kwd
c:\programdata\SysWoW32\mu1112330982v7
c:\programdata\SysWoW32\mu1112330982v7.kwd
c:\programdata\SysWoW32\wu1112330982v0.kwd
c:\programdata\SysWoW32\wu1112330982v1
c:\programdata\SysWoW32\wu1112330982v1.kwd
c:\programdata\SysWoW32\wu1112330982v2
c:\programdata\SysWoW32\wu1112330982v2.kwd
c:\programdata\SysWoW32\wu1112330982v3
c:\programdata\SysWoW32\wu1112330982v3.kwd
c:\programdata\unrar.exe
c:\users\Goldberg\AppData\Roaming\inst.exe
c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Recent\1400154.url
c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Recent\EleJan2011MENU.url
c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Recent\registration_form_adult.url
c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Recent\Yearbook_order_Forms.url
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\tknch6cd.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\tknch6cd.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}\chrome\xulcache.jar
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\tknch6cd.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}\install.rdf
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}\chrome\xulcache.jar
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}\install.rdf
c:\windows\system32\707063771
G:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 19:55 . 2011-04-02 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-02 18:38 . 2011-04-02 19:55 -------- d-----w- c:\users\Goldberg\AppData\Local\temp
2011-03-30 20:57 . 2011-03-30 20:57 -------- d-----w- c:\program files\AMD APP
2011-03-30 20:51 . 2011-03-30 20:53 -------- d-----w- c:\users\Goldberg\AppData\Local\eSupport.com
2011-03-30 20:51 . 2011-03-30 20:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-03-21 23:56 . 2011-03-21 23:56 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 23:55 . 2011-03-21 23:55 12385792 ----a-w- c:\windows\system32\amdocl.dll
2011-03-18 21:29 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9540B150-462A-4020-885D-B0457B4E82B1}\mpengine.dll
2011-03-17 23:07 . 2011-03-17 23:07 -------- d-----w- c:\users\Goldberg\AppData\Roaming\SUPERAntiSpyware.com
2011-03-17 23:07 . 2011-03-17 23:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-17 22:56 . 2011-03-31 01:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-14 07:25 . 2011-03-14 07:26 -------- d-----w- c:\program files\DVD Maker
2011-03-14 02:25 . 2011-03-14 02:25 -------- d-----w- c:\windows\system32\SPReview
2011-03-14 02:23 . 2011-03-14 02:23 -------- d-----w- c:\windows\system32\EventProviders
2011-03-14 02:17 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-14 02:15 . 2010-11-20 12:23 144768 ----a-w- c:\windows\system32\basecsp.dll
2011-03-14 02:14 . 2010-11-20 12:36 107008 ----a-w- c:\windows\system32\NAPHLPR.DLL
2011-03-14 02:13 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-14 02:13 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-14 02:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-14 02:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-14 02:13 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-14 02:13 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-14 02:13 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-14 02:12 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-14 02:12 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-10 21:46 . 2011-03-21 00:34 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-10 21:46 . 2011-03-21 00:34 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-10 21:46 . 2011-03-21 00:34 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-10 21:46 . 2011-03-21 00:34 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-10 21:46 . 2011-03-21 00:34 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-10 21:46 . 2011-03-21 00:34 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-10 21:46 . 2011-03-21 00:34 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-10 21:46 . 2011-03-21 00:34 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-10 16:27 . 2011-03-10 16:27 1377112 ----a-w- c:\temp\TDSSKiller.exe
2011-03-09 19:17 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 19:17 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 19:17 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 19:17 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 19:17 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:17 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:17 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 09:21 . 2011-03-09 09:21 7723008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 05:19 . 2011-03-09 05:19 17397248 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-09 04:57 . 2011-03-09 04:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 04:53 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 04:53 . 2011-03-09 04:53 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 04:52 . 2011-03-09 04:52 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 04:51 . 2011-03-09 04:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-03-09 04:51 . 2011-03-09 04:51 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-09 04:51 . 2011-03-09 04:51 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 04:51 . 2011-03-09 04:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-09 04:34 . 2011-03-09 04:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-09 04:34 . 2011-03-09 04:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-09 04:32 . 2011-03-09 04:32 5618688 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-09 04:30 . 2011-03-09 04:30 4294656 ----a-w- c:\windows\system32\atiumdag.dll
2011-03-09 04:18 . 2011-03-09 04:18 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 239616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 04:16 . 2011-03-09 04:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 03:42 . 2011-03-09 03:42 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-03-09 03:34 . 2011-03-09 03:34 3471872 ----a-w- c:\windows\system32\atiumdva.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-07 23:09 . 2011-03-07 23:09 -------- d-----w- c:\program files\Common Files\Java
2011-03-07 23:08 . 2011-03-07 23:07 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-07 23:08 . 2011-03-07 23:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-05 02:30 . 2011-03-10 22:13 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 12
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 22:35 . 2009-08-18 15:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-17 22:34 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-14 02:32 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-09 04:56 . 2010-05-27 17:02 679424 ----a-w- c:\windows\system32\aticfx32.dll
2011-03-09 04:51 . 2009-11-25 03:15 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-09 04:48 . 2010-05-27 16:54 4277760 ----a-w- c:\windows\system32\atidxx32.dll
2011-03-09 04:17 . 2010-05-27 16:24 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-03-09 04:16 . 2010-05-27 16:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-03-09 04:11 . 2010-02-03 03:23 52736 ----a-w- c:\windows\system32\coinst.dll
2011-02-18 21:36 . 2011-02-18 21:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 05:54 . 2011-02-10 15:33 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 22:11 . 2010-01-18 01:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:46 . 2011-02-22 21:03 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:46 . 2011-02-22 21:03 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-10 15:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 06:01 . 2011-02-10 15:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 05:43 . 2011-02-10 15:34 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:55 . 2011-02-10 15:34 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:51 . 2011-02-10 15:34 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-03-21 00:34 . 2011-03-10 21:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Goldberg\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Goldberg\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Goldberg\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Goldberg\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-11 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Goldberg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Run POPFile.lnk - c:\program files\POPFile\runpopfile.exe [2009-7-16 71822]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketTorrents (Minimized).lnk]
path=c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketTorrents (Minimized).lnk
backup=c:\windows\pss\RocketTorrents (Minimized).lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Run POPFile.lnk]
path=c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run POPFile.lnk
backup=c:\windows\pss\Run POPFile.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2009-07-30 23:10 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2009-06-14 23:24 307200 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDtoiPodConverter_upgrade]
c:\program files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSync]
c:\program files\PalmSource\Desktop\HotSync.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 23:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDBPL]
c:\windows\system32\capiprovider32.dll.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-11 20:38 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre6\bin\jusched.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0350Mon.exe]
c:\windows\V0350Mon.exe [BU]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 135664]
R2 hidserv32;Human Interface Device Access ;c:\windows\system32\CertPolEng32.exe [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-08 1405384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-03-30 23456]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-01 15232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-03-01 310320]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2010-12-20 80272]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-01 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-01 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110330.001\IDSvix86.sys [2011-03-14 353912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2010-12-20 1462544]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-01 117640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-03-01 48688]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 01:48]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 01:48]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3884901708-1802843103-2556975195-1000Core.job
- c:\users\Goldberg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-10 15:25]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3884901708-1802843103-2556975195-1000UA.job
- c:\users\Goldberg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-10 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4200)
c:\users\Goldberg\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Norton Security Suite\Engine\3.8.0.41\buShell.dll
.
Completion time: 2011-04-02 15:58:28
ComboFix-quarantined-files.txt 2011-04-02 19:58
ComboFix2.txt 2011-04-02 18:53
.
Pre-Run: 58,221,084,672 bytes free
Post-Run: 58,161,291,264 bytes free
.
- - End Of File - - 7D77DA03805EFCA598755EBDAF7D9D61

Hi,

Here is the log of combofix. I have Norton Security Suite that I was unable to shut down, but I did turn off the antivirus portion that was running, in addition to turning off other antispyware programs.

ComboFix 11-04-02.01 - Goldberg 04/02/2011 15:27:30.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2047.1065 [GMT -4:00]
Running from: c:\users\Goldberg\Desktop\estaveresCF.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Security Suite *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Security Suite *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton Security Suite *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\install.rdf
c:\programdata\SysWoW32
c:\programdata\SysWoW32\_u1112330982v0
c:\programdata\SysWoW32\mu1112330982v4
c:\programdata\SysWoW32\mu1112330982v4.kwd
c:\programdata\SysWoW32\mu1112330982v5
c:\programdata\SysWoW32\mu1112330982v5.kwd
c:\programdata\SysWoW32\mu1112330982v6
c:\programdata\SysWoW32\mu1112330982v6.kwd
c:\programdata\SysWoW32\mu1112330982v7
c:\programdata\SysWoW32\mu1112330982v7.kwd
c:\programdata\SysWoW32\wu1112330982v0.kwd
c:\programdata\SysWoW32\wu1112330982v1
c:\programdata\SysWoW32\wu1112330982v1.kwd
c:\programdata\SysWoW32\wu1112330982v2
c:\programdata\SysWoW32\wu1112330982v2.kwd
c:\programdata\SysWoW32\wu1112330982v3
c:\programdata\SysWoW32\wu1112330982v3.kwd
c:\programdata\unrar.exe
c:\users\Goldberg\AppData\Roaming\inst.exe
c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Recent\1400154.url
c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Recent\EleJan2011MENU.url
c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Recent\registration_form_adult.url
c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Recent\Yearbook_order_Forms.url
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\tknch6cd.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\tknch6cd.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}\chrome\xulcache.jar
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\tknch6cd.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}\install.rdf
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}\chrome\xulcache.jar
c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\extensions\{3841ca68-6de3-4b25-ad82-c2a2b5611bd9}\install.rdf
c:\windows\system32\707063771
G:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 19:55 . 2011-04-02 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-02 18:38 . 2011-04-02 19:55 -------- d-----w- c:\users\Goldberg\AppData\Local\temp
2011-03-30 20:57 . 2011-03-30 20:57 -------- d-----w- c:\program files\AMD APP
2011-03-30 20:51 . 2011-03-30 20:53 -------- d-----w- c:\users\Goldberg\AppData\Local\eSupport.com
2011-03-30 20:51 . 2011-03-30 20:51 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-03-21 23:56 . 2011-03-21 23:56 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-03-21 23:56 . 2011-03-21 23:56 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 23:55 . 2011-03-21 23:55 12385792 ----a-w- c:\windows\system32\amdocl.dll
2011-03-18 21:29 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9540B150-462A-4020-885D-B0457B4E82B1}\mpengine.dll
2011-03-17 23:07 . 2011-03-17 23:07 -------- d-----w- c:\users\Goldberg\AppData\Roaming\SUPERAntiSpyware.com
2011-03-17 23:07 . 2011-03-17 23:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-17 22:56 . 2011-03-31 01:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-14 07:25 . 2011-03-14 07:26 -------- d-----w- c:\program files\DVD Maker
2011-03-14 02:25 . 2011-03-14 02:25 -------- d-----w- c:\windows\system32\SPReview
2011-03-14 02:23 . 2011-03-14 02:23 -------- d-----w- c:\windows\system32\EventProviders
2011-03-14 02:17 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-14 02:15 . 2010-11-20 12:23 144768 ----a-w- c:\windows\system32\basecsp.dll
2011-03-14 02:14 . 2010-11-20 12:36 107008 ----a-w- c:\windows\system32\NAPHLPR.DLL
2011-03-14 02:13 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-14 02:13 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-14 02:13 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-14 02:13 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-03-14 02:13 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-14 02:13 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-14 02:13 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-14 02:12 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-14 02:12 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-10 21:46 . 2011-03-21 00:34 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-10 21:46 . 2011-03-21 00:34 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-10 21:46 . 2011-03-21 00:34 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-10 21:46 . 2011-03-21 00:34 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-10 21:46 . 2011-03-21 00:34 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-10 21:46 . 2011-03-21 00:34 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-10 21:46 . 2011-03-21 00:34 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-10 21:46 . 2011-03-21 00:34 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-10 16:27 . 2011-03-10 16:27 1377112 ----a-w- c:\temp\TDSSKiller.exe
2011-03-09 19:17 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 19:17 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 19:17 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 19:17 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 19:17 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:17 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:17 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 09:21 . 2011-03-09 09:21 7723008 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 05:19 . 2011-03-09 05:19 17397248 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-09 04:57 . 2011-03-09 04:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 04:53 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 04:53 . 2011-03-09 04:53 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 04:52 . 2011-03-09 04:52 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 04:51 . 2011-03-09 04:51 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-03-09 04:51 . 2011-03-09 04:51 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-09 04:51 . 2011-03-09 04:51 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 04:51 . 2011-03-09 04:51 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-03-09 04:34 . 2011-03-09 04:34 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-03-09 04:34 . 2011-03-09 04:34 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-09 04:32 . 2011-03-09 04:32 5618688 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-09 04:30 . 2011-03-09 04:30 4294656 ----a-w- c:\windows\system32\atiumdag.dll
2011-03-09 04:18 . 2011-03-09 04:18 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 239616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 04:16 . 2011-03-09 04:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 03:42 . 2011-03-09 03:42 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-03-09 03:34 . 2011-03-09 03:34 3471872 ----a-w- c:\windows\system32\atiumdva.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-03-07 23:09 . 2011-03-07 23:09 -------- d-----w- c:\program files\Common Files\Java
2011-03-07 23:08 . 2011-03-07 23:07 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-07 23:08 . 2011-03-07 23:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-05 02:30 . 2011-03-10 22:13 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 12
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 22:35 . 2009-08-18 15:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-03-17 22:34 . 2009-08-18 15:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-14 02:32 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-09 04:56 . 2010-05-27 17:02 679424 ----a-w- c:\windows\system32\aticfx32.dll
2011-03-09 04:51 . 2009-11-25 03:15 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-03-09 04:48 . 2010-05-27 16:54 4277760 ----a-w- c:\windows\system32\atidxx32.dll
2011-03-09 04:17 . 2010-05-27 16:24 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-03-09 04:16 . 2010-05-27 16:24 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-03-09 04:11 . 2010-02-03 03:23 52736 ----a-w- c:\windows\system32\coinst.dll
2011-02-18 21:36 . 2011-02-18 21:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2011-02-18 21:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 05:54 . 2011-02-10 15:33 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 22:11 . 2010-01-18 01:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:46 . 2011-02-22 21:03 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:46 . 2011-02-22 21:03 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-10 15:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 06:01 . 2011-02-10 15:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 05:43 . 2011-02-10 15:34 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:55 . 2011-02-10 15:34 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:51 . 2011-02-10 15:34 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-03-21 00:34 . 2011-03-10 21:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Goldberg\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Goldberg\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Goldberg\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Goldberg\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-11 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-18 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Goldberg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Run POPFile.lnk - c:\program files\POPFile\runpopfile.exe [2009-7-16 71822]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketTorrents (Minimized).lnk]
path=c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketTorrents (Minimized).lnk
backup=c:\windows\pss\RocketTorrents (Minimized).lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Goldberg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Run POPFile.lnk]
path=c:\users\Goldberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run POPFile.lnk
backup=c:\windows\pss\Run POPFile.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
2009-07-30 23:10 380928 ----a-w- c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2009-06-14 23:24 307200 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-21 21:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDtoiPodConverter_upgrade]
c:\program files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotSync]
c:\program files\PalmSource\Desktop\HotSync.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 23:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDBPL]
c:\windows\system32\capiprovider32.dll.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-12-11 20:38 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre6\bin\jusched.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0350Mon.exe]
c:\windows\V0350Mon.exe [BU]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 135664]
R2 hidserv32;Human Interface Device Access ;c:\windows\system32\CertPolEng32.exe [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-03-08 1405384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-03-30 23456]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-03-01 15232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-10 1343400]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-03-01 310320]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2010-12-20 80272]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-03-01 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-03-01 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110330.001\IDSvix86.sys [2011-03-14 353912]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-09 176128]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2010-12-20 1462544]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe [2010-03-01 117640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-09 7723008]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-09 239616]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-03-01 48688]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 01:48]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-15 01:48]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3884901708-1802843103-2556975195-1000Core.job
- c:\users\Goldberg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-10 15:25]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3884901708-1802843103-2556975195-1000UA.job
- c:\users\Goldberg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-10 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Goldberg\AppData\Roaming\Mozilla\Firefox\Profiles\xfopv8fi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4200)
c:\users\Goldberg\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Norton Security Suite\Engine\3.8.0.41\buShell.dll
.
Completion time: 2011-04-02 15:58:28
ComboFix-quarantined-files.txt 2011-04-02 19:58
ComboFix2.txt 2011-04-02 18:53
.
Pre-Run: 58,221,084,672 bytes free
Post-Run: 58,161,291,264 bytes free
.
- - End Of File - - 7D77DA03805EFCA598755EBDAF7D9D61

#9 mickeddie

mickeddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 02 April 2011 - 03:51 PM

-

Edited by etavares, 03 April 2011 - 08:08 AM.
remove duplicate post


#10 mickeddie

mickeddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 02 April 2011 - 04:07 PM

-

Edited by etavares, 03 April 2011 - 08:08 AM.
remove duplicate post


#11 mickeddie

mickeddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 02 April 2011 - 04:09 PM

-

Edited by etavares, 03 April 2011 - 08:07 AM.
remove duplicate post


#12 mickeddie

mickeddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 02 April 2011 - 04:54 PM

-

Edited by etavares, 03 April 2011 - 08:07 AM.
remove duplicate post


#13 mickeddie

mickeddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 02 April 2011 - 04:56 PM

-

Edited by etavares, 03 April 2011 - 08:06 AM.
remove duplicate post


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:18 AM

Posted 03 April 2011 - 08:08 AM

Hello, mickeddie.

OK, it appears you disabled it just fine. It also appears to have removed the malicious add on. Are you still being redirected now? I see one other add-on that is likely malicious that Combofix did not remove.

Also, it appears you have two antiviruses running, please see the note below.




Two Antiviruses Warning


I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton Security Suite or Lavasoft Ad-Watch Live! Antivirus.



etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 mickeddie

mickeddie
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 04 April 2011 - 07:48 AM

Thank you so much, Etavares.

I have not been on my home computer to test it. The malware that Combofix could not remove - how concerned to I need to be about this, and do I have any other options to remove it?

Also, you said I have 2 anti virus programs - other than Norton, what is the other one (so I can disable it)?

Thanks again!!

Eddie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users