1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Internet only working in safe networking mode

Discussion in 'Virus & Other Malware Removal' started by mej25, Oct 31, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. mej25

    mej25 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    8
    My computer started slowing up and giving me some random error messages (I didn't write them down but they had "Win 32" written in them), so I purchased and downloaded Norton360. In the middle of the installation process I received an error message which said Norton could not connect to the internet to complete the installation process. Although my internet had been working before I downloaded Norton it stopped working entirely after I attempted to install Norton. My computer currently indicates that it is connected through both the wireless and wired network connections and the network connections appear to be sending and receiving data. When I ping websites through DOS command I get 75 - 100% loss. I have run ComboFIX and the log is as follows:
    ComboFix 11-10-30.04 - Matthew 10/31/2011 18:48:56.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1444 [GMT -4:00]
    Running from: c:\documents and settings\Matthew\Desktop\ComboFix.exe
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-31 21:04 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
    2011-10-31 21:04 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2011-10-31 18:18 . 2011-10-31 18:18 -------- d-----w- c:\documents and settings\Matthew\Application Data\Tific
    2011-10-31 18:12 . 2011-10-31 18:12 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-10-31 18:12 . 2011-10-31 18:12 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\windows\system32\drivers\N360
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\program files\Norton 360
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\program files\Windows Sidebar
    2011-10-14 19:41 . 2011-10-31 22:46 -------- d-----w- c:\documents and settings\Matthew\Application Data\Dropbox
    2011-10-11 20:09 . 2011-08-22 09:39 113008 ----a-w- c:\windows\system32\gotomon.dll
    2011-10-06 00:21 . 2011-10-06 00:21 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Yahoo
    2011-10-06 00:20 . 2011-10-06 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-22 09:39 . 2009-07-06 16:52 52080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\GoToPrintProcessor.dll
    2007-10-04 17:26 . 2007-10-04 17:26 2244608 -c--a-w- c:\program files\SecurexamStudent.exe
    2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2011-10-01 14:53 . 2011-05-09 00:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2008-01-13 18:57 . 2008-01-13 18:57 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_21.44.58 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-10-31 20:29 . 2011-10-31 22:28 925240 c:\windows\system32\Restore\rstrlog.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{da879c19-9088-418b-a63a-2e6fb294eaf0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Helper.dll" [2010-06-26 243200]
    .
    [HKEY_CLASSES_ROOT\clsid\{da879c19-9088-418b-a63a-2e6fb294eaf0}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{26582F40-76E8-4A2A-B30C-26832801B787}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5712A6BB-B6C8-4E52-A152-1BA741C9A6A2}]
    2010-06-26 16:52 1502208 ----a-w- c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-06-26 1502208]
    .
    [HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-06-26 1502208]
    .
    [HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 2356088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "NvMediaCenter"="NvMCTray.dll" [2007-04-29 81920]
    "NVHotkey"="nvHotkey.dll" [2007-04-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "nwiz"="nwiz.exe" [2007-04-29 1626112]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-01 198160]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-11 161336]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Matthew\Start Menu\Programs\Startup\
    Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
    Dropbox.lnk - c:\documents and settings\Matthew\Application Data\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
    2011-08-22 09:39 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
    backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix XenApp.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix XenApp.lnk
    backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
    backup=c:\windows\pss\eFax 4.3.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Matthew\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-10-15 01:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-01-25 22:34 159744 ----a-w- c:\program files\Apoint\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Asfplayer]
    2005-10-18 04:44 2326528 ----a-w- c:\program files\Linksys\Compact Wireless-G Internet Video Camera\asfplayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
    2011-01-18 12:10 54664 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2007-08-14 07:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
    2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-01-13 18:57 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-06-04 03:13 136176 ----atw- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
    2011-09-11 10:26 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
    2011-10-31 18:26 946032 ----a-w- c:\program files\Citrix\GoToMyPC\g2svc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 17:08 49208 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-07-16 19:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 16:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    2007-09-06 19:53 169264 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2007-04-29 00:05 1626112 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-04-17 04:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-02-01 21:19 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
    2009-11-18 14:50 4269296 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
    2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "WLANKEEPER"=2 (0x2)
    "WinDefend"=2 (0x2)
    "WebUpdate4"=2 (0x2)
    "Viewpoint Manager Service"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "SymSecurePort"=2 (0x2)
    "Symantec AntiVirus"=2 (0x2)
    "stllssvr"=3 (0x3)
    "STacSV"=2 (0x2)
    "SSIRuntimeService"=2 (0x2)
    "SQLWriter"=2 (0x2)
    "SQLBrowser"=2 (0x2)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=2 (0x2)
    "SessionLauncher"=2 (0x2)
    "ServicepointService"=2 (0x2)
    "sdCoreService"=3 (0x3)
    "sdAuxService"=3 (0x3)
    "SavRoam"=3 (0x3)
    "S24EventMonitor"=2 (0x2)
    "RoxWatch9"=2 (0x2)
    "RoxWatch10"=2 (0x2)
    "RoxMediaDB9"=3 (0x3)
    "RoxMediaDB10"=3 (0x3)
    "RoxLiveShare9"=2 (0x2)
    "RoxLiveShare10"=2 (0x2)
    "Roxio Upnp Server 9"=2 (0x2)
    "Roxio Upnp Server 10"=2 (0x2)
    "Roxio UPnP Renderer 9"=3 (0x3)
    "Roxio UPnP Renderer 10"=3 (0x3)
    "RegSrvc"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NVSvc"=2 (0x2)
    "NICCONFIGSVC"=2 (0x2)
    "MSSQL$MSSMLBIZ"=3 (0x3)
    "McciCMService"=2 (0x2)
    "Maxtor Sync Service"=2 (0x2)
    "LVSrvLauncher"=2 (0x2)
    "LVPrcSrv"=2 (0x2)
    "LVCOMSer"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "ISSVC"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gusvc"=2 (0x2)
    "gupdate"=2 (0x2)
    "GoToMyPC"=2 (0x2)
    "GoogleDesktopManager-010108-205858"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "EvtEng"=2 (0x2)
    "DefWatch"=2 (0x2)
    "CVPND"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "BcmSqlStartupSvc"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "Amazon Download Agent"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Documents and Settings\\Matthew\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
    "c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
    "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\TroubleShooter.exe"=
    "c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\ToolbarUpdate.exe"=
    "c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
    "c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Matthew\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [10/31/2011 2:11 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [10/31/2011 2:11 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110415.001\BHDrvx86.sys [10/31/2011 2:11 PM 802936]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [10/31/2011 2:11 PM 136312]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110330.001\IDSXpx86.sys [10/31/2011 2:11 PM 341944]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 5:44 PM 135664]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [10/31/2011 2:11 PM 130008]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [7/16/2010 6:23 PM 6638080]
    S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [9/9/2010 8:08 AM 423576]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 5:44 PM 135664]
    S4 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/13/2008 2:57 PM 29744]
    S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
    S4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
    S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
    S4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
    S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
    S4 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [3/23/2010 1:31 PM 668912]
    S4 SessionLauncher;SessionLauncher;c:\docume~1\Matthew\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Matthew\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
    S4 SSIRuntimeService;SSIRuntimeService;c:\program files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe [10/4/2007 1:17 PM 45056]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2008 12:47 AM 24652]
    S4 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/18/2007 12:57 PM 229856]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2010-12-20 23:08 124928 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
    .
    2011-10-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
    .
    2011-10-31 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 10:26]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 18:20]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 18:20]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1500820517-839522115-1003Core.job
    - c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:13]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1500820517-839522115-1003UA.job
    - c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:13]
    .
    2011-10-31 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    2011-10-28 c:\windows\Tasks\Norton Security Scan for Matthew.job
    - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-22 20:45]
    .
    2008-01-12 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-01-12 22:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send To CaseMap - c:\windows\system32\lnToCM.htm
    Trusted Zone: glic.com
    Trusted Zone: gliconline.com
    Trusted Zone: guardianinvestor.com
    Trusted Zone: guardianlife.com
    Trusted Zone: pasmystreetscape.com
    Trusted Zone: streetscape.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neWeb2/neWebCl.cab
    FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\a6phin90.default\
    FF - prefs.js: browser.startup.homepage - www.nytimes.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-31 18:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1724)
    c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
    .
    - - - - - - - > 'explorer.exe'(1644)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-10-31 18:59:15
    ComboFix-quarantined-files.txt 2011-10-31 22:59
    ComboFix2.txt 2011-10-31 21:47
    .
    Pre-Run: 9,976,995,840 bytes free
    Post-Run: 9,949,028,352 bytes free
    .
    - - End Of File - - 7C0FB0EA8F00064AE4F3501AEAE774F5

    I have attempted to use the system restore tool, but it has not worked either.

    Any help or advice would be greatly appreciated.
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    How many times have you run Combofix?
     
  3. mej25

    mej25 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    8
    twice.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Can I see the following logs :-

    C:\Qoobox\ComboFix-quarantined-files.txt
    C:\Qoobox\ComboFix2.txt

    Next,

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Kevin...
     
  5. mej25

    mej25 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    8
    COMBOFIX 1
    2011-10-31 21:46:20 . 2011-10-31 21:46:20 500 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-ExtegrityExam40.reg.dat
    2011-10-31 21:46:07 . 2011-10-31 21:46:07 774 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ToolBoxFX.reg.dat
    2011-10-31 21:46:07 . 2011-10-31 21:46:07 634 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-TomcatStartup 2.reg.dat
    2011-10-31 21:46:06 . 2011-10-31 21:46:06 688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-StatusClient 2.reg.dat
    2011-10-31 21:46:06 . 2011-10-31 21:46:06 688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-RoxWatchTray.reg.dat
    2011-10-31 21:46:06 . 2011-10-31 21:46:06 688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-OrderReminder.reg.dat
    2011-10-31 21:46:06 . 2011-10-31 21:46:06 602 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-nah_Shell.reg.dat
    2011-10-31 21:46:06 . 2011-10-31 21:46:06 732 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-LogitechCommunicationsManager.reg.dat
    2011-10-31 21:46:05 . 2011-10-31 21:46:05 628 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-HP Component Manager.reg.dat
    2011-10-31 21:46:05 . 2011-10-31 21:46:05 726 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-BlackBerryAutoUpdate.reg.dat
    2011-10-31 21:46:05 . 2011-10-31 21:46:05 736 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AmazonGSDownloaderTray.reg.dat
    2011-10-31 21:46:02 . 2011-10-31 21:46:02 336 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-NavLogon.reg.dat
    2011-10-31 21:23:37 . 2010-05-07 08:01:54 162 ----a-w- C:\Qoobox\Quarantine\F\Autorun.inf.vir
    2011-10-31 21:23:37 . 2009-01-16 08:14:08 156,312 ----a-w- C:\Qoobox\Quarantine\F\Setup.exe.vir
    2011-10-31 21:23:36 . 2007-11-07 12:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\E\install.exe.vir
    2011-10-31 21:23:36 . 2007-05-10 13:48:26 32 ----a-w- C:\Qoobox\Quarantine\E\Autorun.inf.vir
    2011-10-31 21:19:02 . 2011-10-31 21:19:02 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\_3664895557_.zip
    2011-10-31 21:17:54 . 2011-10-31 21:17:54 6,924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_usnjsvc.reg.dat
    2011-10-31 21:17:54 . 2011-10-31 21:17:54 410 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_1f64d227.reg.dat
    2011-10-31 21:17:54 . 2011-10-31 21:17:54 888 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_USNJSVC.reg.dat
    2011-10-31 21:17:39 . 2011-10-31 22:54:48 13,108 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2011-10-31 21:04:44 . 2011-10-31 21:04:44 1,081 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\_loader_.tlb.zip
    2011-10-31 21:02:13 . 2011-10-31 22:47:47 1,479 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2011-10-31 15:00:37 . 2011-10-31 15:13:05 3,584 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\U\@000000c0.vir
    2011-10-30 21:28:51 . 2011-10-31 01:02:47 14,336 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Matthew\Local Settings\Application Data\1f64d227\U\[email protected]
    2011-10-28 21:09:56 . 2011-10-31 20:34:16 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\loader.tlb.vir
    2011-10-28 21:06:26 . 2011-10-31 20:30:48 28,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir
    2011-10-28 21:03:33 . 2011-10-28 21:03:33 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\@.vir
    2011-10-28 21:03:33 . 2011-10-28 21:03:33 75,264 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\L\ihpoinuf.vir
    2011-10-28 21:03:26 . 2011-10-28 21:03:26 59,392 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Matthew\Local Settings\Application Data\1f64d227\X.vir
    2011-10-28 21:03:26 . 2011-10-28 21:03:26 2,048 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Matthew\Local Settings\Application Data\1f64d227\@.vir
    2011-10-26 10:32:58 . 2011-10-31 01:02:47 16,384 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Matthew\Local Settings\Application Data\1f64d227\U\[email protected]
    2011-10-25 18:03:33 . 2011-10-28 21:06:25 23,552 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\U\@800000cb.vir
    2011-10-22 22:50:54 . 2011-10-28 21:06:23 23,040 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\U\@80000000.vir
    2011-09-30 00:34:34 . 2011-10-28 21:06:21 3,072 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\U\@000000cb.vir
    2011-09-16 08:29:44 . 2011-10-28 21:06:25 35,840 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\U\@800000c0.vir
    2011-09-10 14:59:36 . 2011-10-28 21:06:24 45,968 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\U\@00000001.vir
    2011-09-10 13:28:10 . 2011-10-28 21:06:25 27,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\U\@800000cf.vir
    2011-09-09 19:03:00 . 2011-10-28 21:06:23 1,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB12988$\526701095\U\@000000cf.vir
    2010-06-04 15:15:44 . 2011-07-21 01:05:33 151 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest.vir
    2010-06-04 15:15:44 . 2011-07-21 01:05:32 774 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf.vir
    2009-08-24 03:19:48 . 2010-05-09 23:55:53 1 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\etc\lmhosts.vir
    2009-07-06 16:52:43 . 2011-02-05 20:37:26 2,140 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\gotomon.log.vir
    2009-04-17 02:36:27 . 2009-04-25 05:42:11 0 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Matthew\nah_ijpv.exe.vir
    2009-04-17 02:36:27 . 2009-04-17 02:36:27 3,832 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\chrome\amba.jar.vir
    2008-11-09 20:48:14 . 2008-11-09 20:48:14 602,392 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe.vir
    2008-03-21 03:56:49 . 2011-10-31 00:52:56 664 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\d3d9caps.dat.vir
    2008-01-28 04:56:20 . 2008-01-28 04:56:21 656,896 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe.vir
    2008-01-12 02:08:28 . 2009-08-06 23:24:06 53,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ .vir
    2004-08-04 10:00:00 . 2004-08-04 10:00:00 9,050 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\Help\Tours\htmlTour\unlock_playing.htm.vir
    2004-08-04 10:00:00 . 2004-08-04 10:00:00 48,016 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\c_36632.nls.vir
    2004-08-04 10:00:00 . 2008-04-13 19:19:42 75,264 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir
    2004-08-04 10:00:00 . 2008-04-13 19:19:42 75,264 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir_
    2002-08-15 05:13:10 . 2002-05-13 18:59:42 65,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\CONFIG.exe.vir


    COMBOFIX2
    ComboFix 11-10-30.04 - Matthew 10/31/2011 17:36:58.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1404 [GMT -4:00]
    Running from: c:\documents and settings\Matthew\Desktop\ComboFix.exe
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Matthew\Local Settings\Application Data\1f64d227\@
    c:\documents and settings\Matthew\Local Settings\Application Data\1f64d227\U\[email protected]
    c:\documents and settings\Matthew\Local Settings\Application Data\1f64d227\U\[email protected]
    c:\documents and settings\Matthew\Local Settings\Application Data\1f64d227\X
    c:\documents and settings\Matthew\nah_ijpv.exe
    c:\program files\Mozilla Firefox\chrome\amba.jar
    c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
    c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
    c:\windows\$NtUninstallKB12988$\3664895557
    c:\windows\$NtUninstallKB12988$\526701095\@
    c:\windows\$NtUninstallKB12988$\526701095\L\ihpoinuf
    c:\windows\$NtUninstallKB12988$\526701095\loader.tlb
    c:\windows\$NtUninstallKB12988$\526701095\U\@00000001
    c:\windows\$NtUninstallKB12988$\526701095\U\@000000c0
    c:\windows\$NtUninstallKB12988$\526701095\U\@000000cb
    c:\windows\$NtUninstallKB12988$\526701095\U\@000000cf
    c:\windows\$NtUninstallKB12988$\526701095\U\@80000000
    c:\windows\$NtUninstallKB12988$\526701095\U\@800000c0
    c:\windows\$NtUninstallKB12988$\526701095\U\@800000cb
    c:\windows\$NtUninstallKB12988$\526701095\U\@800000cf
    c:\windows\help\tours\htmltour\unlock_playing.htm
    c:\windows\system32\
    c:\windows\system32\c_36632.nls
    c:\windows\system32\CONFIG.exe
    c:\windows\system32\d3d9caps.dat
    c:\windows\system32\drivers\etc\lmhosts
    c:\windows\system32\gotomon.log
    E:\Autorun.inf
    E:\install.exe
    F:\Autorun.inf
    F:\Setup.exe
    .
    -- Previous Run --
    .
    Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
    Restored copy from - The cat found it :)
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . . . is infected!!
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . . . was deleted!! You should re-install the program it pertains to
    .
    Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
    Restored copy from - The cat found it :)
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . . . is infected!!
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . . . was deleted!! You should re-install the program it pertains to
    .
    Infected copy of c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe was found and disinfected
    Restored copy from - c:\program files\Yahoo!\SoftwareUpdate\
    .
    --------
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_USNJSVC
    -------\Service_1f64d227
    -------\Service_usnjsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-31 21:04 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
    2011-10-31 21:04 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2011-10-31 18:18 . 2011-10-31 18:18 -------- d-----w- c:\documents and settings\Matthew\Application Data\Tific
    2011-10-31 18:12 . 2011-10-31 18:12 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-10-31 18:12 . 2011-10-31 18:12 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\windows\system32\drivers\N360
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\program files\Norton 360
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\program files\Windows Sidebar
    2011-10-14 19:41 . 2011-10-31 21:32 -------- d-----w- c:\documents and settings\Matthew\Application Data\Dropbox
    2011-10-11 20:09 . 2011-08-22 09:39 113008 ----a-w- c:\windows\system32\gotomon.dll
    2011-10-06 00:21 . 2011-10-06 00:21 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Yahoo
    2011-10-06 00:20 . 2011-10-06 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-22 09:39 . 2009-07-06 16:52 52080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\GoToPrintProcessor.dll
    2007-10-04 17:26 . 2007-10-04 17:26 2244608 -c--a-w- c:\program files\SecurexamStudent.exe
    2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2011-10-01 14:53 . 2011-05-09 00:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2008-01-13 18:57 . 2008-01-13 18:57 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{da879c19-9088-418b-a63a-2e6fb294eaf0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Helper.dll" [2010-06-26 243200]
    .
    [HKEY_CLASSES_ROOT\clsid\{da879c19-9088-418b-a63a-2e6fb294eaf0}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{26582F40-76E8-4A2A-B30C-26832801B787}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5712A6BB-B6C8-4E52-A152-1BA741C9A6A2}]
    2010-06-26 16:52 1502208 ----a-w- c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-06-26 1502208]
    .
    [HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-06-26 1502208]
    .
    [HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 2356088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "NvMediaCenter"="NvMCTray.dll" [2007-04-29 81920]
    "NVHotkey"="nvHotkey.dll" [2007-04-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "nwiz"="nwiz.exe" [2007-04-29 1626112]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-01 198160]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-11 161336]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Matthew\Start Menu\Programs\Startup\
    Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
    Dropbox.lnk - c:\documents and settings\Matthew\Application Data\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
    2011-08-22 09:39 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
    backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix XenApp.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix XenApp.lnk
    backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
    backup=c:\windows\pss\eFax 4.3.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Matthew\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-10-15 01:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-01-25 22:34 159744 ----a-w- c:\program files\Apoint\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Asfplayer]
    2005-10-18 04:44 2326528 ----a-w- c:\program files\Linksys\Compact Wireless-G Internet Video Camera\asfplayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
    2011-01-18 12:10 54664 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2007-08-14 07:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
    2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-01-13 18:57 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-06-04 03:13 136176 ----atw- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
    2011-09-11 10:26 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
    2011-10-31 18:26 946032 ----a-w- c:\program files\Citrix\GoToMyPC\g2svc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 17:08 49208 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-07-16 19:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 16:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    2007-09-06 19:53 169264 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2007-04-29 00:05 1626112 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-04-17 04:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-02-01 21:19 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
    2009-11-18 14:50 4269296 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
    2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "WLANKEEPER"=2 (0x2)
    "WinDefend"=2 (0x2)
    "WebUpdate4"=2 (0x2)
    "Viewpoint Manager Service"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "SymSecurePort"=2 (0x2)
    "Symantec AntiVirus"=2 (0x2)
    "stllssvr"=3 (0x3)
    "STacSV"=2 (0x2)
    "SSIRuntimeService"=2 (0x2)
    "SQLWriter"=2 (0x2)
    "SQLBrowser"=2 (0x2)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=2 (0x2)
    "SessionLauncher"=2 (0x2)
    "ServicepointService"=2 (0x2)
    "sdCoreService"=3 (0x3)
    "sdAuxService"=3 (0x3)
    "SavRoam"=3 (0x3)
    "S24EventMonitor"=2 (0x2)
    "RoxWatch9"=2 (0x2)
    "RoxWatch10"=2 (0x2)
    "RoxMediaDB9"=3 (0x3)
    "RoxMediaDB10"=3 (0x3)
    "RoxLiveShare9"=2 (0x2)
    "RoxLiveShare10"=2 (0x2)
    "Roxio Upnp Server 9"=2 (0x2)
    "Roxio Upnp Server 10"=2 (0x2)
    "Roxio UPnP Renderer 9"=3 (0x3)
    "Roxio UPnP Renderer 10"=3 (0x3)
    "RegSrvc"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NVSvc"=2 (0x2)
    "NICCONFIGSVC"=2 (0x2)
    "MSSQL$MSSMLBIZ"=3 (0x3)
    "McciCMService"=2 (0x2)
    "Maxtor Sync Service"=2 (0x2)
    "LVSrvLauncher"=2 (0x2)
    "LVPrcSrv"=2 (0x2)
    "LVCOMSer"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "ISSVC"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gusvc"=2 (0x2)
    "gupdate"=2 (0x2)
    "GoToMyPC"=2 (0x2)
    "GoogleDesktopManager-010108-205858"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "EvtEng"=2 (0x2)
    "DefWatch"=2 (0x2)
    "CVPND"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "BcmSqlStartupSvc"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "Amazon Download Agent"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Documents and Settings\\Matthew\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
    "c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
    "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\TroubleShooter.exe"=
    "c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\ToolbarUpdate.exe"=
    "c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
    "c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Matthew\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [10/31/2011 2:11 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [10/31/2011 2:11 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110415.001\BHDrvx86.sys [10/31/2011 2:11 PM 802936]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [10/31/2011 2:11 PM 136312]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110330.001\IDSXpx86.sys [10/31/2011 2:11 PM 341944]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 5:44 PM 135664]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [10/31/2011 2:11 PM 130008]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [7/16/2010 6:23 PM 6638080]
    S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [9/9/2010 8:08 AM 423576]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 5:44 PM 135664]
    S4 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/13/2008 2:57 PM 29744]
    S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
    S4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
    S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
    S4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
    S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
    S4 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [3/23/2010 1:31 PM 668912]
    S4 SessionLauncher;SessionLauncher;c:\docume~1\Matthew\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Matthew\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
    S4 SSIRuntimeService;SSIRuntimeService;c:\program files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe [10/4/2007 1:17 PM 45056]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2008 12:47 AM 24652]
    S4 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/18/2007 12:57 PM 229856]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2010-12-20 23:08 124928 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
    .
    2011-10-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
    .
    2011-10-31 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 10:26]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 18:20]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 18:20]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1500820517-839522115-1003Core.job
    - c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:13]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1500820517-839522115-1003UA.job
    - c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:13]
    .
    2011-10-31 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    2011-10-28 c:\windows\Tasks\Norton Security Scan for Matthew.job
    - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-22 20:45]
    .
    2008-01-12 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-01-12 22:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send To CaseMap - c:\windows\system32\lnToCM.htm
    Trusted Zone: glic.com
    Trusted Zone: gliconline.com
    Trusted Zone: guardianinvestor.com
    Trusted Zone: guardianlife.com
    Trusted Zone: pasmystreetscape.com
    Trusted Zone: streetscape.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neWeb2/neWebCl.cab
    FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\a6phin90.default\
    FF - prefs.js: browser.startup.homepage - www.nytimes.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-NavLogon - (no file)
    MSConfigStartUp-AmazonGSDownloaderTray - c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
    MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    MSConfigStartUp-nah_Shell - c:\documents and settings\Matthew\nah_ijpv.exe
    MSConfigStartUp-OrderReminder - c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
    MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    MSConfigStartUp-StatusClient 2 - c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    MSConfigStartUp-TomcatStartup 2 - c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    MSConfigStartUp-ToolBoxFX - c:\program files\hp\ToolBoxFX\bin\HPTLBXFX.exe
    AddRemove-ExtegrityExam40 - c:\program files\Extegrity\Exam4\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-31 17:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1416)
    c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
    .
    - - - - - - - > 'explorer.exe'(856)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-10-31 17:47:18
    ComboFix-quarantined-files.txt 2011-10-31 21:47
    .
    Pre-Run: 10,098,675,712 bytes free
    Post-Run: 10,039,701,504 bytes free
    .
    - - End Of File - - 740FCA7FBC6212C5BA78D36E9F5729FF

    LOG OF SECURITY CHECK
    ComboFix 11-10-30.04 - Matthew 10/31/2011 18:48:56.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1444 [GMT -4:00]
    Running from: c:\documents and settings\Matthew\Desktop\ComboFix.exe
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-31 21:04 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
    2011-10-31 21:04 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2011-10-31 18:18 . 2011-10-31 18:18 -------- d-----w- c:\documents and settings\Matthew\Application Data\Tific
    2011-10-31 18:12 . 2011-10-31 18:12 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-10-31 18:12 . 2011-10-31 18:12 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\windows\system32\drivers\N360
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\program files\Norton 360
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\program files\Windows Sidebar
    2011-10-14 19:41 . 2011-10-31 22:46 -------- d-----w- c:\documents and settings\Matthew\Application Data\Dropbox
    2011-10-11 20:09 . 2011-08-22 09:39 113008 ----a-w- c:\windows\system32\gotomon.dll
    2011-10-06 00:21 . 2011-10-06 00:21 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Yahoo
    2011-10-06 00:20 . 2011-10-06 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-22 09:39 . 2009-07-06 16:52 52080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\GoToPrintProcessor.dll
    2007-10-04 17:26 . 2007-10-04 17:26 2244608 -c--a-w- c:\program files\SecurexamStudent.exe
    2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2011-10-01 14:53 . 2011-05-09 00:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2008-01-13 18:57 . 2008-01-13 18:57 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_21.44.58 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-10-31 20:29 . 2011-10-31 22:28 925240 c:\windows\system32\Restore\rstrlog.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{da879c19-9088-418b-a63a-2e6fb294eaf0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Helper.dll" [2010-06-26 243200]
    .
    [HKEY_CLASSES_ROOT\clsid\{da879c19-9088-418b-a63a-2e6fb294eaf0}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{26582F40-76E8-4A2A-B30C-26832801B787}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5712A6BB-B6C8-4E52-A152-1BA741C9A6A2}]
    2010-06-26 16:52 1502208 ----a-w- c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-06-26 1502208]
    .
    [HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-06-26 1502208]
    .
    [HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 2356088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "NvMediaCenter"="NvMCTray.dll" [2007-04-29 81920]
    "NVHotkey"="nvHotkey.dll" [2007-04-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "nwiz"="nwiz.exe" [2007-04-29 1626112]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-01 198160]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-11 161336]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    c:\documents and settings\Matthew\Start Menu\Programs\Startup\
    Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
    Dropbox.lnk - c:\documents and settings\Matthew\Application Data\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
    2011-08-22 09:39 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
    backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix XenApp.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix XenApp.lnk
    backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
    backup=c:\windows\pss\eFax 4.3.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Matthew\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-10-15 01:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-01-25 22:34 159744 ----a-w- c:\program files\Apoint\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Asfplayer]
    2005-10-18 04:44 2326528 ----a-w- c:\program files\Linksys\Compact Wireless-G Internet Video Camera\asfplayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
    2011-01-18 12:10 54664 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2007-08-14 07:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
    2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-01-13 18:57 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-06-04 03:13 136176 ----atw- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
    2011-09-11 10:26 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
    2011-10-31 18:26 946032 ----a-w- c:\program files\Citrix\GoToMyPC\g2svc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 17:08 49208 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-07-16 19:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 16:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    2007-09-06 19:53 169264 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2007-04-29 00:05 1626112 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-04-17 04:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-02-01 21:19 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
    2009-11-18 14:50 4269296 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
    2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "WLANKEEPER"=2 (0x2)
    "WinDefend"=2 (0x2)
    "WebUpdate4"=2 (0x2)
    "Viewpoint Manager Service"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "SymSecurePort"=2 (0x2)
    "Symantec AntiVirus"=2 (0x2)
    "stllssvr"=3 (0x3)
    "STacSV"=2 (0x2)
    "SSIRuntimeService"=2 (0x2)
    "SQLWriter"=2 (0x2)
    "SQLBrowser"=2 (0x2)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=2 (0x2)
    "SessionLauncher"=2 (0x2)
    "ServicepointService"=2 (0x2)
    "sdCoreService"=3 (0x3)
    "sdAuxService"=3 (0x3)
    "SavRoam"=3 (0x3)
    "S24EventMonitor"=2 (0x2)
    "RoxWatch9"=2 (0x2)
    "RoxWatch10"=2 (0x2)
    "RoxMediaDB9"=3 (0x3)
    "RoxMediaDB10"=3 (0x3)
    "RoxLiveShare9"=2 (0x2)
    "RoxLiveShare10"=2 (0x2)
    "Roxio Upnp Server 9"=2 (0x2)
    "Roxio Upnp Server 10"=2 (0x2)
    "Roxio UPnP Renderer 9"=3 (0x3)
    "Roxio UPnP Renderer 10"=3 (0x3)
    "RegSrvc"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NVSvc"=2 (0x2)
    "NICCONFIGSVC"=2 (0x2)
    "MSSQL$MSSMLBIZ"=3 (0x3)
    "McciCMService"=2 (0x2)
    "Maxtor Sync Service"=2 (0x2)
    "LVSrvLauncher"=2 (0x2)
    "LVPrcSrv"=2 (0x2)
    "LVCOMSer"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "ISSVC"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gusvc"=2 (0x2)
    "gupdate"=2 (0x2)
    "GoToMyPC"=2 (0x2)
    "GoogleDesktopManager-010108-205858"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "EvtEng"=2 (0x2)
    "DefWatch"=2 (0x2)
    "CVPND"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "BcmSqlStartupSvc"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "Amazon Download Agent"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Documents and Settings\\Matthew\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
    "c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
    "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\TroubleShooter.exe"=
    "c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\ToolbarUpdate.exe"=
    "c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
    "c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Matthew\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [10/31/2011 2:11 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [10/31/2011 2:11 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110415.001\BHDrvx86.sys [10/31/2011 2:11 PM 802936]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [10/31/2011 2:11 PM 136312]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110330.001\IDSXpx86.sys [10/31/2011 2:11 PM 341944]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 5:44 PM 135664]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [10/31/2011 2:11 PM 130008]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [7/16/2010 6:23 PM 6638080]
    S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [9/9/2010 8:08 AM 423576]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 5:44 PM 135664]
    S4 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/13/2008 2:57 PM 29744]
    S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
    S4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
    S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
    S4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
    S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
    S4 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [3/23/2010 1:31 PM 668912]
    S4 SessionLauncher;SessionLauncher;c:\docume~1\Matthew\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Matthew\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
    S4 SSIRuntimeService;SSIRuntimeService;c:\program files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe [10/4/2007 1:17 PM 45056]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2008 12:47 AM 24652]
    S4 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/18/2007 12:57 PM 229856]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2010-12-20 23:08 124928 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
    .
    2011-10-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
    .
    2011-10-31 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 10:26]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 18:20]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 18:20]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1500820517-839522115-1003Core.job
    - c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:13]
    .
    2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1500820517-839522115-1003UA.job
    - c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:13]
    .
    2011-10-31 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    2011-10-28 c:\windows\Tasks\Norton Security Scan for Matthew.job
    - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-22 20:45]
    .
    2008-01-12 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-01-12 22:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send To CaseMap - c:\windows\system32\lnToCM.htm
    Trusted Zone: glic.com
    Trusted Zone: gliconline.com
    Trusted Zone: guardianinvestor.com
    Trusted Zone: guardianlife.com
    Trusted Zone: pasmystreetscape.com
    Trusted Zone: streetscape.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neWeb2/neWebCl.cab
    FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\a6phin90.default\
    FF - prefs.js: browser.startup.homepage - www.nytimes.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-31 18:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1724)
    c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
    .
    - - - - - - - > 'explorer.exe'(1644)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-10-31 18:59:15
    ComboFix-quarantined-files.txt 2011-10-31 22:59
    ComboFix2.txt 2011-10-31 21:47
    .
    Pre-Run: 9,976,995,840 bytes free
    Post-Run: 9,949,028,352 bytes free
    .
    - - End Of File - - 7C0FB0EA8F00064AE4F3501AEAE774F5
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    You have not posted log from Security Check...
     
  7. mej25

    mej25 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    8
    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Norton 360
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Windows Defender
    CCleaner
    Java(TM) 6 Update 11
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Out of date Java installed!
    Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    • Please download Junction.zip and save it to your desktop.
    • Unzip it and put junction.exe in the Windows directory (C:\Windows). so you have C:\Windows\Junction.exe
    • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

      cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
    • A command window will open and the system will be scanned.
    • Wait until a log file opens.
    • Copy and paste log in your next reply, make sure you get the full log.
     
  9. mej25

    mej25 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    8
    when I hit ok I get a dos window that says "'junction' is not recognized as an internal or external command, operable program or batch file."
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Ok, Do junction a different way:

    Step 1

    Navigate to C:\Windows delete Junction.exe

    Step 2

    Unzip Junction.zip again, this time extract junction.exe to your C:\ drive so you have C:\Junction.exe

    Step 3

    Now copy (Ctrl +C) and paste (Ctrl +V) the text inside the code box below into Notepad.

    Code:
    @ECHO OFF
    cd c:\
    junction -s c:\>log.txt
    start log.txt
    del %0
    
    Save it to your desktop as File name: junc.bat Save as type: All Files

    Double click junc.bat to run it. A log will be presented. Copy and paste content of the log in your next reply. Make sure you get the full log&#8230;
     
  11. mej25

    mej25 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    8
    I followed all of the steps you laid out. When I double clicked the junc.bat icon on my desktop a dos window flashes and then a notepad document titled "log" opens but it is blank. I have tried deleting everything and re-doing the process you laid out and the same result occurs each time.
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, do the following :-

    Step 1

    Download [​IMG] TFC to your desktop, from either of the following links
    Link 1
    Link 2
    • Save any open work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select ┬ôRun as Administartor┬ö
    • If prompted, click "Yes" to reboot.
    Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

    Step 2

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  13. mej25

    mej25 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    8
    Here's the log:

    ComboFix 11-10-30.03 - Matthew 11/01/2011 14:15:55.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1470 [GMT -4:00]
    Running from: c:\documents and settings\Matthew\My Documents\ComboFix.exe
    AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-01 17:35 . 2011-11-01 17:35 -------- d-----w- C:\Junction
    2011-11-01 16:11 . 2011-11-01 16:11 -------- d-----w- C:\ Windows
    2011-10-31 21:04 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
    2011-10-31 21:04 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
    2011-10-31 18:18 . 2011-10-31 18:18 -------- d-----w- c:\documents and settings\Matthew\Application Data\Tific
    2011-10-31 18:12 . 2011-10-31 18:12 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-10-31 18:12 . 2011-10-31 18:12 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\windows\system32\drivers\N360
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\program files\Norton 360
    2011-10-31 18:11 . 2011-10-31 18:11 -------- d-----w- c:\program files\Windows Sidebar
    2011-10-14 19:41 . 2011-10-31 22:46 -------- d-----w- c:\documents and settings\Matthew\Application Data\Dropbox
    2011-10-11 20:09 . 2011-08-22 09:39 113008 ----a-w- c:\windows\system32\gotomon.dll
    2011-10-06 00:21 . 2011-10-06 00:21 -------- d-----w- c:\documents and settings\Matthew\Local Settings\Application Data\Yahoo
    2011-10-06 00:20 . 2011-10-06 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-01 16:10 . 2011-11-01 16:10 79623 ----a-w- C:\Junction.zip
    2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-22 09:39 . 2009-07-06 16:52 52080 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\GoToPrintProcessor.dll
    2011-08-17 13:49 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2007-10-04 17:26 . 2007-10-04 17:26 2244608 -c--a-w- c:\program files\SecurexamStudent.exe
    2008-08-16 21:42 . 2008-08-16 21:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-16 21:42 . 2008-08-16 21:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-16 21:43 . 2008-08-16 21:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-16 21:42 . 2008-08-16 21:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-16 21:42 . 2008-08-16 21:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 12:41 . 2008-05-21 12:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 12:41 . 2008-05-21 12:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 17:58 . 2008-06-05 17:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-16 21:42 . 2008-08-16 21:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2011-10-01 14:53 . 2011-05-09 00:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2008-01-13 18:57 . 2008-01-13 18:57 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{da879c19-9088-418b-a63a-2e6fb294eaf0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Helper.dll" [2010-06-26 243200]
    .
    [HKEY_CLASSES_ROOT\clsid\{da879c19-9088-418b-a63a-2e6fb294eaf0}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{26582F40-76E8-4A2A-B30C-26832801B787}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5712A6BB-B6C8-4E52-A152-1BA741C9A6A2}]
    2010-06-26 16:52 1502208 ----a-w- c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-06-26 1502208]
    .
    [HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{85741F1D-ED47-4DCF-9109-07D10213C4D0}"= "c:\program files\AAdvantage eShoppingSM Toolbar\Toolbar.dll" [2010-06-26 1502208]
    .
    [HKEY_CLASSES_ROOT\clsid\{85741f1d-ed47-4dcf-9109-07d10213c4d0}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{5E8947F8-3769-4215-877F-BEA00225DC12}]
    [HKEY_CLASSES_ROOT\FCTB000062125.IEToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "NvMediaCenter"="NvMCTray.dll" [2007-04-29 81920]
    "NVHotkey"="nvHotkey.dll" [2007-04-29 67584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-29 8429568]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "nwiz"="nwiz.exe" [2007-04-29 1626112]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-01 198160]
    "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-11 161336]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
    2011-08-22 09:39 15216 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
    backup=c:\windows\pss\Audible Download Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix XenApp.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix XenApp.lnk
    backup=c:\windows\pss\Citrix XenApp.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
    backup=c:\windows\pss\eFax 4.3.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Clean Access Agent.lnk]
    path=c:\documents and settings\Matthew\Start Menu\Programs\Startup\Clean Access Agent.lnk
    backup=c:\windows\pss\Clean Access Agent.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\documents and settings\Matthew\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
    path=c:\documents and settings\Matthew\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2008-10-15 01:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2008-11-10 07:46 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-01-25 22:34 159744 ----a-w- c:\program files\Apoint\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Asfplayer]
    2005-10-18 04:44 2326528 ----a-w- c:\program files\Linksys\Compact Wireless-G Internet Video Camera\asfplayer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]
    2011-01-18 12:10 54664 ----a-w- c:\program files\Camfrog\Camfrog Video Chat\CamfrogNET.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2007-02-20 17:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2007-08-14 07:44 113136 ----a-w- c:\program files\Roxio\CinePlayer\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
    2007-03-06 17:21 116224 ----a-w- c:\program files\eFax Messenger 4.3\J2GDllCmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-01-13 18:57 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-06-04 03:13 136176 ----atw- c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
    2011-09-11 10:26 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMyPC]
    2011-10-31 18:26 946032 ----a-w- c:\program files\Citrix\GoToMyPC\g2svc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2010-03-12 17:08 49208 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-07-16 19:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2007-10-18 16:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    2007-09-06 19:53 169264 ----a-w- c:\program files\Maxtor\OneTouch Status\MaxMenuMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2007-04-29 00:05 1626112 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
    2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 13:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-04-17 04:22 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-02-01 21:19 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
    2009-11-18 14:50 4269296 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
    2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WLSetupSvc"=3 (0x3)
    "WLANKEEPER"=2 (0x2)
    "WinDefend"=2 (0x2)
    "WebUpdate4"=2 (0x2)
    "Viewpoint Manager Service"=2 (0x2)
    "usnjsvc"=3 (0x3)
    "SymSecurePort"=2 (0x2)
    "Symantec AntiVirus"=2 (0x2)
    "stllssvr"=3 (0x3)
    "STacSV"=2 (0x2)
    "SSIRuntimeService"=2 (0x2)
    "SQLWriter"=2 (0x2)
    "SQLBrowser"=2 (0x2)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=2 (0x2)
    "SessionLauncher"=2 (0x2)
    "ServicepointService"=2 (0x2)
    "sdCoreService"=3 (0x3)
    "sdAuxService"=3 (0x3)
    "SavRoam"=3 (0x3)
    "S24EventMonitor"=2 (0x2)
    "RoxWatch9"=2 (0x2)
    "RoxWatch10"=2 (0x2)
    "RoxMediaDB9"=3 (0x3)
    "RoxMediaDB10"=3 (0x3)
    "RoxLiveShare9"=2 (0x2)
    "RoxLiveShare10"=2 (0x2)
    "Roxio Upnp Server 9"=2 (0x2)
    "Roxio Upnp Server 10"=2 (0x2)
    "Roxio UPnP Renderer 9"=3 (0x3)
    "Roxio UPnP Renderer 10"=3 (0x3)
    "RegSrvc"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NVSvc"=2 (0x2)
    "NICCONFIGSVC"=2 (0x2)
    "MSSQL$MSSMLBIZ"=3 (0x3)
    "McciCMService"=2 (0x2)
    "Maxtor Sync Service"=2 (0x2)
    "LVSrvLauncher"=2 (0x2)
    "LVPrcSrv"=2 (0x2)
    "LVCOMSer"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "ISSVC"=2 (0x2)
    "iPod Service"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gusvc"=2 (0x2)
    "gupdate"=2 (0x2)
    "GoToMyPC"=2 (0x2)
    "GoogleDesktopManager-010108-205858"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "EvtEng"=2 (0x2)
    "DefWatch"=2 (0x2)
    "CVPND"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "BcmSqlStartupSvc"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "Amazon Download Agent"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Documents and Settings\\Matthew\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
    "c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
    "c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\TroubleShooter.exe"=
    "c:\\Program Files\\AAdvantage eShoppingSM Toolbar\\ToolbarUpdate.exe"=
    "c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\WiselinkPro.exe"=
    "c:\\Program Files\\Samsung\\SAMSUNG PC Share Manager\\http_ss_win_pro.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Matthew\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SymDS.sys [10/31/2011 2:11 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SymEFA.sys [10/31/2011 2:11 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110415.001\BHDrvx86.sys [10/31/2011 2:11 PM 802936]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.sys [10/31/2011 2:11 PM 136312]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110330.001\IDSXpx86.sys [10/31/2011 2:11 PM 341944]
    S2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [10/31/2011 2:11 PM 130008]
    S3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [7/16/2010 6:23 PM 6638080]
    S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [9/9/2010 8:08 AM 423576]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 5:44 PM 135664]
    S4 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/13/2008 2:57 PM 29744]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 5:44 PM 135664]
    S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
    S4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
    S4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
    S4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
    S4 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
    S4 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [3/23/2010 1:31 PM 668912]
    S4 SessionLauncher;SessionLauncher;c:\docume~1\Matthew\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Matthew\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
    S4 SSIRuntimeService;SSIRuntimeService;c:\program files\Software Secure, Inc\SSIRunTimeService\SSIRuntimeService.exe [10/4/2007 1:17 PM 45056]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/12/2008 12:47 AM 24652]
    S4 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [5/18/2007 12:57 PM 229856]
    S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2010-12-20 23:08 124928 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
    .
    2011-11-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
    .
    2011-11-01 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 10:26]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 18:20]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 18:20]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1500820517-839522115-1003Core.job
    - c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:13]
    .
    2011-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1500820517-839522115-1003UA.job
    - c:\documents and settings\Matthew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-30 03:13]
    .
    2011-11-01 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    2011-10-28 c:\windows\Tasks\Norton Security Scan for Matthew.job
    - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-22 20:45]
    .
    2008-01-12 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-01-12 22:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send To CaseMap - c:\windows\system32\lnToCM.htm
    Trusted Zone: glic.com
    Trusted Zone: gliconline.com
    Trusted Zone: guardianinvestor.com
    Trusted Zone: guardianlife.com
    Trusted Zone: pasmystreetscape.com
    Trusted Zone: streetscape.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {9E472D58-F10C-11CF-B7A9-0020AFD6A362} - hxxps://vault.netvoyage.com/neWeb2/neWebCl.cab
    FF - ProfilePath - c:\documents and settings\Matthew\Application Data\Mozilla\Firefox\Profiles\a6phin90.default\
    FF - prefs.js: browser.startup.homepage - www.nytimes.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Adobe Digital Editions - c:\documents and settings\matthew\application data\macromedia\flash player\www.macromedia.com\bin\digitaleditions1x5\digitaleditions1x5.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-01 14:21
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1728)
    c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
    .
    - - - - - - - > 'explorer.exe'(2160)
    c:\windows\system32\WININET.dll
    c:\documents and settings\Matthew\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-11-01 14:24:32
    ComboFix-quarantined-files.txt 2011-11-01 18:24
    ComboFix2.txt 2011-10-31 22:59
    .
    Pre-Run: 9,389,727,744 bytes free
    Post-Run: 9,360,351,232 bytes free
    .
    - - End Of File - - B7B3D481BBE7883E541E87571971C0C2
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Why did you run Combofix from the "My Documents" folder and not the Desktop? Your security program was still active.....

    Also you appear to have saved Junction.zip direct to C:\ and not the Desktop, any specific reason.

    Run the following and let me see the log, if you have any problems running this you will have to turn off norton......

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Let me see the log, also give update on issues/concerns.
     
  15. mej25

    mej25 Thread Starter

    Joined:
    Oct 31, 2011
    Messages:
    8
    I could not figure out how to stop Norton from scanning my computer so I uninstalled the program and my internet started working again. I presume this means that Norton was causing the issue. I was debating attempting to reinstall Norton again to see what happens. Does that sound like a good idea?

    As to your questions, I was saving the files you instructed me to download via another laptop and then transferring the files through an external hardrive that I switched between the to computers. When I attempted to move the document to my desktop it would only give me the option of creating a shortcut on my desktop - the only place I was able to actually transfer the actual file was in the "my documents" folder. That is also why I ran the scan from the My Documents folder as well.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1024888

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice