jvreynol

July 10, 2012

Hello:

Here's the latest Combofix.txt log...

=============================

ComboFix 12-07-08.03 - Jim 07/09/2012 21:02:06.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1756 [GMT -4:00]

Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Jim\Desktop\CFScript.txt

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))

.

2012-07-09 16:18 . 2012-07-09 16:18 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CAA97406-A117-4F26-BFBC-0011A665FADD}\offreg.dll

2012-07-07 14:34 . 2012-05-11 14:42 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll

2012-07-07 14:33 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-07-07 14:33 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-07-06 06:09 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{CAA97406-A117-4F26-BFBC-0011A665FADD}\mpengine.dll

2012-07-06 02:52 . 2012-06-02 20:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-07-06 02:48 . 2012-07-07 13:33 -------- d-----w- C:\TDSSKiller_Quarantine

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-04 22:35 . 2004-08-13 06:41 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-04 22:35 . 2009-08-07 00:23 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:19 . 2007-06-19 01:59 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19 . 2007-06-19 01:59 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19 . 2004-08-13 06:41 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 20:19 . 2004-08-13 06:41 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19 . 2004-08-13 06:41 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 20:19 . 2004-02-26 00:35 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19 . 2003-07-30 13:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 20:19 . 2003-07-30 13:00 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 20:19 . 2007-06-19 01:59 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:19 . 2004-08-13 06:41 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 20:19 . 2003-07-30 13:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-05-31 13:22 . 2003-03-20 22:18 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-31 03:41 . 2006-04-01 01:54 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-05-16 15:08 . 2004-02-06 22:05 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:20 . 2003-07-30 13:00 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 14:42 . 2003-07-30 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2003-07-30 13:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2012-05-04 13:16 . 1980-01-01 06:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 1980-01-01 06:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2003-07-30 13:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-07-07_14.14.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-09 12:27 . 2012-07-09 12:27 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat

+ 2012-07-09 02:18 . 2012-07-09 02:18 16384 c:\windows\Temp\Perflib_Perfdata_2b0.dat

+ 2012-07-09 02:18 . 2012-07-09 02:18 16384 c:\windows\Temp\Perflib_Perfdata_1b4.dat

+ 2003-07-30 13:00 . 2012-05-11 14:42 67072 c:\windows\SYSTEM32\mshtmled.dll

+ 2006-11-08 02:03 . 2012-05-11 14:42 55296 c:\windows\SYSTEM32\msfeedsbs.dll

- 2006-11-08 02:03 . 2011-11-04 19:20 55296 c:\windows\SYSTEM32\msfeedsbs.dll

+ 2003-07-30 13:00 . 2012-05-11 14:42 25600 c:\windows\SYSTEM32\jsproxy.dll

- 2003-07-30 13:00 . 2011-11-04 19:20 25600 c:\windows\SYSTEM32\jsproxy.dll

+ 2009-07-15 10:31 . 2012-05-11 14:42 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll

- 2009-07-15 10:31 . 2011-11-04 19:20 12800 c:\windows\SYSTEM32\DLLCACHE\xpshims.dll

+ 2003-07-30 13:00 . 2012-05-11 14:42 67072 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll

+ 2007-05-09 01:20 . 2012-05-11 14:42 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll

- 2007-05-09 01:20 . 2011-11-04 19:20 55296 c:\windows\SYSTEM32\DLLCACHE\msfeedsbs.dll

- 2003-07-30 13:00 . 2011-11-04 19:20 43520 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll

+ 2003-07-30 13:00 . 2012-05-11 14:42 43520 c:\windows\SYSTEM32\DLLCACHE\licmgr10.dll

- 2006-05-10 05:25 . 2011-11-04 19:20 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll

+ 2006-05-10 05:25 . 2012-05-11 14:42 25600 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll

- 2012-07-03 01:41 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\spcustom.dll

- 2012-07-03 01:41 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spmsg.dll

- 2012-07-03 01:49 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\spcustom.dll

- 2012-07-03 01:49 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\spmsg.dll

- 2012-07-03 01:50 . 2012-05-15 13:56 30208 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\w32ksign.dll

- 2012-07-03 01:50 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\spcustom.dll

- 2012-07-03 01:50 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\spmsg.dll

- 2012-07-03 01:42 . 2012-04-11 13:53 30208 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\w32ksign.dll

- 2012-07-03 01:42 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\spcustom.dll

- 2012-07-03 01:42 . 2012-04-11 13:53 16896 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\mpsyschk.dll

- 2012-07-03 01:42 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spmsg.dll

- 2012-07-03 01:49 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\spcustom.dll

- 2012-07-03 01:49 . 2012-05-05 03:16 16896 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\mpsyschk.dll

- 2012-07-03 01:49 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\spmsg.dll

+ 2002-01-29 07:47 . 2012-04-26 12:28 12288 c:\windows\Microsoft.NET\Framework\v1.0.3705\zh-CHT\System.Drawing.Resources.dll

+ 2002-01-29 07:47 . 2012-04-26 12:21 12288 c:\windows\Microsoft.NET\Framework\v1.0.3705\zh-CHS\System.Drawing.Resources.dll

- 2002-06-18 04:10 . 2011-07-05 20:46 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll

+ 2002-06-18 04:10 . 2012-01-13 21:03 86016 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorld.dll

+ 2002-06-18 04:10 . 2012-01-13 21:03 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll

- 2002-06-18 04:10 . 2011-07-05 20:46 73728 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorie.dll

+ 2002-01-29 07:46 . 2012-04-26 12:27 13824 c:\windows\Microsoft.NET\Framework\v1.0.3705\KO\System.Drawing.Resources.dll

+ 2002-01-25 13:02 . 2012-04-26 12:29 24576 c:\windows\Microsoft.NET\Framework\v1.0.3705\JA\System.Drawing.Resources.dll

- 2002-01-25 13:02 . 2002-01-25 13:02 24576 c:\windows\Microsoft.NET\Framework\v1.0.3705\JA\System.Drawing.Resources.dll

+ 2002-02-18 19:30 . 2012-04-26 12:29 13312 c:\windows\Microsoft.NET\Framework\v1.0.3705\IT\System.Drawing.Resources.dll

+ 2002-02-18 21:05 . 2012-04-26 12:30 13824 c:\windows\Microsoft.NET\Framework\v1.0.3705\FR\System.Drawing.Resources.dll

+ 2002-02-14 12:15 . 2012-04-26 12:21 13312 c:\windows\Microsoft.NET\Framework\v1.0.3705\ES\System.Drawing.Resources.dll

+ 2002-02-23 04:27 . 2012-04-26 12:27 13312 c:\windows\Microsoft.NET\Framework\v1.0.3705\DE\System.Drawing.Resources.dll

+ 2002-06-21 23:31 . 2012-01-13 21:54 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe

- 2002-06-21 23:31 . 2011-07-06 14:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe

- 2002-06-21 23:31 . 2011-07-06 14:57 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe

+ 2002-06-21 23:31 . 2012-01-13 21:54 32768 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe

+ 2012-07-07 14:41 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2699988-IE8\xpshims.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2699988-IE8\mshtmled.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2699988-IE8\msfeedsbs.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2699988-IE8\licmgr10.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2699988-IE8\jsproxy.dll

+ 2012-07-07 14:37 . 2012-07-07 14:37 90112 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_45d7c3e0\System.Drawing.Design.dll

+ 2012-07-07 14:39 . 2012-07-07 14:39 90112 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_1df2e61e\System.Drawing.Design.dll

+ 2012-07-07 14:36 . 2012-07-07 14:36 61440 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_faaf3c27\CustomMarshalers.dll

+ 2012-07-07 14:39 . 2012-07-07 14:39 12288 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_zh-CHT_b03f5f7f11d50a3a\System.Drawing.Resources.dll

+ 2012-07-07 14:39 . 2012-07-07 14:39 12288 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_zh-CHS_b03f5f7f11d50a3a\System.Drawing.Resources.dll

+ 2012-07-07 14:39 . 2012-07-07 14:39 13824 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_ko_b03f5f7f11d50a3a\System.Drawing.Resources.dll

+ 2012-07-07 14:39 . 2012-07-07 14:39 24576 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\System.Drawing.Resources.dll

- 2003-08-08 19:42 . 2003-08-08 19:42 24576 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_ja_b03f5f7f11d50a3a\System.Drawing.Resources.dll

+ 2012-07-07 14:38 . 2012-07-07 14:38 13312 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_it_b03f5f7f11d50a3a\System.Drawing.Resources.dll

+ 2012-07-07 14:39 . 2012-07-07 14:39 13824 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_fr_b03f5f7f11d50a3a\System.Drawing.Resources.dll

+ 2012-07-07 14:39 . 2012-07-07 14:39 13312 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_es_b03f5f7f11d50a3a\System.Drawing.Resources.dll

+ 2012-07-07 14:39 . 2012-07-07 14:39 13312 c:\windows\ASSEMBLY\GAC\System.Drawing.resources\1.0.3300.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll

+ 2002-06-12 11:54 . 2012-01-17 05:19 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe

- 2002-06-12 11:54 . 2011-07-12 23:05 8192 c:\windows\Microsoft.NET\Framework\v1.0.3705\IEExec.exe

- 2003-07-30 13:00 . 2009-12-24 06:59 177664 c:\windows\SYSTEM32\wintrust.dll

+ 2003-07-30 13:00 . 2012-02-29 14:10 177664 c:\windows\SYSTEM32\wintrust.dll

- 2003-07-30 13:00 . 2011-11-04 19:20 105984 c:\windows\SYSTEM32\url.dll

+ 2003-07-30 13:00 . 2012-05-11 14:42 105984 c:\windows\SYSTEM32\url.dll

+ 2003-07-30 13:00 . 2012-05-11 14:42 206848 c:\windows\SYSTEM32\occache.dll

- 2003-07-30 13:00 . 2011-11-04 19:20 206848 c:\windows\SYSTEM32\occache.dll

+ 2003-07-30 13:00 . 2012-05-11 14:42 611840 c:\windows\SYSTEM32\mstime.dll

- 2003-07-30 13:00 . 2011-11-04 19:20 611840 c:\windows\SYSTEM32\mstime.dll

+ 2006-11-08 02:03 . 2012-05-11 14:42 629760 c:\windows\SYSTEM32\msfeeds.dll

+ 2003-07-30 13:00 . 2012-02-29 14:10 148480 c:\windows\SYSTEM32\imagehlp.dll

+ 2003-07-30 13:00 . 2012-05-11 14:42 184320 c:\windows\SYSTEM32\iepeers.dll

- 2003-07-30 13:00 . 2011-11-04 19:20 184320 c:\windows\SYSTEM32\iepeers.dll

+ 2003-07-30 13:00 . 2012-05-11 14:42 387584 c:\windows\SYSTEM32\iedkcs32.dll

- 2003-07-30 13:00 . 2011-11-04 19:20 387584 c:\windows\SYSTEM32\iedkcs32.dll

- 2003-07-30 13:00 . 2011-11-04 11:24 174080 c:\windows\SYSTEM32\ie4uinit.exe

+ 2003-07-30 13:00 . 2012-05-11 11:38 174080 c:\windows\SYSTEM32\ie4uinit.exe

- 2003-08-08 21:27 . 2012-05-08 22:00 335464 c:\windows\SYSTEM32\FNTCACHE.DAT

+ 2003-08-08 21:27 . 2012-07-07 16:06 335464 c:\windows\SYSTEM32\FNTCACHE.DAT

- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll

+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\SYSTEM32\DLLCACHE\wintrust.dll

+ 2004-02-06 22:05 . 2012-05-16 15:08 916992 c:\windows\SYSTEM32\DLLCACHE\wininet.dll

- 2004-02-06 22:05 . 2011-11-04 19:20 916992 c:\windows\SYSTEM32\DLLCACHE\wininet.dll

- 2003-07-30 13:00 . 2011-11-04 19:20 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll

+ 2003-07-30 13:00 . 2012-05-11 14:42 105984 c:\windows\SYSTEM32\DLLCACHE\url.dll

- 2011-08-11 00:15 . 2011-06-24 14:10 139656 c:\windows\SYSTEM32\DLLCACHE\rdpwd.sys

+ 2011-08-11 00:15 . 2012-05-02 13:46 139656 c:\windows\SYSTEM32\DLLCACHE\rdpwd.sys

- 2006-10-17 17:04 . 2011-11-04 19:20 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll

+ 2006-10-17 17:04 . 2012-05-11 14:42 206848 c:\windows\SYSTEM32\DLLCACHE\occache.dll

+ 2006-05-10 05:25 . 2012-05-11 14:42 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll

- 2006-05-10 05:25 . 2011-11-04 19:20 611840 c:\windows\SYSTEM32\DLLCACHE\mstime.dll

+ 2007-05-09 01:20 . 2012-05-11 14:42 629760 c:\windows\SYSTEM32\DLLCACHE\msfeeds.dll

+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\SYSTEM32\DLLCACHE\imagehlp.dll

- 2009-07-15 10:31 . 2011-11-04 19:20 247808 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll

+ 2009-07-15 10:31 . 2012-05-11 14:42 247808 c:\windows\SYSTEM32\DLLCACHE\ieproxy.dll

+ 2003-07-30 13:00 . 2012-05-11 14:42 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll

- 2003-07-30 13:00 . 2011-11-04 19:20 184320 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll

+ 2010-06-09 23:55 . 2012-05-11 14:42 743424 c:\windows\SYSTEM32\DLLCACHE\iedvtool.dll

- 2010-06-09 23:55 . 2011-11-04 19:20 743424 c:\windows\SYSTEM32\DLLCACHE\iedvtool.dll

+ 2006-11-07 08:27 . 2012-05-11 14:42 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll

- 2006-11-07 08:27 . 2011-11-04 19:20 387584 c:\windows\SYSTEM32\DLLCACHE\iedkcs32.dll

- 2006-11-07 08:26 . 2011-11-04 11:24 174080 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

+ 2006-11-07 08:26 . 2012-05-11 11:38 174080 c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe

- 2011-09-03 10:17 . 2011-09-28 07:06 599040 c:\windows\SYSTEM32\DLLCACHE\crypt32.dll

+ 2011-09-03 10:17 . 2012-05-31 13:22 599040 c:\windows\SYSTEM32\DLLCACHE\crypt32.dll

- 2012-07-03 01:41 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\updspapi.dll

- 2012-07-03 01:41 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\update\update.exe

- 2012-07-03 01:41 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466\spuninst.exe

- 2012-07-03 01:49 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\updspapi.dll

- 2012-07-03 01:49 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\update\update.exe

- 2012-07-03 01:49 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\a125f3c2923de81c1d8e6a190c228a16\spuninst.exe

- 2012-07-03 01:50 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\updspapi.dll

- 2012-07-03 01:50 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\update\update.exe

- 2012-07-03 01:50 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\90f2fbbd424fa4d711d022ca4977bb25\spuninst.exe

- 2012-07-03 01:42 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\updspapi.dll

- 2012-07-03 01:42 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\update\update.exe

- 2012-07-03 01:42 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\spuninst.exe

- 2012-07-03 01:49 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\updspapi.dll

- 2012-07-03 01:49 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\update\update.exe

- 2012-07-03 01:49 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\spuninst.exe

- 2002-06-12 11:55 . 2004-07-20 01:54 462848 c:\windows\Microsoft.NET\Framework\v1.0.3705\system.drawing.dll

+ 2002-06-12 11:55 . 2012-04-26 12:27 462848 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll

- 2002-06-12 03:02 . 2011-07-05 20:44 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll

+ 2002-06-12 03:02 . 2012-01-13 20:59 303104 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll

- 2002-06-21 23:31 . 2011-07-06 14:57 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll

+ 2002-06-21 23:31 . 2012-01-13 21:54 200704 c:\windows\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2699988-IE8\wininet.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2699988-IE8\url.dll

+ 2012-07-07 14:41 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2699988-IE8\spuninst\updspapi.dll

+ 2012-07-07 14:41 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2699988-IE8\spuninst\spuninst.exe

+ 2012-07-07 14:41 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2699988-IE8\occache.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2699988-IE8\mstime.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2699988-IE8\msfeeds.dll

+ 2012-07-07 14:41 . 2009-03-08 08:35 521216 c:\windows\ie8updates\KB2699988-IE8\jsdbgui.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2699988-IE8\ieproxy.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2699988-IE8\iepeers.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2699988-IE8\iedvtool.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2699988-IE8\iedkcs32.dll

+ 2012-07-07 14:41 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2699988-IE8\ie4uinit.exe

+ 2012-07-07 14:39 . 2012-07-07 14:39 851968 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_e66337af\System.Drawing.dll

+ 2012-07-07 14:37 . 2012-07-07 14:37 847872 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_3b9338da\System.Drawing.dll

+ 2012-07-07 14:38 . 2012-07-07 14:38 462848 c:\windows\ASSEMBLY\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2008-09-05 02:14 . 2008-09-05 02:14 462848 c:\windows\ASSEMBLY\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2012-07-07 14:34 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll

+ 2004-01-21 21:20 . 2012-05-11 14:42 1212416 c:\windows\SYSTEM32\urlmon.dll

- 2004-01-21 21:20 . 2011-11-04 19:20 1212416 c:\windows\SYSTEM32\urlmon.dll

+ 2004-07-07 22:37 . 2012-05-11 14:42 6007808 c:\windows\SYSTEM32\mshtml.dll

- 2006-10-17 16:57 . 2011-11-04 19:20 2000384 c:\windows\SYSTEM32\iertutil.dll

+ 2006-10-17 16:57 . 2012-05-11 14:42 2000384 c:\windows\SYSTEM32\iertutil.dll

+ 2008-10-14 20:07 . 2012-05-15 13:20 1863168 c:\windows\SYSTEM32\DLLCACHE\win32k.sys

- 2004-01-21 21:20 . 2011-11-04 19:20 1212416 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

+ 2004-01-21 21:20 . 2012-05-11 14:42 1212416 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

+ 2008-10-14 20:07 . 2012-05-04 13:12 2192640 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe

+ 2008-10-14 20:07 . 2012-05-04 12:32 2026496 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe

+ 2008-10-14 20:07 . 2012-05-04 12:32 2069120 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe

+ 2008-10-14 20:07 . 2012-05-04 13:16 2148352 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe

+ 2004-07-07 22:37 . 2012-05-11 14:42 6007808 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

+ 2007-05-09 01:20 . 2012-05-11 14:42 2000384 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll

- 2007-05-09 01:20 . 2011-11-04 19:20 2000384 c:\windows\SYSTEM32\DLLCACHE\iertutil.dll

- 2002-06-12 11:54 . 2004-07-20 01:54 2002944 c:\windows\Microsoft.NET\Framework\v1.0.3705\system.windows.forms.dll

+ 2002-06-12 11:54 . 2012-01-17 05:19 2002944 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll

+ 2002-06-12 11:53 . 2012-01-17 05:20 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll

- 2002-06-12 11:53 . 2011-07-12 23:04 1200128 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.Web.dll

+ 2002-06-12 11:55 . 2012-01-17 05:19 1179648 c:\windows\Microsoft.NET\Framework\v1.0.3705\System.dll

- 2002-06-12 11:55 . 2007-12-17 11:59 1179648 c:\windows\Microsoft.NET\Framework\v1.0.3705\system.dll

+ 2002-06-12 03:03 . 2012-01-13 20:59 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll

- 2002-06-12 03:03 . 2011-07-05 20:45 2281472 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll

+ 2002-06-12 03:02 . 2012-01-13 20:59 2273280 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll

+ 2002-06-12 11:55 . 2012-01-17 05:19 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll

- 2002-06-12 11:55 . 2011-07-12 23:05 1998848 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 1212416 c:\windows\ie8updates\KB2699988-IE8\urlmon.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 5978112 c:\windows\ie8updates\KB2699988-IE8\mshtml.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 2000384 c:\windows\ie8updates\KB2699988-IE8\iertutil.dll

+ 2008-10-14 20:07 . 2012-05-04 13:12 2192640 c:\windows\Driver Cache\I386\ntoskrnl.exe

+ 2008-10-14 20:07 . 2012-05-04 12:32 2026496 c:\windows\Driver Cache\I386\ntkrpamp.exe

+ 2008-10-14 20:07 . 2012-05-04 12:32 2069120 c:\windows\Driver Cache\I386\ntkrnlpa.exe

+ 2008-10-14 20:07 . 2012-05-04 13:16 2148352 c:\windows\Driver Cache\I386\ntkrnlmp.exe

+ 2012-07-07 14:36 . 2012-07-07 14:36 1855488 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_9d8fa910\System.dll

+ 2012-07-07 14:37 . 2012-07-07 14:37 2027520 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_e8884a34\System.Xml.dll

+ 2012-07-07 14:39 . 2012-07-07 14:39 2953216 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_e094bce8\System.Windows.Forms.dll

+ 2012-07-07 14:37 . 2012-07-07 14:37 2953216 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_bf7b4de4\System.Windows.Forms.dll

+ 2012-07-07 14:39 . 2012-07-07 14:39 1454080 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_bd399941\System.Design.dll

+ 2012-07-07 14:36 . 2012-07-07 14:36 1454080 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_7cd32e56\System.Design.dll

+ 2012-07-07 14:36 . 2012-07-07 14:36 3301376 c:\windows\ASSEMBLY\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_5597fd86\mscorlib.dll

+ 2012-07-07 14:36 . 2012-07-07 14:36 1179648 c:\windows\ASSEMBLY\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll

- 2008-09-05 02:14 . 2008-09-05 02:14 1179648 c:\windows\ASSEMBLY\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll

- 2008-09-05 02:14 . 2008-09-05 02:14 2002944 c:\windows\ASSEMBLY\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-07-07 14:36 . 2012-07-07 14:36 2002944 c:\windows\ASSEMBLY\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll

- 2012-02-08 22:43 . 2012-02-08 22:43 1200128 c:\windows\ASSEMBLY\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll

+ 2012-07-07 14:36 . 2012-07-07 14:36 1200128 c:\windows\ASSEMBLY\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll

+ 2006-11-08 02:03 . 2012-05-12 00:12 11111424 c:\windows\SYSTEM32\ieframe.dll

+ 2007-05-09 01:20 . 2012-05-12 00:12 11111424 c:\windows\SYSTEM32\DLLCACHE\ieframe.dll

+ 2012-07-07 14:41 . 2011-11-04 19:20 11081728 c:\windows\ie8updates\KB2699988-IE8\ieframe.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-14 50176]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-07 335872]

"AsioReg"="CTASIO.DLL" [2003-02-20 110592]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]

"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]

"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]

"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]

"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-03 122939]

"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\documents and settings\Jim\Start Menu\Programs\Startup\

GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2010-3-26 431608]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk

backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk

backup=c:\windows\pss\Google Updater.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk

backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^Webshots.lnk]

path=c:\documents and settings\Jim\Start Menu\Programs\Startup\Webshots.lnk

backup=c:\windows\pss\Webshots.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-01-16 22:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]

2006-05-08 09:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-05-21 12:30 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2006-04-15 20:14 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Tray]

2009-04-14 22:37 139264 ----a-w- c:\program files\Upromise\UpromiseTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Upromise Update]

2009-04-13 21:50 96136 ----a-w- c:\program files\Upromise\dca-ua.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AOL ACS"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=

"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0502010.003\symds.sys [4/23/2012 11:03 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0502010.003\symefa.sys [4/23/2012 11:03 PM 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [6/18/2012 8:01 PM 821920]

R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0502010.003\ironx86.sys [4/23/2012 11:03 PM 136312]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [4/23/2012 11:03 PM 130008]

R2 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/2/2012 10:04 PM 106656]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120705.001\IDSXpx86.sys [7/5/2012 11:13 PM 369632]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2009 5:57 PM 133104]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/6/2009 5:57 PM 133104]

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]

.

2012-07-09 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2011-09-09 13:26]

.

2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc7170fa92ab76.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 21:56]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-06 21:56]

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1093819779-2537581792-1553126955-1008Core.job

- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-07 14:27]

.

2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1093819779-2537581792-1553126955-1008UA.job

- c:\documents and settings\Jim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-07 14:27]

.

2012-07-09 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

.

2012-07-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:08]

.

2004-10-19 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-19 22:38]

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

Trusted Zone: kyw1060.com\www

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\*.windowsupdate

Trusted Zone: phillies.com\www

Trusted Zone: windowsupdate.com

TCP: DhcpNameServer = 192.168.1.1

DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://69.126.199.53:81/activex/AMC.cab

FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\bl6vfl0c.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn

FF - user.js: keyword.URL - hxxp://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=ikBIyUNE&q=

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-09 21:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1093819779-2537581792-1553126955-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(5788)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2012-07-09 21:20:07

ComboFix-quarantined-files.txt 2012-07-10 01:19

.

Pre-Run: 7,392,165,888 bytes free

Post-Run: 7,366,688,768 bytes free

.

- - End Of File - - 9298674DE200920B69320342B6111242

July 7, 2012

OK. Completed step 1.

Here's the combo fix log for step 2.

============================

ComboFix 12-07-07.02 - Jim 07/07/2012 9:49.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1845 [GMT -4:00]

Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Jim\Application Data\PriceGong

c:\documents and settings\Jim\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Jim\Application Data\PriceGong\Data\z.xml

.

((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))