Inactive Renamed] Redirect help

Status
Not open for further replies.
Hi,

My computer is a Dell desktop running Windows 7 home edition 64 bit OS.

It is giving me a lot of problems. I have advertisements that play at random, firefox won't open or let me uninstall it, internet explorer and google chrome both close randomly, google searches and clicking on links often result in me getting redirected to advertisments and bizarre links.

I have Norton 360 through my ISP. It says I am protected and that my computer is clean.

Starting from the beginning of your instructions here are the log files:

[FONT=Arial]Malwarebytes Anti-Malware 1.61.0.1400[/FONT]
[FONT=Arial]www.malwarebytes.org[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Database version: v2012.06.26.02[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Windows 7 x64 NTFS[/FONT]
[FONT=Arial]Internet Explorer 9.0.8112.16421[/FONT]
[FONT=Arial]josh :: TUNASALAD [administrator][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]6/25/2012 11:38:22 PM[/FONT]
[FONT=Arial]mbam-log-2012-06-25 (23-38-22).txt[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Scan type: Quick scan[/FONT]
[FONT=Arial]Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM[/FONT]
[FONT=Arial]Scan options disabled: P2P[/FONT]
[FONT=Arial]Objects scanned: 209961[/FONT]
[FONT=Arial]Time elapsed: 3 minute(s), 55 second(s)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Memory Processes Detected: 0[/FONT]
[FONT=Arial](No malicious items detected)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Memory Modules Detected: 0[/FONT]
[FONT=Arial](No malicious items detected)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Registry Keys Detected: 3[/FONT]
[FONT=Arial]HKCR\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.[/FONT]
[FONT=Arial]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.[/FONT]
[FONT=Arial]HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Registry Values Detected: 0[/FONT]
[FONT=Arial](No malicious items detected)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Registry Data Items Detected: 0[/FONT]
[FONT=Arial](No malicious items detected)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Folders Detected: 0[/FONT]
[FONT=Arial](No malicious items detected)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Files Detected: 0[/FONT]
[FONT=Arial](No malicious items detected)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial](end)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]GMER did not find any modifications.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]DDS (Ver_2011-08-26.01) - NTFSAMD64 [/FONT]
[FONT=Arial]Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1[/FONT]
[FONT=Arial]Run by josh at 0:50:14 on 2012-06-26[/FONT]
[FONT=Arial]Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1263 [GMT -7:00][/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}[/FONT]
[FONT=Arial]SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]
[FONT=Arial]SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}[/FONT]
[FONT=Arial]FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]============== Running Processes ===============[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]C:\Windows\system32\wininit.exe[/FONT]
[FONT=Arial]C:\Windows\system32\lsm.exe[/FONT]
[FONT=Arial]C:\Windows\system32\svchost.exe -k DcomLaunch[/FONT]
[FONT=Arial]C:\Windows\system32\svchost.exe -k RPCSS[/FONT]
[FONT=Arial]C:\Windows\system32\atiesrxx.exe[/FONT]
[FONT=Arial]C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted[/FONT]
[FONT=Arial]C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted[/FONT]
[FONT=Arial]C:\Windows\system32\svchost.exe -k netsvcs[/FONT]
[FONT=Arial]C:\Windows\system32\svchost.exe -k LocalService[/FONT]
[FONT=Arial]C:\Windows\system32\svchost.exe -k NetworkService[/FONT]
[FONT=Arial]C:\Windows\system32\atieclxx.exe[/FONT]
[FONT=Arial]C:\Windows\System32\spoolsv.exe[/FONT]
[FONT=Arial]C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork[/FONT]
[FONT=Arial]C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[/FONT]
[FONT=Arial]C:\Program Files\Bonjour\mDNSResponder.exe[/FONT]
[FONT=Arial]C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE[/FONT]
[FONT=Arial]C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[/FONT]
[FONT=Arial]C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[/FONT]
[FONT=Arial]C:\Windows\system32\svchost.exe -k imgsvc[/FONT]
[FONT=Arial]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[/FONT]
[FONT=Arial]C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe[/FONT]
[FONT=Arial]C:\Windows\system32\wbem\wmiprvse.exe[/FONT]
[FONT=Arial]C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[/FONT]
[FONT=Arial]C:\Windows\system32\SearchIndexer.exe[/FONT]
[FONT=Arial]C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted[/FONT]
[FONT=Arial]C:\Windows\system32\WUDFHost.exe[/FONT]
[FONT=Arial]C:\Windows\system32\taskhost.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe[/FONT]
[FONT=Arial]C:\Windows\system32\Dwm.exe[/FONT]
[FONT=Arial]C:\Windows\Explorer.EXE[/FONT]
[FONT=Arial]C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[/FONT]
[FONT=Arial]C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE[/FONT]
[FONT=Arial]C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe[/FONT]
[FONT=Arial]C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[/FONT]
[FONT=Arial]C:\Program Files\Windows Sidebar\sidebar.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[/FONT]
[FONT=Arial]C:\Users\josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[/FONT]
[FONT=Arial]c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\SFT\GuardedID\GIDD.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\iTunes\iTunesHelper.exe[/FONT]
[FONT=Arial]C:\Program Files\iPod\bin\iPodService.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[/FONT]
[FONT=Arial]C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation[/FONT]
[FONT=Arial]C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe[/FONT]
[FONT=Arial]C:\Windows\System32\svchost.exe -k LocalServicePeerNet[/FONT]
[FONT=Arial]C:\Program Files\Windows Media Player\wmpnetwk.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe[/FONT]
[FONT=Arial]C:\Windows\system32\DllHost.exe[/FONT]
[FONT=Arial]C:\Windows\System32\svchost.exe -k secsvcs[/FONT]
[FONT=Arial]C:\Windows\system32\svchost.exe -k SDRSVC[/FONT]
[FONT=Arial]C:\Windows\system32\wuauclt.exe[/FONT]
[FONT=Arial]C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE[/FONT]
[FONT=Arial]C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[/FONT]
[FONT=Arial]C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[/FONT]
[FONT=Arial]C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE[/FONT]
[FONT=Arial]Q:\140066.enu\Office14\WINWORDC.EXE[/FONT]
[FONT=Arial]Q:\140066.enu\Office14\OffSpon.EXE[/FONT]
[FONT=Arial]C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Arial]C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Arial]C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Arial]C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Arial]C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Arial]C:\Windows\SysWOW64\rundll32.exe[/FONT]
[FONT=Arial]C:\Users\josh\AppData\Local\Google\Chrome\Application\chrome.exe[/FONT]
[FONT=Arial]C:\Program Files\Internet Explorer\iexplore.exe[/FONT]
[FONT=Arial]C:\Windows\system32\DllHost.exe[/FONT]
[FONT=Arial]C:\Windows\system32\DllHost.exe[/FONT]
[FONT=Arial]C:\Windows\system32\REGSVR32.exe[/FONT]
[FONT=Arial]C:\Windows\SysWOW64\cmd.exe[/FONT]
[FONT=Arial]C:\Windows\system32\conhost.exe[/FONT]
[FONT=Arial]C:\Windows\SysWOW64\cscript.exe[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]============== Pseudo HJT Report ===============[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]uStart Page = hxxp://www.yahoo.com/?ilc=8[/FONT]
[FONT=Arial]mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8[/FONT]
[FONT=Arial]mStart Page = hxxp://www.yahoo.com/?ilc=8[/FONT]
[FONT=Arial]uInternet Settings,ProxyOverride = *.local[/FONT]
[FONT=Arial]uURLSearchHooks: H - No File[/FONT]
[FONT=Arial]mURLSearchHooks: H - No File[/FONT]
[FONT=Arial]mWinlogon: Userinit=userinit.exe,[/FONT]
[FONT=Arial]BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll[/FONT]
[FONT=Arial]BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll[/FONT]
[FONT=Arial]BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll[/FONT]
[FONT=Arial]BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL[/FONT]
[FONT=Arial]BHO: AppGraffiti: {6f6a5334-78e9-4d9b-8182-8b41ea8c39ef} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL[/FONT]
[FONT=Arial]BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll[/FONT]
[FONT=Arial]BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[/FONT]
[FONT=Arial]BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll[/FONT]
[FONT=Arial]BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll[/FONT]
[FONT=Arial]BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.613.0\NativeBHO.dll[/FONT]
[FONT=Arial]BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"[/FONT]
[FONT=Arial]BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll[/FONT]
[FONT=Arial]TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File[/FONT]
[FONT=Arial]TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll[/FONT]
[FONT=Arial]TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll[/FONT]
[FONT=Arial]TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"[/FONT]
[FONT=Arial]{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}[/FONT]
[FONT=Arial]uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun[/FONT]
[FONT=Arial]uRun: [Facebook Update] "C:\Users\josh\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver[/FONT]
[FONT=Arial]uRun: [Spotify] "C:\Users\josh\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart[/FONT]
[FONT=Arial]uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet[/FONT]
[FONT=Arial]uRun: [Google Update] "C:\Users\josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c[/FONT]
[FONT=Arial]uRun: [Spotify Web Helper] "C:\Users\josh\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"[/FONT]
[FONT=Arial]mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun[/FONT]
[FONT=Arial]mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"[/FONT]
[FONT=Arial]mRun: [<NO NAME>] [/FONT]
[FONT=Arial]mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"[/FONT]
[FONT=Arial]mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"[/FONT]
[FONT=Arial]mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s[/FONT]
[FONT=Arial]mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"[/FONT]
[FONT=Arial]mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime[/FONT]
[FONT=Arial]mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"[/FONT]
[FONT=Arial]mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"[/FONT]
[FONT=Arial]mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"[/FONT]
[FONT=Arial]mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent[/FONT]
[FONT=Arial]StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe[/FONT]
[FONT=Arial]StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe[/FONT]
[FONT=Arial]mPolicies-explorer: NoActiveDesktop = 1 (0x1)[/FONT]
[FONT=Arial]mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)[/FONT]
[FONT=Arial]mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)[/FONT]
[FONT=Arial]mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)[/FONT]
[FONT=Arial]mPolicies-system: EnableUIADesktopToggle = 0 (0x0)[/FONT]
[FONT=Arial]IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll[/FONT]
[FONT=Arial]IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll[/FONT]
[FONT=Arial]IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll[/FONT]
[FONT=Arial]TCP: DhcpNameServer = 10.0.1.1[/FONT]
[FONT=Arial]TCP: Interfaces\{0446798D-3786-4453-AA4F-8F4838D86B57} : DhcpNameServer = 10.0.1.1[/FONT]
[FONT=Arial]TCP: Interfaces\{0446798D-3786-4453-AA4F-8F4838D86B57}\C497E687 : DhcpNameServer = 68.87.69.150 68.87.85.102[/FONT]
[FONT=Arial]TCP: Interfaces\{0446798D-3786-4453-AA4F-8F4838D86B57}\C697E687 : DhcpNameServer = 192.168.1.1[/FONT]
[FONT=Arial]Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll[/FONT]
[FONT=Arial]Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL[/FONT]
[FONT=Arial]Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll[/FONT]
[FONT=Arial]mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v[/FONT]
[FONT=Arial]BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll[/FONT]
[FONT=Arial]BHO-X64: 0x1 - No File[/FONT]
[FONT=Arial]BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll[/FONT]
[FONT=Arial]BHO-X64: AcroIEHelperStub - No File[/FONT]
[FONT=Arial]BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll[/FONT]
[FONT=Arial]BHO-X64: Symantec NCO BHO - No File[/FONT]
[FONT=Arial]BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL[/FONT]
[FONT=Arial]BHO-X64: Symantec Intrusion Prevention - No File[/FONT]
[FONT=Arial]BHO-X64: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~2\APPGRA~1\APPGRA~1.DLL[/FONT]
[FONT=Arial]BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll[/FONT]
[FONT=Arial]BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[/FONT]
[FONT=Arial]BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll[/FONT]
[FONT=Arial]BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll[/FONT]
[FONT=Arial]BHO-X64: SkypeIEPluginBHO - No File[/FONT]
[FONT=Arial]BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.613.0\NativeBHO.dll[/FONT]
[FONT=Arial]BHO-X64: Constant Guard Protection Suite (COM) - No File[/FONT]
[FONT=Arial]BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"[/FONT]
[FONT=Arial]BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll[/FONT]
[FONT=Arial]TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File[/FONT]
[FONT=Arial]TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll[/FONT]
[FONT=Arial]TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll[/FONT]
[FONT=Arial]TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"[/FONT]
[FONT=Arial]mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun[/FONT]
[FONT=Arial]mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"[/FONT]
[FONT=Arial]mRun-x64: [(Default)] [/FONT]
[FONT=Arial]mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"[/FONT]
[FONT=Arial]mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"[/FONT]
[FONT=Arial]mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s[/FONT]
[FONT=Arial]mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"[/FONT]
[FONT=Arial]mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime[/FONT]
[FONT=Arial]mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"[/FONT]
[FONT=Arial]mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"[/FONT]
[FONT=Arial]mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"[/FONT]
[FONT=Arial]mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]================= FIREFOX ===================[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]FF - ProfilePath - C:\Users\josh\AppData\Roaming\Mozilla\Firefox\Profiles\j4ld3elt.default\[/FONT]
[FONT=Arial]FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=[/FONT]
[FONT=Arial]FF - prefs.js: browser.search.selectedEngine - Yahoo[/FONT]
[FONT=Arial]FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=8[/FONT]
[FONT=Arial]FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mkg030&p=[/FONT]
[FONT=Arial]FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL[/FONT]
[FONT=Arial]FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll[/FONT]
[FONT=Arial]FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll[/FONT]
[FONT=Arial]FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll[/FONT]
[FONT=Arial]FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll[/FONT]
[FONT=Arial]FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll[/FONT]
[FONT=Arial]FF - plugin: C:\Users\josh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll[/FONT]
[FONT=Arial]FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]---- FIREFOX POLICIES ----[/FONT]
[FONT=Arial]FF - user.js: yahoo.ytff.general.dontshowhpoffer - true[/FONT]
[FONT=Arial]============= SERVICES / DRIVERS ===============[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?][/FONT]
[FONT=Arial]R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?][/FONT]
[FONT=Arial]R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?][/FONT]
[FONT=Arial]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?][/FONT]
[FONT=Arial]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-6-18 1161376][/FONT]
[FONT=Arial]R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?][/FONT]
[FONT=Arial]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120623.002\IDSviA64.sys [2012-6-25 509088][/FONT]
[FONT=Arial]R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?][/FONT]
[FONT=Arial]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?][/FONT]
[FONT=Arial]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?][/FONT]
[FONT=Arial]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?][/FONT]
[FONT=Arial]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?][/FONT]
[FONT=Arial]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624][/FONT]
[FONT=Arial]R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-6-13 66160][/FONT]
[FONT=Arial]R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [2012-4-23 130008][/FONT]
[FONT=Arial]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776][/FONT]
[FONT=Arial]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-25 1692480][/FONT]
[FONT=Arial]R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2011-7-2 266240][/FONT]
[FONT=Arial]R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?][/FONT]
[FONT=Arial]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-30 138912][/FONT]
[FONT=Arial]R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?][/FONT]
[FONT=Arial]R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184][/FONT]
[FONT=Arial]R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?][/FONT]
[FONT=Arial]R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?][/FONT]
[FONT=Arial]R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?][/FONT]
[FONT=Arial]R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?][/FONT]
[FONT=Arial]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496][/FONT]
[FONT=Arial]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384][/FONT]
[FONT=Arial]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576][/FONT]
[FONT=Arial]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-27 136176][/FONT]
[FONT=Arial]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632][/FONT]
[FONT=Arial]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-21 250056][/FONT]
[FONT=Arial]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [?][/FONT]
[FONT=Arial]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560][/FONT]
[FONT=Arial]S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?][/FONT]
[FONT=Arial]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840][/FONT]
[FONT=Arial]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-27 136176][/FONT]
[FONT=Arial]S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2011-7-2 960992][/FONT]
[FONT=Arial]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656][/FONT]
[FONT=Arial]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?][/FONT]
[FONT=Arial]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184][/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]=============== Created Last 30 ================[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]2012-06-26 06:36:24 -------- d-----w- C:\Users\josh\AppData\Roaming\Malwarebytes[/FONT]
[FONT=Arial]2012-06-26 06:36:10 -------- d-----w- C:\ProgramData\Malwarebytes[/FONT]
[FONT=Arial]2012-06-26 06:36:09 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys[/FONT]
[FONT=Arial]2012-06-26 06:36:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware[/FONT]
[FONT=Arial]2012-06-26 05:52:59 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A85C6C1-2887-4C41-9054-816BF4F819F6}\offreg.dll[/FONT]
[FONT=Arial]2012-06-22 23:18:17 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1A85C6C1-2887-4C41-9054-816BF4F819F6}\mpengine.dll[/FONT]
[FONT=Arial]2012-06-22 04:34:12 2622464 ----a-w- C:\Windows\System32\wucltux.dll[/FONT]
[FONT=Arial]2012-06-22 04:33:54 99840 ----a-w- C:\Windows\System32\wudriver.dll[/FONT]
[FONT=Arial]2012-06-22 04:33:34 36864 ----a-w- C:\Windows\System32\wuapp.exe[/FONT]
[FONT=Arial]2012-06-22 04:33:34 186752 ----a-w- C:\Windows\System32\wuwebv.dll[/FONT]
[FONT=Arial]2012-06-21 19:41:03 -------- d-----w- C:\Program Files (x86)\Oracle[/FONT]
[FONT=Arial]2012-06-14 04:21:40 208896 ----a-w- C:\Windows\System32\profsvc.dll[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]==================== Find3M ====================[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]2012-06-24 00:15:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[/FONT]
[FONT=Arial]2012-06-24 00:15:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe[/FONT]
[FONT=Arial]2012-06-24 00:15:09 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe[/FONT]
[FONT=Arial]2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll[/FONT]
[FONT=Arial]2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll[/FONT]
[FONT=Arial]2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl[/FONT]
[FONT=Arial]2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe[/FONT]
[FONT=Arial]2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb[/FONT]
[FONT=Arial]2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll[/FONT]
[FONT=Arial]2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll[/FONT]
[FONT=Arial]2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl[/FONT]
[FONT=Arial]2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe[/FONT]
[FONT=Arial]2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb[/FONT]
[FONT=Arial]2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys[/FONT]
[FONT=Arial]2012-05-05 02:29:22 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll[/FONT]
[FONT=Arial]2012-05-05 02:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll[/FONT]
[FONT=Arial]2012-05-04 16:52:23 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe[/FONT]
[FONT=Arial]2012-05-04 10:03:46 3970928 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe[/FONT]
[FONT=Arial]2012-05-04 10:03:46 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe[/FONT]
[FONT=Arial]2012-05-01 20:41:23 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll[/FONT]
[FONT=Arial]2012-05-01 20:41:22 175104 ----a-w- C:\Windows\System32\msclmd.dll[/FONT]
[FONT=Arial]2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys[/FONT]
[FONT=Arial]2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll[/FONT]
[FONT=Arial]2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll[/FONT]
[FONT=Arial]2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll[/FONT]
[FONT=Arial]2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll[/FONT]
[FONT=Arial]2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll[/FONT]
[FONT=Arial]2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll[/FONT]
[FONT=Arial]2012-04-07 12:18:36 3213824 ----a-w- C:\Windows\System32\msi.dll[/FONT]
[FONT=Arial]2012-04-07 11:34:37 2342400 ----a-w- C:\Windows\SysWow64\msi.dll[/FONT]
[FONT=Arial]2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]============= FINISH: 0:59:23.68 ===============[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.[/FONT]
[FONT=Arial]IF REQUESTED, ZIP IT UP & ATTACH IT[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]DDS (Ver_2011-08-26.01)[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]Microsoft Windows 7 Home Premium [/FONT]
[FONT=Arial]Boot Device: \Device\HarddiskVolume2[/FONT]
[FONT=Arial]Install Date: 7/1/2011 6:39:00 PM[/FONT]
[FONT=Arial]System Uptime: 6/25/2012 10:40:01 PM (2 hours ago)[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]Motherboard: Dell Inc. | | 04GJJT[/FONT]
[FONT=Arial]Processor: AMD Athlon(tm) II X2 245 Processor | CPU 1 | 2900/200mhz[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]==== Disk Partitions =========================[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]C: is FIXED (NTFS) - 453 GiB total, 356.221 GiB free.[/FONT]
[FONT=Arial]D: is CDROM ()[/FONT]
[FONT=Arial]E: is Removable[/FONT]
[FONT=Arial]F: is Removable[/FONT]
[FONT=Arial]G: is Removable[/FONT]
[FONT=Arial]H: is Removable[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]==== Disabled Device Manager Items =============[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]==== System Restore Points ===================[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]RP188: 6/21/2012 9:33:10 PM - Windows Update[/FONT]
[FONT=Arial]RP189: 6/22/2012 8:48:18 AM - Windows Update[/FONT]
[FONT=Arial]RP190: 6/22/2012 1:28:06 PM - Windows Update[/FONT]
[FONT=Arial]RP191: 6/23/2012 3:00:14 AM - Windows Update[/FONT]
[FONT=Arial]RP192: 6/24/2012 3:00:11 AM - Windows Update[/FONT]
[FONT=Arial]RP193: 6/24/2012 7:00:06 PM - Windows Backup[/FONT]
[FONT=Arial]RP194: 6/24/2012 11:18:46 PM - Windows Update[/FONT]
[FONT=Arial]RP195: 6/25/2012 10:31:43 PM - Windows Update[/FONT]
[FONT=Arial]RP196: 6/25/2012 10:44:35 PM - Removed Logitech Webcam Software.[/FONT]
[FONT=Arial]RP197: 6/25/2012 10:47:41 PM - Logitech Webcam Software v12.10.1110[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]==== Installed Programs ======================[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]Adobe Flash Player 11 ActiveX[/FONT]
[FONT=Arial]Adobe Flash Player 11 Plugin[/FONT]
[FONT=Arial]Adobe Reader 9.1.2[/FONT]
[FONT=Arial]AppGraffiti[/FONT]
[FONT=Arial]Apple Application Support[/FONT]
[FONT=Arial]Apple Software Update[/FONT]
[FONT=Arial]ATI Catalyst Control Center[/FONT]
[FONT=Arial]Best Buy pc app[/FONT]
[FONT=Arial]Bing Bar[/FONT]
[FONT=Arial]Catalyst Control Center - Branding[/FONT]
[FONT=Arial]Catalyst Control Center Core Implementation[/FONT]
[FONT=Arial]Catalyst Control Center Graphics Full Existing[/FONT]
[FONT=Arial]Catalyst Control Center Graphics Full New[/FONT]
[FONT=Arial]Catalyst Control Center Graphics Light[/FONT]
[FONT=Arial]Catalyst Control Center Graphics Previews Common[/FONT]
[FONT=Arial]Catalyst Control Center Graphics Previews Vista[/FONT]
[FONT=Arial]Catalyst Control Center InstallProxy[/FONT]
[FONT=Arial]Catalyst Control Center Localization All[/FONT]
[FONT=Arial]ccc-core-static[/FONT]
[FONT=Arial]CCC Help Chinese Standard[/FONT]
[FONT=Arial]CCC Help Chinese Traditional[/FONT]
[FONT=Arial]CCC Help Czech[/FONT]
[FONT=Arial]CCC Help Danish[/FONT]
[FONT=Arial]CCC Help Dutch[/FONT]
[FONT=Arial]CCC Help English[/FONT]
[FONT=Arial]CCC Help Finnish[/FONT]
[FONT=Arial]CCC Help French[/FONT]
[FONT=Arial]CCC Help German[/FONT]
[FONT=Arial]CCC Help Greek[/FONT]
[FONT=Arial]CCC Help Hungarian[/FONT]
[FONT=Arial]CCC Help Italian[/FONT]
[FONT=Arial]CCC Help Japanese[/FONT]
[FONT=Arial]CCC Help Korean[/FONT]
[FONT=Arial]CCC Help Norwegian[/FONT]
[FONT=Arial]CCC Help Polish[/FONT]
[FONT=Arial]CCC Help Portuguese[/FONT]
[FONT=Arial]CCC Help Russian[/FONT]
[FONT=Arial]CCC Help Spanish[/FONT]
[FONT=Arial]CCC Help Swedish[/FONT]
[FONT=Arial]CCC Help Thai[/FONT]
[FONT=Arial]CCC Help Turkish[/FONT]
[FONT=Arial]Constant Guard Protection Suite[/FONT]
[FONT=Arial]D3DX10[/FONT]
[FONT=Arial]Dell DataSafe Local Backup[/FONT]
[FONT=Arial]Dell DataSafe Local Backup - Support Software[/FONT]
[FONT=Arial]Dell Getting Started Guide[/FONT]
[FONT=Arial]Dell MusicStage[/FONT]
[FONT=Arial]Dell PhotoStage[/FONT]
[FONT=Arial]Dell VideoStage[/FONT]
[FONT=Arial]DirectX 9 Runtime[/FONT]
[FONT=Arial]Facebook Video Calling 1.2.0.159[/FONT]
[FONT=Arial]Google Chrome[/FONT]
[FONT=Arial]Google Update Helper[/FONT]
[FONT=Arial]GuardedID[/FONT]
[FONT=Arial]HiJackThis[/FONT]
[FONT=Arial]Java Auto Updater[/FONT]
[FONT=Arial]Java(TM) 7 Update 5[/FONT]
[FONT=Arial]JavaFX 2.1.1[/FONT]
[FONT=Arial]Junk Mail filter update[/FONT]
[FONT=Arial]Malwarebytes Anti-Malware version 1.61.0.1400[/FONT]
[FONT=Arial]Mesh Runtime[/FONT]
[FONT=Arial]Messenger Companion[/FONT]
[FONT=Arial]Microsoft Office 2010[/FONT]
[FONT=Arial]Microsoft Office Click-to-Run 2010[/FONT]
[FONT=Arial]Microsoft Office Excel MUI (English) 2007[/FONT]
[FONT=Arial]Microsoft Office Outlook MUI (English) 2007[/FONT]
[FONT=Arial]Microsoft Office PowerPoint MUI (English) 2007[/FONT]
[FONT=Arial]Microsoft Office Shared MUI (English) 2007[/FONT]
[FONT=Arial]Microsoft Office Shared Setup Metadata MUI (English) 2007[/FONT]
[FONT=Arial]Microsoft Office Starter 2010 - English[/FONT]
[FONT=Arial]Microsoft SQL Server 2005 Compact Edition [ENU][/FONT]
[FONT=Arial]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053[/FONT]
[FONT=Arial]Microsoft Visual C++ 2005 Redistributable[/FONT]
[FONT=Arial]Microsoft Visual C++ 2005 Redistributable - KB2467175[/FONT]
[FONT=Arial]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729[/FONT]
[FONT=Arial]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148[/FONT]
[FONT=Arial]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161[/FONT]
[FONT=Arial]Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319[/FONT]
[FONT=Arial]Mozilla Firefox 5.0 (x86 en-US)[/FONT]
[FONT=Arial]MSVCRT[/FONT]
[FONT=Arial]MSVCRT_amd64[/FONT]
[FONT=Arial]MSXML 4.0 SP2 (KB954430)[/FONT]
[FONT=Arial]MSXML 4.0 SP2 (KB973688)[/FONT]
[FONT=Arial]NETGEAR WNA1100 N150 Wireless USB Adapter[/FONT]
[FONT=Arial]Norton Security Suite[/FONT]
[FONT=Arial]PhotoShowExpress[/FONT]
[FONT=Arial]QuickTime[/FONT]
[FONT=Arial]Realtek High Definition Audio Driver[/FONT]
[FONT=Arial]Roxio Activation Module[/FONT]
[FONT=Arial]Roxio BackOnTrack[/FONT]
[FONT=Arial]Roxio Burn[/FONT]
[FONT=Arial]Roxio Creator Starter[/FONT]
[FONT=Arial]Roxio Express Labeler 3[/FONT]
[FONT=Arial]Security Update for CAPICOM (KB931906)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)[/FONT]
[FONT=Arial]Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)[/FONT]
[FONT=Arial]Skins[/FONT]
[FONT=Arial]Skype Toolbars[/FONT]
[FONT=Arial]Skype™ 4.2[/FONT]
[FONT=Arial]Sonic CinePlayer Decoder Pack[/FONT]
[FONT=Arial]Spotify[/FONT]
[FONT=Arial]Update for Microsoft .NET Framework 4 Client Profile (KB2468871)[/FONT]
[FONT=Arial]Update for Microsoft .NET Framework 4 Client Profile (KB2533523)[/FONT]
[FONT=Arial]Update for Microsoft .NET Framework 4 Client Profile (KB2600217)[/FONT]
[FONT=Arial]Visual Studio 2008 x64 Redistributables[/FONT]
[FONT=Arial]VLC media player 1.1.11[/FONT]
[FONT=Arial]WebM Media Foundation Components[/FONT]
[FONT=Arial]Windows Live Communications Platform[/FONT]
[FONT=Arial]Windows Live Essentials[/FONT]
[FONT=Arial]Windows Live Installer[/FONT]
[FONT=Arial]Windows Live Mail[/FONT]
[FONT=Arial]Windows Live Mesh[/FONT]
[FONT=Arial]Windows Live Mesh ActiveX Control for Remote Connections[/FONT]
[FONT=Arial]Windows Live Messenger[/FONT]
[FONT=Arial]Windows Live Messenger Companion Core[/FONT]
[FONT=Arial]Windows Live Movie Maker[/FONT]
[FONT=Arial]Windows Live Photo Common[/FONT]
[FONT=Arial]Windows Live Photo Gallery[/FONT]
[FONT=Arial]Windows Live PIMT Platform[/FONT]
[FONT=Arial]Windows Live SOXE[/FONT]
[FONT=Arial]Windows Live SOXE Definitions[/FONT]
[FONT=Arial]Windows Live UX Platform[/FONT]
[FONT=Arial]Windows Live UX Platform Language Pack[/FONT]
[FONT=Arial]Windows Live Writer[/FONT]
[FONT=Arial]Windows Live Writer Resources[/FONT]
[FONT=Arial]Yahoo! BrowserPlus 2.9.8[/FONT]
[FONT=Arial]Yahoo! Detect[/FONT]
[FONT=Arial]Yahoo! Messenger[/FONT]
[FONT=Arial]Yahoo! Software Update[/FONT]
[FONT=Arial]Yahoo! Toolbar[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]==== Event Viewer Messages From Past Week ========[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]6/25/2012 11:34:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80073701: Security Update for Windows 7 for x64-based Systems (KB2667402).[/FONT]
[FONT=Arial]6/25/2012 11:19:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows 7 Service Pack 1 for x64-based Systems (KB976932).[/FONT]
[FONT=Arial]6/25/2012 10:41:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.[/FONT]
[FONT=Arial].[/FONT]
[FONT=Arial]==== End Of File ===========================[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
 
I have renamed your thread to something more appropriate. We don't joke much in this forum because malware is not a laughing matter.
====================================
I have Norton 360 through my ISP. It says I am protected and that my computer is clean.
You weren't clean when you ran these logs.
===================================
Something to check:
You are running the Constant Guard™ Protection Suite from Comcast. It includes the Norton™ Security Suite.I see processes from both of these running.
Norton Security Suite (Not Norton 360)
Constant Guard Protection Suite

I just want to make sure you know that and didn't install a separate Norton Suite.
====================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------

  • Download Combofix from HERE or HEREand save to the desktop
    • Double click combofix.exe & follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • Close any open browsers.
  • Before you run the Combofix scan, please disable any security software you have running.
    (If you need help with this, please see HERE)
  • Click on Yes, to continue scanning for malware
  • If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
=======================================
Please leave the log in your next reply.
 
I am very sorry for your loss.

Are you still being redirected? Does your roommate plan to continue helping you?
 
Status
Not open for further replies.
Back