ComboFix 12-01-17.01 - Cathy 01/17/2012  17:34:25.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1978.940 [GMT -5:00]
Running from: c:\users\Cathy\Downloads\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\VooMuu
c:\program files (x86)\VooMuu\bin\1.0.34.0\copyright.txt
c:\program files (x86)\VooMuu\bin\1.0.34.0\VooMuuSACB.exe
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\VooMuuSA
c:\programdata\VooMuuSA\VooMuuSA.dat
c:\programdata\VooMuuSA\VooMuuSA_hpk.dat
c:\programdata\VooMuuSA\VooMuuSA_kyf.dat
c:\programdata\VooMuuSA\VooMuuSA_kyf_update.dat
c:\programdata\VooMuuSA\VooMuuSAau.dat
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-17 to 2012-01-17  )))))))))))))))))))))))))))))))
.
.
2012-01-17 22:43 . 2012-01-17 22:43	--------	d-----w-	c:\users\june\AppData\Local\temp
2012-01-17 21:59 . 2012-01-17 21:59	--------	d-----w-	C:\_OTL
2012-01-14 20:10 . 2012-01-14 20:10	--------	d-----w-	c:\program files\iPod
2012-01-14 20:10 . 2012-01-14 20:11	--------	d-----w-	c:\program files\iTunes
2012-01-14 20:10 . 2012-01-14 20:11	--------	d-----w-	c:\program files (x86)\iTunes
2012-01-14 20:08 . 2012-01-14 20:08	--------	d-----w-	c:\program files\Bonjour
2012-01-14 20:08 . 2012-01-14 20:08	--------	d-----w-	c:\program files (x86)\Bonjour
2012-01-14 20:08 . 2012-01-14 20:08	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-14 20:08 . 2012-01-14 20:08	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-14 20:08 . 2012-01-14 20:08	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-14 20:08 . 2012-01-14 20:08	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-14 20:08 . 2012-01-14 20:08	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-14 20:08 . 2012-01-14 20:08	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-14 20:08 . 2012-01-14 20:07	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-01-14 20:07 . 2012-01-14 20:07	--------	d-----w-	c:\program files (x86)\QuickTime
2012-01-14 17:46 . 2012-01-14 17:46	--------	d-----w-	c:\programdata\ParetoLogic
2012-01-14 17:46 . 2012-01-14 17:46	--------	d-----w-	c:\program files (x86)\Common Files\ParetoLogic
2012-01-14 17:46 . 2012-01-14 17:46	--------	d-----w-	c:\programdata\XoftSpySE
2012-01-14 17:46 . 2012-01-14 17:46	--------	d-----w-	c:\program files (x86)\Common Files\XoftSpySE
2012-01-14 17:45 . 2012-01-14 22:53	--------	d-----w-	c:\program files (x86)\XoftSpySE6
2012-01-13 03:07 . 2012-01-13 03:15	--------	d-----w-	c:\program files\Symantec
2012-01-12 21:09 . 2012-01-12 21:09	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-01-11 22:22 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 22:22 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 22:22 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 22:22 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 22:22 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-11 22:22 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 22:22 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 22:22 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-07 21:52 . 2012-01-07 21:52	--------	d-----w-	c:\program files\Enigma Software Group
2012-01-07 21:52 . 2012-01-07 21:52	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-01-04 01:35 . 2012-01-04 01:35	--------	d-----w-	c:\users\Cathy\AppData\Roaming\PCToolsFirewallPlus
2012-01-04 01:35 . 2012-01-04 01:35	--------	d-----w-	c:\users\Cathy\AppData\Roaming\Spam Monitor
2012-01-04 01:23 . 2009-08-13 15:50	73856	----a-w-	c:\windows\system32\drivers\pctNdis64.sys
2012-01-04 01:23 . 2012-01-07 23:12	--------	d-----w-	c:\programdata\PC Tools
2012-01-04 01:20 . 2012-01-04 01:31	--------	d-----w-	c:\users\Cathy\AppData\Roaming\GetRightToGo
2012-01-04 01:08 . 2012-01-04 01:08	--------	d-----w-	c:\users\Cathy\AppData\Local\Apps
2012-01-04 01:08 . 2012-01-04 01:09	--------	d-----w-	c:\users\Cathy\AppData\Local\Deployment
2012-01-01 17:49 . 2011-03-20 14:03	702464	----a-w-	c:\program files (x86)\Uninstall CelebSauce.dll
2012-01-01 01:43 . 2012-01-01 08:04	--------	d-----w-	c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
2011-12-26 23:59 . 2011-12-27 00:00	--------	d-----w-	c:\users\Cathy\AppData\Local\CrashDumps
2011-12-26 02:39 . 2012-01-07 21:29	--------	d-----w-	C:\NBRT
2011-12-25 23:09 . 2011-12-25 23:09	--------	d-----w-	c:\windows\system32\drivers\NBRTWizardx64
2011-12-25 23:09 . 2012-01-01 02:06	--------	d-----w-	c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2011-12-25 22:45 . 2011-12-25 22:45	--------	d-----w-	c:\users\Cathy\AppData\Roaming\Tific
2011-12-24 23:39 . 2012-01-13 00:40	--------	d-----w-	c:\users\Cathy\AppData\Local\NPE
2011-12-24 20:59 . 2011-12-24 20:59	--------	d-----w-	c:\users\Cathy\AppData\Local\Symantec
2011-12-24 20:55 . 2011-12-24 20:55	--------	d-----w-	c:\windows\system32\drivers\NortonPCCheckupx64
2011-12-24 20:55 . 2011-12-24 20:55	--------	d-----w-	c:\program files (x86)\Norton PC Checkup
2011-12-24 18:30 . 2010-08-21 04:59	34152	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-24 18:30 . 2012-01-14 22:53	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2011-12-24 18:30 . 2011-12-24 21:37	174200	----a-w-	c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-12-24 18:03 . 2011-12-17 17:15	91720	----a-w-	c:\program files (x86)\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2011-12-24 18:03 . 2011-12-17 17:15	1642056	----a-w-	c:\program files (x86)\Mozilla Firefox\IdVaultCore.dll
2011-12-24 18:03 . 2011-12-17 17:13	8007680	----a-w-	c:\program files (x86)\Mozilla Firefox\Microsoft.mshtml.dll
2011-12-24 18:02 . 2011-07-05 15:18	29288	------w-	c:\windows\system32\drivers\gidv2.sys
2011-12-24 18:02 . 2011-07-05 15:25	65816	------w-	c:\windows\system32\GIDLogonCP64.dll
2011-12-24 18:02 . 2011-07-05 15:24	446752	------w-	c:\windows\system32\GIDHookLogon64.dll
2011-12-24 18:02 . 2011-07-05 15:23	102160	------w-	c:\windows\system32\GIDBIN3.DLL
2011-12-24 18:02 . 2011-07-05 15:23	206608	------w-	c:\windows\system32\GIDBIN1.DLL
2011-12-24 18:02 . 2011-12-24 18:02	--------	d-----w-	c:\program files (x86)\Common Files\scanner
2011-12-24 18:00 . 2011-12-24 18:02	--------	d-----w-	c:\program files (x86)\xfin_portal
2011-12-20 00:50 . 2011-12-20 00:50	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2011-12-19 23:35 . 2011-12-22 05:44	--------	d-----w-	c:\program files\Microsoft Security Client
2011-12-19 03:54 . 2012-01-14 22:52	--------	d-----w-	c:\windows\system32\drivers\N360x64
2011-12-19 03:46 . 2011-07-05 15:25	467224	------w-	c:\windows\system32\GIDHOOK64.DLL
2011-12-19 02:39 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-19 02:34 . 2011-12-19 02:34	--------	d-----w-	c:\program files (x86)\Apple Software Update
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 22:34 . 2010-06-12 23:00	737072	----a-w-	c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-14 22:34 . 2010-07-21 21:40	4283672	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-14 22:34 . 2010-07-21 21:40	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-14 22:34 . 2010-06-12 23:00	539984	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-08 09:26 . 2010-07-21 21:41	737072	----a-w-	c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-01-06 04:59 . 2010-06-12 23:00	4283672	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-06 04:55 . 2010-06-12 23:00	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-01-06 04:35 . 2010-07-21 21:40	539984	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-15 23:59 . 2011-07-25 21:36	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-16 00:21	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2012-01-17 16:17	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{25C71CC4-F4DA-473D-B5AB-7330070F3833}\mpengine.dll
2011-11-15 19:29 . 2010-08-07 03:45	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-16 00:18	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-16 00:18	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-10-24 19:29 . 2011-10-24 19:29	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{574be437-25ae-4010-a53e-8c63b6ae02ff}]
2011-06-24 11:24	81920	----a-w-	c:\program files (x86)\oovootoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 23:17	1487240	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{574be437-25ae-4010-a53e-8c63b6ae02ff}"= "c:\program files (x86)\oovootoolbar\vmntemplateX.dll" [2011-06-24 81920]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{574be437-25ae-4010-a53e-8c63b6ae02ff}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft® Windows® Operating System"="c:\users\Cathy\AppData\Roaming\Microsoft\Protect\Credentials" [X]
"CrossRiderPlugin"="c:\program files (x86)\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-12-17 4689992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-22 1156216]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 136176]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111223.001\IDSvia64.sys [2011-12-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-12-17 63048]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Norton Security Suite\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe [2011-12-14 177080]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe [2011-12-14 126392]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26	435976	----a-w-	c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 01:53]
.
2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-07 01:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-10-29 822816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"combofix"="c:\combofix\CF19621.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e525&r=273606101105l0464z175r5542494q
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1185823F-F22F-4027-80E5-4F68ACD5DE5E} - c:\program files (x86)\2YourFace\bho.dll
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-RunServices-MicrosoftWindows - c:\users\Cathy\AppData\Roaming\windows32.exe
Wow6432Node-HKCU-RunServicesOnce-MicrosoftWindows - c:\users\Cathy\AppData\Roaming\windows32.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-PLFSetI - c:\windows\PLFSetI.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Norton Security Suite\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Norton Security Suite\Norton Security Suite\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.48\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3960724563-295947535-3481900843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3960724563-295947535-3481900843-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\SFT\GuardedID\gidd.exe 
.
**************************************************************************
.
Completion time: 2012-01-17  17:53:07 - machine was rebooted
ComboFix-quarantined-files.txt  2012-01-17 22:53
.
Pre-Run: 176,650,375,168 bytes free
Post-Run: 176,346,263,552 bytes free
.
- - End Of File - - C91188B4F7831598B91927111CA05516