ComboFix 12-02-09.04 - Paul 02/09/2012  21:13:00.1.1 - x86 NETWORK
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.2039.1593 [GMT -5:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paul\AppData\Roaming\EurekaLog
c:\users\Paul\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\users\Paul\Documents\pubB7A2.tmp
c:\users\Paul\g2mdlhlpx.exe
c:\users\Paul\GoToAssistDownloadHelper.exe
c:\windows\alcrmv.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\twain.dll
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-10 to 2012-02-10  )))))))))))))))))))))))))))))))
.
.
2012-02-10 02:24 . 2012-02-10 02:24	--------	d-----w-	c:\users\Paul\AppData\Local\temp
2012-02-10 02:24 . 2012-02-10 02:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-10 01:41 . 2012-02-10 01:41	--------	d-----w-	c:\users\Paul\AppData\Roaming\Malwarebytes
2012-02-10 01:41 . 2012-02-10 01:41	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-10 01:41 . 2012-02-10 01:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-10 01:41 . 2011-12-10 20:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-10 01:24 . 2012-02-10 01:24	--------	d-----w-	C:\_OTL
2012-02-09 00:17 . 2012-02-09 00:17	--------	d-----w-	c:\program files\Common Files\iS3
2012-02-09 00:17 . 2012-02-10 01:32	--------	d-----w-	c:\programdata\STOPzilla!
2012-02-08 15:20 . 2012-02-08 15:20	--------	d-----w-	c:\windows\Sun
2012-02-01 00:58 . 2012-02-01 00:58	547880	----a-r-	c:\windows\system32\SZComp5.dll
2012-02-01 00:58 . 2012-02-01 00:58	482344	----a-r-	c:\windows\system32\SZBase5.dll
2012-02-01 00:58 . 2012-02-01 00:58	24616	----a-r-	c:\windows\system32\SZIO5.dll
2012-02-01 00:58 . 2012-02-01 00:58	134184	----a-r-	c:\windows\system32\IS3HTUI5.dll
2012-02-01 00:57 . 2012-02-01 00:57	68648	----a-r-	c:\windows\system32\IS3Hks5.dll
2012-02-01 00:57 . 2012-02-01 00:57	457768	----a-r-	c:\windows\system32\IS3DBA5.dll
2012-02-01 00:57 . 2012-02-01 00:57	392232	----a-r-	c:\windows\system32\IS3UI5.dll
2012-02-01 00:57 . 2012-02-01 00:57	30248	----a-r-	c:\windows\system32\IS3XDat5.dll
2012-02-01 00:57 . 2012-02-01 00:57	105512	----a-r-	c:\windows\system32\IS3Inet5.dll
2012-02-01 00:57 . 2012-02-01 00:57	101416	----a-r-	c:\windows\system32\IS3Svc5.dll
2012-02-01 00:57 . 2012-02-01 00:57	810024	----a-r-	c:\windows\system32\IS3Base5.dll
2012-02-01 00:57 . 2012-02-01 00:57	232488	----a-r-	c:\windows\system32\IS3Win325.dll
2012-01-31 16:49 . 2011-11-17 05:48	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-01-31 16:49 . 2011-11-17 05:39	224768	----a-w-	c:\windows\system32\schannel.dll
2012-01-31 16:49 . 2011-11-17 05:38	1037312	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-31 16:49 . 2011-11-17 05:48	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-31 16:49 . 2011-11-17 05:42	369352	----a-w-	c:\windows\system32\drivers\cng.sys
2012-01-31 16:49 . 2011-11-17 05:39	314368	----a-w-	c:\windows\system32\webio.dll
2012-01-31 16:49 . 2011-11-17 05:39	99840	----a-w-	c:\windows\system32\sspicli.dll
2012-01-31 16:49 . 2011-11-17 05:39	15360	----a-w-	c:\windows\system32\sspisrv.dll
2012-01-31 16:49 . 2011-11-17 05:39	22016	----a-w-	c:\windows\system32\secur32.dll
2012-01-31 16:49 . 2011-11-17 05:36	22528	----a-w-	c:\windows\system32\lsass.exe
2012-01-15 01:47 . 2012-01-15 01:48	--------	d-----w-	c:\program files\Media Player Utilities 5.22
2012-01-13 11:36 . 2012-01-13 11:36	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-13 11:36 . 2012-01-13 11:36	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-13 11:36 . 2012-01-13 11:36	43992	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
2012-01-13 11:36 . 2012-01-13 11:36	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-11 02:49 . 2012-01-11 02:49	--------	d-----w-	c:\windows\system32\EventProviders
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 23:07 . 2011-07-09 21:43	138836	----a-w-	C:\DUMP3b2e.tmp
2012-01-04 18:06 . 2012-01-04 18:06	72080	----a-r-	c:\windows\system32\drivers\SZKGFS.sys
2011-11-24 04:23 . 2011-12-16 02:57	2340352	----a-w-	c:\windows\system32\win32k.sys
2011-11-19 14:06 . 2012-01-11 00:57	67072	----a-w-	c:\windows\system32\packager.dll
2011-11-17 05:41 . 2012-01-11 00:57	1288984	----a-w-	c:\windows\system32\ntdll.dll
2012-01-13 11:36 . 2011-05-12 01:17	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52	762000	----a-r-	c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52	762000	----a-r-	c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52	762000	----a-r-	c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\Paul\Desktop\OTL.exe" [2012-02-09 584192]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-01-13 1081416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 07:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57	406992	----a-w-	c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 18:54	91520	----a-w-	c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2010-12-25 12:15	1483016	----a-w-	c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49	249064	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-09-26 61328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-20 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [2011-09-26 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2012-01-04 72080]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2007-03-07 2595840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 23:16]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-05 23:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=15557&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Video Converter... - c:\program files\Media Player Utilities 5.22\AVIConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1EC46DF4-E396-467E-82D7-3600CC429D45}: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\tb66223y.default\
FF - prefs.js: browser.search.selectedEngine - Good Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
AddRemove-ZoomBrowserEXDeInstall - c:\program files\Canon\ZoomBrowser EX\Uninst.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-09  21:30:18
ComboFix-quarantined-files.txt  2012-02-10 02:30
.
Pre-Run: 966,352,896 bytes free
Post-Run: 1,364,373,504 bytes free
.
- - End Of File - - 6B4144DAFF64121D93A4909A17A4442A