Hello,
A couple of weeks ago I picked up a browser hijacker 'aartemis portal site',
hxxp://aartemis.com/?type=sc&ts=1385327932&from=cor&uid=HTS541060G9AT00_MP27XBXDG5EXVSG5EXVSX
and I have been unable to get rid of it. I tried removing it from Firefox and IE plugins/home page settings/search engine preferences etc but to no avail. It continues to act as the default home page whenever I open a browser. I have also been unable to remove AVG Security Toolbar.
Here are some background details:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Greg at 12:37:11 on 2013-12-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.101 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\IDriveWindows\idwservice_600.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files\Kana Reminder\Reminder.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\IDriveWindows\idw_web.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg4.mail.yahoo.com/neo/launch?.rand=bictgq7b6352g
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <local>
mWinlogon: SFCDisable = dword:-99
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.1.0.18\ips\IPSBHO.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.1.0.18\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.1.0.18\CoIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Kana Reminder] c:\program files\kana reminder\Reminder.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LClock] c:\program files\lclock\LClock.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
TCP: NameServer = 68.105.28.11 68.105.29.11
TCP: Interfaces\{2F953918-A5AE-4A23-A08D-90AE36852799} : DHCPNameServer = 68.105.28.11 68.105.29.11
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\greg\application data\mozilla\firefox\profiles\z7d6eg68.default-1382105477296\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: c:\documents and settings\greg\local settings\application data\citrix\plugins\92\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-25 08:34; jid1-F9UJ2thwoAm5gQ@jetpack; c:\documents and settings\greg\application data\mozilla\firefox\profiles\z7d6eg68.default-1382105477296\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF - ExtSQL: 2013-11-29 14:46; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_21.1.0.18\coFFPlgn
FF - ExtSQL: 2013-11-29 14:47; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_21.1.0.18\IPSFF
FF - ExtSQL: 2013-11-29 15:59; avg@toolbar; c:\documents and settings\all users\application data\avg safeguard toolbar\firefoxext\17.1.3.3
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-8-7 13560]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1501000.012\SymDS.sys [2013-11-27 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1501000.012\SymEFA.sys [2013-11-27 935512]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-29 37664]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.1.0.18\definitions\bashdefs\20131203.001\BHDrvx86.sys [2013-12-3 1098968]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1501000.012\ccSetx86.sys [2013-11-27 127064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1501000.012\Ironx86.sys [2013-11-27 206936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-29 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\norton 360\nortondata\21.1.0.18\definitions\ipsdefs\20131203.002\IDSXpx86.sys [2013-12-4 380824]
R3 NAVENG;NAVENG;c:\program files\norton 360\nortondata\21.1.0.18\definitions\virusdefs\20131203.032\NAVENG.SYS [2013-12-4 93272]
R3 NAVEX15;NAVEX15;c:\program files\norton 360\nortondata\21.1.0.18\definitions\virusdefs\20131203.032\NAVEX15.SYS [2013-12-4 1612376]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-3-18 1691480]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-8-7 41584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-25 22856]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2012-7-6 2074480]
.
=============== Created Last 30 ================
.
2013-11-30 16:48:49 -------- d-----w- c:\program files\Market Samurai
2013-11-30 00:12:41 -------- d-----w- c:\program files\Dropbox
2013-11-30 00:09:44 -------- d-----w- c:\documents and settings\greg\application data\Dropbox
2013-11-29 22:15:51 -------- d-----w- c:\documents and settings\all users\application data\WinZipEC
2013-11-29 21:59:59 -------- d-----w- c:\program files\File Association Helper
2013-11-29 21:59:52 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240DE.TMP
2013-11-29 21:59:06 -------- d-----w- c:\documents and settings\greg\local settings\application data\AVG SafeGuard toolbar
2013-11-29 21:58:27 -------- d-----w- c:\program files\PasswordBox
2013-11-29 21:58:09 -------- d-----w- c:\documents and settings\greg\application data\AVG SafeGuard toolbar
2013-11-29 21:57:58 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-29 21:57:03 -------- d-----w- c:\documents and settings\all users\application data\AVG SafeGuard toolbar
2013-11-29 21:56:57 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-11-29 21:56:53 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-11-29 16:11:31 -------- d-----w- c:\program files\cygdrive
2013-11-27 23:22:13 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-11-27 21:47:00 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-11-27 21:46:59 -------- d-----w- c:\program files\Symantec
2013-11-27 21:46:59 -------- d-----w- c:\program files\common files\Symantec Shared
2013-11-27 21:46:16 446552 ----a-r- c:\windows\system32\drivers\n360\1501000.012\symnets.sys
2013-11-27 21:46:16 421592 ----a-r- c:\windows\system32\drivers\n360\1501000.012\symtdi.sys
2013-11-27 21:46:16 383576 ----a-r- c:\windows\system32\drivers\n360\1501000.012\symtdiv.sys
2013-11-27 21:46:15 935512 ----a-r- c:\windows\system32\drivers\n360\1501000.012\SymEFA.sys
2013-11-27 21:46:15 651352 ----a-r- c:\windows\system32\drivers\n360\1501000.012\srtsp.sys
2013-11-27 21:46:15 367704 ----a-r- c:\windows\system32\drivers\n360\1501000.012\SymDS.sys
2013-11-27 21:46:15 32344 ----a-r- c:\windows\system32\drivers\n360\1501000.012\srtspx.sys
2013-11-27 21:46:15 21520 ----a-r- c:\windows\system32\drivers\n360\1501000.012\SymELAM.sys
2013-11-27 21:46:15 206936 ----a-r- c:\windows\system32\drivers\n360\1501000.012\Ironx86.sys
2013-11-27 21:46:14 127064 ----a-r- c:\windows\system32\drivers\n360\1501000.012\ccSetx86.sys
2013-11-27 21:45:01 14818 ----a-r- c:\windows\system32\drivers\n360\1501000.012\SymVTcer.dat
2013-11-27 21:44:58 -------- d-----w- c:\windows\system32\drivers\n360\1501000.012
2013-11-27 21:44:58 -------- d-----w- c:\windows\system32\drivers\N360
2013-11-27 21:44:54 -------- d-----w- c:\program files\Norton 360
2013-11-27 21:44:52 -------- d-----w- c:\documents and settings\all users\application data\Norton
2013-11-27 21:44:00 -------- d-----w- c:\program files\NortonInstaller
2013-11-27 21:44:00 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2013-11-26 15:07:51 -------- d-----w- c:\documents and settings\greg\local settings\application data\Browser Guard
2013-11-26 15:07:21 -------- d-----w- c:\program files\Trend Micro
2013-11-25 22:06:16 -------- d-----w- c:\program files\common files\Macromedia
2013-11-25 22:05:48 -------- d-----w- c:\program files\Macromedia
2013-11-25 22:04:34 180224 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
2013-11-25 22:04:31 262144 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
2013-11-25 22:04:30 32768 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
2013-11-25 22:04:28 409600 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
2013-11-25 22:04:27 172032 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
2013-11-25 22:04:23 761856 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
2013-11-25 22:04:21 540772 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
2013-11-25 22:03:30 -------- d-----w- c:\windows\Downloaded Installations
2013-11-25 19:18:59 -------- d-----w- c:\documents and settings\greg\local settings\application data\gtk-2.0
2013-11-25 19:06:11 -------- d-----w- c:\documents and settings\greg\local settings\application data\fontconfig
2013-11-25 19:06:00 -------- d-----w- c:\documents and settings\greg\.gimp-2.8
2013-11-25 19:05:58 -------- d-----w- c:\documents and settings\greg\local settings\application data\gegl-0.2
2013-11-25 16:49:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-25 16:49:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-24 21:31:31 -------- d-----w- c:\documents and settings\greg\application data\NCH Software
2013-11-24 21:31:18 -------- d-----w- c:\program files\NCH Software
2013-11-24 21:18:31 216064 ----a-w- c:\windows\system32\lagarith.dll
2013-11-24 21:18:30 715038 ----a-w- c:\windows\unins000.exe
2013-11-24 21:18:27 178688 ----a-w- c:\windows\system32\unrar.dll
2013-11-24 21:18:15 -------- d-----w- c:\documents and settings\all users\application data\DivX
2013-11-24 21:18:07 -------- d-----w- c:\program files\DSP-worx
2013-11-24 21:18:06 -------- d-----w- c:\documents and settings\greg\application data\CDXReader
2013-11-24 21:18:05 -------- d-----w- c:\documents and settings\greg\application data\LavFilters
2013-11-24 18:37:27 -------- d-----w- c:\documents and settings\all users\application data\FileLab
2013-11-22 17:18:20 -------- d-----w- c:\documents and settings\greg\local settings\application data\TechSmith
2013-11-18 19:33:50 -------- d-----w- c:\documents and settings\greg\application data\TechSmith
2013-11-18 19:25:20 -------- d-----w- c:\documents and settings\all users\application data\regid.1995-08.com.techsmith
2013-11-18 19:25:06 -------- d-----w- c:\program files\common files\TechSmith Shared
2013-11-17 23:17:21 -------- d-----w- c:\windows\system32\NtmsData
2013-11-17 17:55:19 -------- d-----w- c:\windows\system32\IBCOMMON
2013-11-17 17:54:34 24064 ----a-w- c:\windows\system32\msxml3a.dll
2013-11-17 17:54:31 644400 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2013-11-17 17:54:30 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-11-17 17:54:30 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX
2013-11-17 17:54:29 151552 ----a-w- c:\windows\system32\ibzip.dll
2013-11-17 17:54:29 143360 ----a-w- c:\windows\system32\ibunzip.dll
2013-11-17 17:54:23 -------- d-----w- c:\program files\IDriveWindows
2013-11-05 22:05:08 -------- d-----w- c:\program files\Mozilla Firefox.bak
.
==================== Find3M ====================
.
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 16:02:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 16:02:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 16:02:39 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 12:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 12:29:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 12:38:52.98 ===============
Note: I see DDS says Norton is 'enabled', but I went in before the scan and disabled Norton, and it shows that it is disabled; not sure why DDS says enabled?
Thank you for any assistance you can provide!
A couple of weeks ago I picked up a browser hijacker 'aartemis portal site',
hxxp://aartemis.com/?type=sc&ts=1385327932&from=cor&uid=HTS541060G9AT00_MP27XBXDG5EXVSG5EXVSX
and I have been unable to get rid of it. I tried removing it from Firefox and IE plugins/home page settings/search engine preferences etc but to no avail. It continues to act as the default home page whenever I open a browser. I have also been unable to remove AVG Security Toolbar.
Here are some background details:
- Windows XP SP3 on an Acer laptop
- Running Norton anti-virus
- Using control panel add/remove programs will NOT remove the AVG tool bar; no effect at all, it continues to show up in the control panel
- After I first detected the hijacker, I ran Hijack This and Malwarebytes in Safe mode with networking, and they found numerous PUP entries and said they were removed/quarantined. However after restart, the Aartemis still shows up. Subsequent scans with Hijack and Malwarebytes no longer detect anything, but the Aartemis is definitely still active.
- I ran the GMER scan as requested, and have the ark.txt and attach.txt logs on my desktop, but - when I right-click on them, I do not show an option to 'save as compressed file/folder'; only RAR option. Please advise how you would like me to attach them.
- Am attaching the DDS log per your instructions:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Greg at 12:37:11 on 2013-12-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.101 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\IDriveWindows\idwservice_600.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files\Kana Reminder\Reminder.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\IDriveWindows\idw_web.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mg4.mail.yahoo.com/neo/launch?.rand=bictgq7b6352g
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyOverride = <local>
mWinlogon: SFCDisable = dword:-99
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\21.1.0.18\ips\IPSBHO.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.1.0.18\CoIEPlg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\21.1.0.18\CoIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Kana Reminder] c:\program files\kana reminder\Reminder.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LClock] c:\program files\lclock\LClock.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
TCP: NameServer = 68.105.28.11 68.105.29.11
TCP: Interfaces\{2F953918-A5AE-4A23-A08D-90AE36852799} : DHCPNameServer = 68.105.28.11 68.105.29.11
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\greg\application data\mozilla\firefox\profiles\z7d6eg68.default-1382105477296\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: c:\documents and settings\greg\local settings\application data\citrix\plugins\92\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-25 08:34; jid1-F9UJ2thwoAm5gQ@jetpack; c:\documents and settings\greg\application data\mozilla\firefox\profiles\z7d6eg68.default-1382105477296\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF - ExtSQL: 2013-11-29 14:46; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_21.1.0.18\coFFPlgn
FF - ExtSQL: 2013-11-29 14:47; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_21.1.0.18\IPSFF
FF - ExtSQL: 2013-11-29 15:59; avg@toolbar; c:\documents and settings\all users\application data\avg safeguard toolbar\firefoxext\17.1.3.3
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-8-7 13560]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1501000.012\SymDS.sys [2013-11-27 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1501000.012\SymEFA.sys [2013-11-27 935512]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-11-29 37664]
R1 BHDrvx86;BHDrvx86;c:\program files\norton 360\nortondata\21.1.0.18\definitions\bashdefs\20131203.001\BHDrvx86.sys [2013-12-3 1098968]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1501000.012\ccSetx86.sys [2013-11-27 127064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1501000.012\Ironx86.sys [2013-11-27 206936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-29 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\norton 360\nortondata\21.1.0.18\definitions\ipsdefs\20131203.002\IDSXpx86.sys [2013-12-4 380824]
R3 NAVENG;NAVENG;c:\program files\norton 360\nortondata\21.1.0.18\definitions\virusdefs\20131203.032\NAVENG.SYS [2013-12-4 93272]
R3 NAVEX15;NAVEX15;c:\program files\norton 360\nortondata\21.1.0.18\definitions\virusdefs\20131203.032\NAVEX15.SYS [2013-12-4 1612376]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-3-18 1691480]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-8-7 41584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-25 22856]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2012-7-6 2074480]
.
=============== Created Last 30 ================
.
2013-11-30 16:48:49 -------- d-----w- c:\program files\Market Samurai
2013-11-30 00:12:41 -------- d-----w- c:\program files\Dropbox
2013-11-30 00:09:44 -------- d-----w- c:\documents and settings\greg\application data\Dropbox
2013-11-29 22:15:51 -------- d-----w- c:\documents and settings\all users\application data\WinZipEC
2013-11-29 21:59:59 -------- d-----w- c:\program files\File Association Helper
2013-11-29 21:59:52 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240DE.TMP
2013-11-29 21:59:06 -------- d-----w- c:\documents and settings\greg\local settings\application data\AVG SafeGuard toolbar
2013-11-29 21:58:27 -------- d-----w- c:\program files\PasswordBox
2013-11-29 21:58:09 -------- d-----w- c:\documents and settings\greg\application data\AVG SafeGuard toolbar
2013-11-29 21:57:58 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-29 21:57:03 -------- d-----w- c:\documents and settings\all users\application data\AVG SafeGuard toolbar
2013-11-29 21:56:57 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-11-29 21:56:53 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-11-29 16:11:31 -------- d-----w- c:\program files\cygdrive
2013-11-27 23:22:13 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2013-11-27 21:47:00 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-11-27 21:46:59 -------- d-----w- c:\program files\Symantec
2013-11-27 21:46:59 -------- d-----w- c:\program files\common files\Symantec Shared
2013-11-27 21:46:16 446552 ----a-r- c:\windows\system32\drivers\n360\1501000.012\symnets.sys
2013-11-27 21:46:16 421592 ----a-r- c:\windows\system32\drivers\n360\1501000.012\symtdi.sys
2013-11-27 21:46:16 383576 ----a-r- c:\windows\system32\drivers\n360\1501000.012\symtdiv.sys
2013-11-27 21:46:15 935512 ----a-r- c:\windows\system32\drivers\n360\1501000.012\SymEFA.sys
2013-11-27 21:46:15 651352 ----a-r- c:\windows\system32\drivers\n360\1501000.012\srtsp.sys
2013-11-27 21:46:15 367704 ----a-r- c:\windows\system32\drivers\n360\1501000.012\SymDS.sys
2013-11-27 21:46:15 32344 ----a-r- c:\windows\system32\drivers\n360\1501000.012\srtspx.sys
2013-11-27 21:46:15 21520 ----a-r- c:\windows\system32\drivers\n360\1501000.012\SymELAM.sys
2013-11-27 21:46:15 206936 ----a-r- c:\windows\system32\drivers\n360\1501000.012\Ironx86.sys
2013-11-27 21:46:14 127064 ----a-r- c:\windows\system32\drivers\n360\1501000.012\ccSetx86.sys
2013-11-27 21:45:01 14818 ----a-r- c:\windows\system32\drivers\n360\1501000.012\SymVTcer.dat
2013-11-27 21:44:58 -------- d-----w- c:\windows\system32\drivers\n360\1501000.012
2013-11-27 21:44:58 -------- d-----w- c:\windows\system32\drivers\N360
2013-11-27 21:44:54 -------- d-----w- c:\program files\Norton 360
2013-11-27 21:44:52 -------- d-----w- c:\documents and settings\all users\application data\Norton
2013-11-27 21:44:00 -------- d-----w- c:\program files\NortonInstaller
2013-11-27 21:44:00 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2013-11-26 15:07:51 -------- d-----w- c:\documents and settings\greg\local settings\application data\Browser Guard
2013-11-26 15:07:21 -------- d-----w- c:\program files\Trend Micro
2013-11-25 22:06:16 -------- d-----w- c:\program files\common files\Macromedia
2013-11-25 22:05:48 -------- d-----w- c:\program files\Macromedia
2013-11-25 22:04:34 180224 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
2013-11-25 22:04:31 262144 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
2013-11-25 22:04:30 32768 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
2013-11-25 22:04:28 409600 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
2013-11-25 22:04:27 172032 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
2013-11-25 22:04:23 761856 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
2013-11-25 22:04:21 540772 ----a-w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
2013-11-25 22:03:30 -------- d-----w- c:\windows\Downloaded Installations
2013-11-25 19:18:59 -------- d-----w- c:\documents and settings\greg\local settings\application data\gtk-2.0
2013-11-25 19:06:11 -------- d-----w- c:\documents and settings\greg\local settings\application data\fontconfig
2013-11-25 19:06:00 -------- d-----w- c:\documents and settings\greg\.gimp-2.8
2013-11-25 19:05:58 -------- d-----w- c:\documents and settings\greg\local settings\application data\gegl-0.2
2013-11-25 16:49:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-25 16:49:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-24 21:31:31 -------- d-----w- c:\documents and settings\greg\application data\NCH Software
2013-11-24 21:31:18 -------- d-----w- c:\program files\NCH Software
2013-11-24 21:18:31 216064 ----a-w- c:\windows\system32\lagarith.dll
2013-11-24 21:18:30 715038 ----a-w- c:\windows\unins000.exe
2013-11-24 21:18:27 178688 ----a-w- c:\windows\system32\unrar.dll
2013-11-24 21:18:15 -------- d-----w- c:\documents and settings\all users\application data\DivX
2013-11-24 21:18:07 -------- d-----w- c:\program files\DSP-worx
2013-11-24 21:18:06 -------- d-----w- c:\documents and settings\greg\application data\CDXReader
2013-11-24 21:18:05 -------- d-----w- c:\documents and settings\greg\application data\LavFilters
2013-11-24 18:37:27 -------- d-----w- c:\documents and settings\all users\application data\FileLab
2013-11-22 17:18:20 -------- d-----w- c:\documents and settings\greg\local settings\application data\TechSmith
2013-11-18 19:33:50 -------- d-----w- c:\documents and settings\greg\application data\TechSmith
2013-11-18 19:25:20 -------- d-----w- c:\documents and settings\all users\application data\regid.1995-08.com.techsmith
2013-11-18 19:25:06 -------- d-----w- c:\program files\common files\TechSmith Shared
2013-11-17 23:17:21 -------- d-----w- c:\windows\system32\NtmsData
2013-11-17 17:55:19 -------- d-----w- c:\windows\system32\IBCOMMON
2013-11-17 17:54:34 24064 ----a-w- c:\windows\system32\msxml3a.dll
2013-11-17 17:54:31 644400 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2013-11-17 17:54:30 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-11-17 17:54:30 108336 ----a-w- c:\windows\system32\MSWINSCK.OCX
2013-11-17 17:54:29 151552 ----a-w- c:\windows\system32\ibzip.dll
2013-11-17 17:54:29 143360 ----a-w- c:\windows\system32\ibunzip.dll
2013-11-17 17:54:23 -------- d-----w- c:\program files\IDriveWindows
2013-11-05 22:05:08 -------- d-----w- c:\program files\Mozilla Firefox.bak
.
==================== Find3M ====================
.
2013-10-13 07:25:38 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24:17 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 16:02:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 16:02:47 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 16:02:39 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 12:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 12:29:36 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14:01 7168 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 12:38:52.98 ===============
Note: I see DDS says Norton is 'enabled', but I went in before the scan and disabled Norton, and it shows that it is disabled; not sure why DDS says enabled?
Thank you for any assistance you can provide!