I did a scan with a log in HiJackThis. Here is the log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:04 PM, on 7/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.271\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.271\ccSvcHst.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.271\ccSvcHst.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\sniper.exe\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272840921484O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.3.271\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.3.271\ccSvcHst.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
--
End of file - 7775 bytes
I down loaded ComboFix. It did not ask me where to save it to, so it is not on the desktop and I really don't know how to find it to store it there. I did disable the Norton Antivirus and ran ComboFix. The log is blow:
ComboFix 10-07-01.02 - Pat 07/02/2010 22:05:04.1.1 - x86
Running from: c:\documents and settings\Pat\My Documents\Downloads\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.
2010-06-30 21:55 . 2010-06-30 21:12 53632 ----a-w- c:\documents and settings\Pat\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-30 21:12 . 2010-06-30 21:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-30 21:09 . 2010-06-30 21:09 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-30 21:09 . 2010-03-29 12:53 29984 ----a-w- c:\documents and settings\Pat\Application Data\Mozilla\Firefox\Profiles\o1a20d3z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-06-30 18:40 . 2010-06-30 18:40 0 ----a-w- c:\windows\nsreg.dat
2010-06-30 18:40 . 2010-06-30 18:40 -------- d-----w- c:\documents and settings\Pat\Local Settings\Application Data\Mozilla
2010-06-29 20:44 . 2010-06-29 20:44 -------- d-----w- c:\program files\Secunia
2010-06-28 23:42 . 2010-06-28 23:50 -------- d-----w- c:\windows\system32\Adobe
2010-06-28 01:28 . 2010-06-28 01:28 388096 ----a-r- c:\documents and settings\Pat\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-28 01:28 . 2010-06-28 01:30 -------- d-----w- c:\program files\Trend Micro
2010-06-27 20:26 . 2010-06-27 20:26 -------- d-----w- c:\documents and settings\Pat\Application Data\Malwarebytes
2010-06-27 20:25 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 20:25 . 2010-06-27 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-27 20:22 . 2010-06-27 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 20:22 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-27 13:58 . 2010-06-29 21:03 63488 ----a-w- c:\documents and settings\Pat\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-27 13:57 . 2010-06-27 13:57 52224 ----a-w- c:\documents and settings\Pat\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-27 13:57 . 2010-06-29 21:03 117760 ----a-w- c:\documents and settings\Pat\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-27 13:56 . 2010-06-27 13:56 -------- d-----w- c:\documents and settings\Pat\Application Data\SUPERAntiSpyware.com
2010-06-27 13:56 . 2010-06-27 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-27 13:56 . 2010-06-27 13:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-27 13:40 . 2010-06-27 13:40 -------- d-----w- c:\program files\CCleaner
2010-06-27 13:34 . 2010-06-27 13:35 -------- d-----w- c:\documents and settings\Pat\Application Data\PCToolsFirewallPlus
2010-06-27 13:28 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-27 13:28 . 2009-11-09 15:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-27 13:28 . 2010-01-07 16:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-27 13:27 . 2010-07-03 02:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-27 13:27 . 2010-06-27 13:28 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-27 13:27 . 2010-01-12 13:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-06-27 13:27 . 2010-01-07 15:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-06-27 13:27 . 2010-01-07 15:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-06-27 13:27 . 2010-01-13 12:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-06-27 13:27 . 2010-06-27 13:35 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-06-23 21:17 . 2010-06-27 23:23 -------- d-----w- c:\documents and settings\Pat\Local Settings\Application Data\Tific
2010-06-23 21:17 . 2010-06-23 21:17 -------- d-----w- c:\documents and settings\Pat\Application Data\Tific
2010-06-23 21:17 . 2010-06-23 21:17 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2010-06-23 21:16 . 2010-06-23 21:17 -------- d-----w- c:\program files\Norton PC Checkup
2010-06-23 00:07 . 2010-06-23 00:07 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb3.tmp.exe
2010-06-20 14:15 . 2010-06-20 14:15 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-11 23:42 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 04:49 . 2010-06-08 04:49 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-06-05 17:12 . 2010-06-05 17:12 503808 ----a-w- c:\documents and settings\Pat\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c34f6c6-n\msvcp71.dll
2010-06-05 17:12 . 2010-06-05 17:12 499712 ----a-w- c:\documents and settings\Pat\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c34f6c6-n\jmc.dll
2010-06-05 17:12 . 2010-06-05 17:12 348160 ----a-w- c:\documents and settings\Pat\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c34f6c6-n\msvcr71.dll
2010-06-05 17:11 . 2010-06-05 17:11 61440 ----a-w- c:\documents and settings\Pat\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1dc74e91-n\decora-sse.dll
2010-06-05 17:11 . 2010-06-05 17:11 12800 ----a-w- c:\documents and settings\Pat\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1dc74e91-n\decora-d3d.dll
2010-06-05 17:11 . 2010-06-05 17:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-05 17:00 . 2010-06-05 17:00 -------- d-----w- c:\documents and settings\Pat\Application Data\Logitech
2010-06-05 16:33 . 2008-05-02 06:38 301656 ----a-w- c:\windows\system32\BtCoreIf.dll
2010-06-05 16:33 . 2008-05-02 06:40 84496 ----a-w- c:\windows\system32\KemXML.dll
2010-06-05 16:33 . 2008-05-02 06:40 117264 ----a-w- c:\windows\system32\KemWnd.dll
2010-06-05 16:33 . 2008-05-02 06:39 145936 ----a-w- c:\windows\system32\KemUtil.dll
2010-06-05 16:33 . 2008-05-02 06:39 170512 ----a-w- c:\windows\system32\kemutb.dll
2010-06-05 16:32 . 2010-06-05 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 01:02 . 2010-03-07 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-30 20:42 . 2009-12-20 07:04 -------- d-----w- c:\program files\Dell AIO Printer A920
2010-06-28 23:38 . 2005-03-03 07:24 -------- d-----w- c:\program files\QuickTime
2010-06-23 21:16 . 2009-12-19 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-23 21:16 . 2009-12-19 23:55 -------- d-----w- c:\program files\NortonInstaller
2010-06-20 14:34 . 2005-03-03 07:24 -------- d-----w- c:\program files\iTunes
2010-06-20 14:33 . 2005-03-03 07:24 -------- d-----w- c:\program files\iPod
2010-06-20 14:27 . 2010-04-30 03:45 -------- d-----w- c:\program files\Bonjour
2010-06-08 09:58 . 2010-02-19 22:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 17:10 . 2005-03-03 06:45 -------- d-----w- c:\program files\Java
2010-06-05 16:47 . 2005-03-03 07:23 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-03 04:03 . 2010-05-19 04:16 33744 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-29 17:08 . 2010-05-29 17:08 -------- d-----w- c:\documents and settings\Pat\Application Data\Leadertech
2010-05-29 17:08 . 2010-05-29 17:08 53248 ----a-r- c:\documents and settings\Pat\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-05-29 17:05 . 2010-05-29 17:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-05-29 17:04 . 2010-05-29 17:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-05-29 17:04 . 2010-05-29 17:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-05-29 17:01 . 2010-05-29 17:01 -------- d-----w- c:\documents and settings\Pat\Application Data\InstallShield
2010-05-28 17:35 . 2010-05-08 03:48 36672 ----a-w- c:\documents and settings\Pat\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-28 17:20 . 2010-05-01 02:16 -------- d-----w- c:\documents and settings\Pat\Application Data\Apple Computer
2010-05-28 17:19 . 2009-12-23 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-28 11:04 . 2010-05-28 11:04 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-23 00:59 . 2010-05-23 00:58 -------- d-----w- c:\program files\AbiSuite2
2010-05-19 23:01 . 2010-05-19 23:01 -------- d-----w- c:\program files\Watchtower
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 10:30 . 2010-05-18 10:30 -------- d-----w- c:\documents and settings\Pat\Application Data\AdobeUM
2010-05-12 03:34 . 2009-12-23 06:13 -------- d-----w- c:\program files\Apple Software Update
2010-05-09 18:55 . 2010-05-09 18:55 -------- d-----w- c:\documents and settings\Pat\Application Data\Watchtower
2010-05-08 21:13 . 2005-03-03 08:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-08 04:14 . 2010-05-08 04:14 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-08 04:14 . 2010-05-08 04:14 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-08 04:14 . 2010-05-08 04:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-08 04:14 . 2010-05-08 04:14 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-08 04:14 . 2010-05-08 04:14 -------- d-----w- c:\program files\Symantec
2010-05-08 04:12 . 2010-05-08 04:11 -------- d-----w- c:\program files\Norton AntiVirus
2010-05-07 23:16 . 2010-02-06 19:19 377 ----a-w- c:\windows\PowerReg.dat
2010-05-06 10:41 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 03:55 . 2010-05-06 03:54 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-05-06 03:54 . 2010-05-06 03:54 -------- d-----w- c:\program files\ABBYY FineReader 6.0
2010-05-06 03:54 . 2010-05-06 03:54 -------- d-----w- c:\program files\FaxTools
2010-05-06 03:54 . 2005-03-03 07:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-06 03:54 . 2010-05-06 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-05-02 23:39 . 2004-10-15 10:37 82435 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-02 23:39 . 2010-05-02 23:39 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\LocalContent\Attachments\devcon.exe
2010-05-02 23:39 . 2010-05-02 23:39 307200 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\pchnotify.exe
2010-05-02 23:39 . 2010-05-02 23:39 3072 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\jsharpde\pchealthde.exe
2010-05-02 05:22 . 2004-08-04 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-04 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 12:33 . 2010-05-12 03:34 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33 . 2010-05-12 03:34 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-09 20:58 . 2010-04-09 20:58 3092368 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Downloads\HRBlockMI.exe
2010-04-08 21:36 . 2010-04-08 21:36 4096 ----a-w- c:\windows\d3dx.dat
2010-04-08 03:55 . 2010-04-08 03:52 21195208 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US65016901xupd.exe
2005-07-26 05:39 . 2009-12-19 19:59 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 270336]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-6-5 805392]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [5/20/2010 8:15 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [5/20/2010 8:15 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [6/22/2010 7:49 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [5/20/2010 8:15 PM 501888]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/27/2010 9:28 AM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [5/20/2010 8:15 PM 116784]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [5/20/2010 8:15 PM 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.3.271\SymcPCCULaunchSvc.exe [6/23/2010 5:17 PM 103792]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.3.271\ccSvcHst.exe [6/23/2010 5:17 PM 126392]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [6/27/2010 9:28 AM 88040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 5:51 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100629.001\IDSXpx86.sys [6/30/2010 2:08 PM 331640]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [6/27/2010 9:27 AM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [6/27/2010 9:27 AM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [6/27/2010 9:27 AM 115216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 9:51 AM 135664]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [5/28/2010 7:04 AM 14896]
.
Contents of the 'Scheduled Tasks' folder
2010-05-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
2010-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:50]
2010-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Pat\Application Data\Mozilla\Firefox\Profiles\o1a20d3z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-02 22:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.3.271\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.3.271\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-07-02 22:29:44
ComboFix-quarantined-files.txt 2010-07-03 02:29
Pre-Run: 11,894,972,416 bytes free
Post-Run: 12,176,793,600 bytes free
- - End Of File - - 5B7216D9F09CBF22D6B6403BBB89B947
I have turned the Anti Virus back on.
Thanks again for your patience and help! Pat