Below is the ComboFix log. Note that I am doing everything in safe mode, so please let me know if or when I need to boot in normal mode.
ComboFix 09-05-26.05 - Scott 05/27/2009 17:10.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.356 [GMT -7:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Scott\Application Data\EurekaLog
c:\documents and settings\Scott\Application Data\EurekaLog\EurekaLog.ini
c:\windows\system32\drivers\gthoryz.sys
c:\windows\system32\drivers\ihfh.sys
c:\windows\system32\drivers\knrjqk.sys
c:\windows\system32\drivers\purm.sys
c:\windows\system32\drivers\UACtagkouuvwrpgpha.sys
c:\windows\system32\drivers\wxvq.sys
c:\windows\system32\UACftyyqrtkmsvnxkv.dll
c:\windows\system32\UAChyvmtkmaknptrnr.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkmndeuocvrrujmr.dll
c:\windows\system32\UACoeerkpxripdwjoq.log
c:\windows\system32\UACpypdvbovatgpcrc.log
c:\windows\system32\UACsqqhwmqbrnaeppx.dll
c:\windows\system32\UACuxnowfvpyklvamd.dat
c:\windows\system32\UACvsieqybeabjepdl.dll
c:\windows\system32\UACxnxtlwarrthquow.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))
.
2009-05-21 00:20 . 2009-05-03 05:27 165240 ----a-r c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-05-21 00:10 . 2009-05-21 00:10 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-20 02:38 . 2009-05-20 02:38 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2009-05-20 02:29 . 2009-05-22 23:57 152576 ----a-w c:\documents and settings\Scott\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-20 02:07 . 2009-05-20 02:07 -------- d-----w c:\program files\CCleaner
2009-05-19 06:30 . 2009-05-19 06:31 -------- d-----w C:\CamboFix
2009-05-19 03:36 . 2009-05-03 05:28 876144 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090518.022\NAVEX15.SYS
2009-05-19 03:36 . 2009-05-03 05:27 1181040 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090518.022\NAVEX32A.DLL
2009-05-19 03:36 . 2009-05-03 05:28 89104 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090518.022\NAVENG.SYS
2009-05-19 03:36 . 2009-05-03 05:28 371248 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090518.022\EECTRL.SYS
2009-05-19 03:36 . 2009-05-03 05:28 101936 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090518.022\ERASER.SYS
2009-05-19 03:36 . 2009-05-03 05:27 177520 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090518.022\NAVENG32.DLL
2009-05-19 03:36 . 2009-05-03 05:27 259368 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090518.022\ECMSVR32.DLL
2009-05-19 03:36 . 2009-05-03 05:27 2414128 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090518.022\CCERASER.DLL
2009-05-19 02:11 . 2009-05-19 02:11 -------- d-----w c:\documents and settings\Scott\Application Data\Malwarebytes
2009-05-19 01:58 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 01:58 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 01:58 . 2009-05-19 02:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 01:58 . 2009-05-19 01:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-18 22:42 . 2009-05-18 22:42 -------- d-----w c:\program files\Trend Micro
2009-05-18 20:14 . 2009-05-18 20:14 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-18 06:17 . 2009-05-18 06:18 -------- d-----w c:\program files\Norton Support
2009-05-18 05:42 . 2009-05-18 05:42 60672 ----a-w c:\windows\system32\drivers\finiubtspxpi.sys
2009-05-08 22:07 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\Scxpx86.dll
2009-05-08 22:07 . 2009-05-03 05:28 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSXpx86.sys
2009-05-08 22:07 . 2009-05-03 05:27 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSxpx86.dll
2009-05-08 22:07 . 2009-05-03 05:28 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSvix86.sys
2009-05-08 22:07 . 2009-05-03 05:28 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSviA64.sys
2009-05-08 19:06 . 2009-05-03 05:28 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090506.001\IDSXpx86.sys
2009-05-08 19:06 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090506.001\Scxpx86.dll
2009-05-08 19:06 . 2009-05-03 05:28 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090506.001\IDSvix86.sys
2009-05-08 19:06 . 2009-05-03 05:27 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090506.001\IDSxpx86.dll
2009-05-08 19:06 . 2009-05-03 05:28 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090506.001\IDSviA64.sys
2009-05-03 06:04 . 2009-05-03 05:28 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090501.001\IDSXpx86.sys
2009-05-03 06:04 . 2009-05-03 05:28 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090501.001\IDSviA64.sys
2009-05-03 06:04 . 2009-05-03 05:28 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090501.001\IDSvix86.sys
2009-05-03 06:04 . 2009-05-03 05:27 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090501.001\IDSxpx86.dll
2009-05-03 06:04 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090501.001\Scxpx86.dll
2009-05-03 05:29 . 2009-05-03 05:27 554352 ----a-r c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-05-03 02:33 . 2009-05-03 05:03 -------- d-----w c:\program files\NortonInstaller
2009-05-03 02:33 . 2009-05-03 02:35 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-02 01:12 . 2009-05-02 01:18 -------- d-----w c:\program files\ATCSIMPRO
2009-04-30 02:08 . 2009-04-30 02:08 368 ----a-w C:\temp.reg
2009-04-30 02:05 . 2009-04-30 02:17 -------- d-----w c:\program files\ATCsimulator2
2009-04-30 02:05 . 2009-04-30 02:05 249856 ------w c:\windows\Setup1.exe
2009-04-30 02:05 . 2009-04-30 02:05 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-30 02:04 . 2009-04-30 02:05 -------- d-----w c:\windows\speech
2009-04-30 02:04 . 2009-04-30 02:04 -------- d-----w c:\windows\lhsp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 01:06 . 2009-03-12 16:29 -------- d-----w c:\program files\Coupons
2009-05-22 00:06 . 2009-05-22 00:06 168 ----a-w c:\program files\uftafia.txt
2009-05-21 00:20 . 2008-09-26 18:57 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-05-18 05:25 . 2008-06-09 14:07 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-05-17 22:19 . 2006-12-03 16:32 -------- d-----w c:\documents and settings\Scott\Application Data\MSN6
2009-05-11 18:16 . 2006-09-26 04:08 -------- d-----w c:\program files\Norton SystemWorks
2009-05-08 02:49 . 2008-11-07 02:40 -------- d-----w c:\documents and settings\Scott\Application Data\gtk-2.0
2009-05-04 09:04 . 2005-05-31 04:11 -------- d-----w c:\documents and settings\Scott\Application Data\Symantec
2009-05-03 05:35 . 2009-05-03 05:26 -------- d-----w c:\program files\Norton Internet Security
2009-05-03 05:29 . 2009-05-03 02:34 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-05-03 05:28 . 2006-09-25 03:04 -------- d-----w c:\program files\Symantec
2009-05-03 05:28 . 2006-11-13 04:26 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-03 05:28 . 2006-11-13 04:26 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-03 05:28 . 2006-09-25 03:05 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-05-03 05:28 . 2006-09-25 03:05 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-03 05:28 . 2009-05-03 05:29 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-05-03 05:28 . 2009-05-03 05:28 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-05-03 05:28 . 2009-05-03 05:28 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-05-03 05:28 . 2009-05-03 05:28 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-05-03 05:28 . 2009-05-03 05:28 1290592 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-05-03 05:27 . 2009-05-03 05:27 136840 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-05-03 05:27 . 2009-05-03 05:27 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-05-03 05:27 . 2009-05-03 05:27 796016 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-05-03 05:26 . 2009-05-03 05:26 -------- d-----w c:\program files\Windows Sidebar
2009-05-03 05:26 . 2005-04-21 03:13 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-03 05:22 . 2005-04-21 03:13 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-27 21:03 . 2009-04-27 21:03 6041600 ----a-w c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\CIP\Release_01_3062.exe
2009-04-27 21:02 . 2009-04-27 21:02 123138 ----a-w c:\documents and settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\MakeDesktopShortcut.EXE
2009-04-27 21:00 . 2007-06-01 21:18 -------- d-----w c:\documents and settings\Guest\Application Data\Symantec
2009-04-27 20:59 . 2007-06-01 21:20 50648 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 01:38 . 2008-09-15 03:59 -------- d-----w c:\program files\Bonjour
2009-04-18 21:41 . 2009-02-06 03:41 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-04-18 04:33 . 2009-04-18 04:33 -------- d-----w c:\documents and settings\Scott\Application Data\Learn2.com
2009-04-17 04:06 . 2009-04-17 04:06 -------- d-----w c:\documents and settings\All Users\Application Data\GARMIN
2009-04-17 04:01 . 2005-04-21 03:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-17 03:39 . 2009-04-15 22:53 -------- d-----w c:\documents and settings\Scott\Application Data\Download Manager
2009-04-16 03:21 . 2009-04-06 01:46 -------- d-----w c:\documents and settings\Scott\Application Data\GARMIN
2009-04-13 09:00 . 2005-05-31 04:13 50648 ----a-w c:\documents and settings\Scott\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 00:56 . 2009-04-11 00:56 -------- d-----w c:\program files\MSECache
2009-04-02 21:31 . 2009-04-02 21:31 -------- d-----w c:\program files\Amazon
2009-03-31 19:59 . 2009-03-31 19:58 79872 ----a-w c:\documents and settings\Scott\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2009-03-31 19:57 . 2009-03-31 19:57 -------- d-----w c:\documents and settings\Scott\Application Data\SanDisk
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-03-06 14:22 . 2004-08-04 10:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 10:00 826368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EasyLinkAdvisor"="e:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-03 389120]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" [2005-09-30 120464]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-26 39408]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SansaDispatch"="c:\documents and settings\Scott\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-03-31 79872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-23 339968]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\SYSTEM32\WDBtnMgr.exe [2007-10-22 364544]
c:\documents and settings\Scott\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-9-30 485208]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-9-30 485208]
Norton GoBack.lnk - c:\program files\Norton SystemWorks\Norton GoBack\GBTray.exe [2006-7-19 861872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Scott\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\SymEFA.sys [5/2/2009 10:28 PM 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\BHDrvx86.sys [5/2/2009 10:28 PM 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NIS\1005000.087\cchpx86.sys [5/2/2009 10:28 PM 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSXpx86.sys [5/8/2009 3:07 PM 276344]
S1 prcmondrv;prcmondrv;c:\windows\SYSTEM32\DRIVERS\prcmondrv1041.sys [4/23/2008 9:02 PM 18432]
S2 AAF27FF5119880CC47906F4513EE9316;AAF27FF5119880CC47906F4513EE9316;cmd /k start /i "/dC:" "c:\cambofix\HIDEC.exe" "c:\cambofix\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q --> cmd [?]
S2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [9/24/2006 5:31 PM 3744]
S2 btgl;btgl;c:\windows\system32\drivers\lvdu.sys --> c:\windows\system32\drivers\lvdu.sys [?]
S2 esuwletj;esuwletj;c:\windows\system32\drivers\knrjqk.sys --> c:\windows\system32\drivers\knrjqk.sys [?]
S2 hxsyl;hxsyl;c:\windows\system32\drivers\dufgmrcg.sys --> c:\windows\system32\drivers\dufgmrcg.sys [?]
S2 ixooevsu;ixooevsu;c:\windows\SYSTEM32\DRIVERS\finiubtspxpi.sys [5/17/2009 10:42 PM 60672]
S2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [9/24/2006 5:31 PM 3904]
S2 mpaz;mpaz;c:\windows\system32\drivers\purm.sys --> c:\windows\system32\drivers\purm.sys [?]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [5/2/2009 10:28 PM 115560]
S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~2\NPROTECT.EXE [11/3/2005 7:08 PM 95832]
S2 qbqjjjwt;qbqjjjwt;c:\windows\system32\drivers\gthoryz.sys --> c:\windows\system32\drivers\gthoryz.sys [?]
S2 rdzcdari;rdzcdari;c:\windows\system32\drivers\ihfh.sys --> c:\windows\system32\drivers\ihfh.sys [?]
S2 rvzz;rvzz;c:\windows\system32\drivers\srrmjl.sys --> c:\windows\system32\drivers\srrmjl.sys [?]
S2 yuezdpj;yuezdpj;c:\windows\system32\drivers\wxvq.sys --> c:\windows\system32\drivers\wxvq.sys [?]
S3 bfastfao;bfastfao;\??\c:\docume~1\Scott\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\Scott\LOCALS~1\Temp\bfastfao.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/28/2009 11:37 AM 101936]
S3 PHIL16Ar;Philips RUSH Audio Player (128 MB) Control Driver;c:\windows\system32\Drivers\PHIL16Ar.sys --> c:\windows\system32\Drivers\PHIL16Ar.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-05-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-26 03:47]
2009-05-11 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2006-08-03 03:05]
2009-05-17 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-27 02:48]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - hxxps://ra.qwest.com/sdccommon/download/tgctlins.cab
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\kwsr4xa1.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-27 17:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Scott\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?.lnk?tform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AAF27FF5119880CC47906F4513EE9316]
"ImagePath"="cmd /k start /i \"/d%systemdrive%\" \"c:\cambofix\HIDEC.exe\" \"c:\cambofix\SWREG.EXE\" ACL \"HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep\" /RESET /Q"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3685884262-3868343814-340763777-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-3685884262-3868343814-340763777-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,69,31,89,00,b6,4b,9a,e1,37,69,77,c0,c2,e6,f7,05,58,5b,4d,a8,fc,59,
48,69,90,cb,04,75,1a,7c,9b,f3,e2,f9,ab,0b,f5,f5,10,8a,f7,77,a5,d9,41,b0,16,\
"??"=hex:cc,a6,a5,73,56,b5,ae,f5,3c,02,0a,58,f4,7c,fe,97
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-28 17:16
ComboFix-quarantined-files.txt 2009-05-28 00:16
Pre-Run: 13,649,506,304 bytes free
Post-Run: 13,786,902,528 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
285 --- E O F --- 2009-05-13 19:11