Possibly moved virus/malware from one PC to another.

Hi Larry,

We worked together on your other PC so there is no need for me to give the introduction speech. Malwarebytes has identified and removed the rogue program WinAntivirus. It appears to have killed it off. However, i`m not convinced as this type of rogue sometimes comes bundled with other stuff. Lets give Combofix a whirl and see if it uncovers anything for us. First off it appears you may have two Firewall running, this is not good.
I can see Norton suite running and Sygate Firewall also, if this is correct uninstall the Sygate Firewall from Add/Remove programs via the Control panel, you will have to turn it off first. Next,

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

Combofix

Don`t forget Combofix must be saved to your desktop. <--Very important

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection

Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

Post the log from Combofix and a fresh HJT log in your reply please....

Kevin..

Kevin,

1. Uninstalled Sygate

2. Loaded and ran ComboFix.  Logs attached

3.  Ran Hijackthis.  Logs attched.

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

ComboFix 10-08-25.01 - JEL 08/26/2010   9:49.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.346 [GMT -5:00]
Running from: c:\documents and settings\JEL\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Logo.sys
c:\program files\INSTALL.LOG
C:\test.txt
c:\windows\Downloaded Program Files\RdxIE.dll
c:\windows\start.exe
c:\windows\system\Drivers
c:\windows\system32\Data
c:\windows\system32\windows.scr
c:\windows\Web\default.htt
c:\windows\winhelp.ini

.
(((((((((((((((((((((((((   Files Created from 2010-07-26 to 2010-08-26  )))))))))))))))))))))))))))))))
.

2010-08-25 17:55 . 2010-08-25 17:55 -------- d-----w- c:\documents and settings\JEL\Application Data\Malwarebytes
2010-08-25 17:55 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 17:55 . 2010-08-25 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 17:55 . 2010-08-25 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-25 17:55 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 23:42 . 2010-08-16 23:42 388096 ----a-r- c:\documents and settings\JEL\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-16 23:42 . 2010-08-16 23:42 -------- d-----w- c:\program files\Trend Micro
2010-08-03 09:30 . 2010-08-03 09:30 503808 ----a-w- c:\documents and settings\JEL\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-18a26107-n\msvcp71.dll
2010-08-03 09:30 . 2010-08-03 09:30 499712 ----a-w- c:\documents and settings\JEL\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-18a26107-n\jmc.dll
2010-08-03 09:30 . 2010-08-03 09:30 12800 ----a-w- c:\documents and settings\JEL\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7f80df7e-n\decora-d3d.dll
2010-08-03 09:30 . 2010-08-03 09:30 61440 ----a-w- c:\documents and settings\JEL\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7f80df7e-n\decora-sse.dll
2010-08-03 09:30 . 2010-08-03 09:30 348160 ----a-w- c:\documents and settings\JEL\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-18a26107-n\msvcr71.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 14:50 . 2007-05-08 18:42 -------- d-----w- c:\program files\Symantec AntiVirus
2010-08-24 21:58 . 2006-02-12 16:18 -------- d-----w- c:\documents and settings\JEL\Application Data\Viewpoint
2010-08-24 21:58 . 2005-09-09 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-24 21:58 . 2002-08-08 02:14 -------- d-----w- c:\program files\Viewpoint
2010-08-24 17:58 . 2008-10-23 16:01 -------- d-----w- c:\program files\Common Files\Java
2010-08-24 17:57 . 2008-10-23 16:01 -------- d-----w- c:\program files\Java
2010-08-17 17:35 . 2008-12-22 18:43 -------- d-----w- c:\program files\RGS-CardMaster
2010-07-22 19:18 . 2010-07-22 19:18 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-22 19:06 . 2010-07-22 19:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-22 18:10 . 2010-07-22 17:57 9699328 ---ha-w- C:\cachefile0.sys
2010-07-17 10:00 . 2010-07-05 15:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-13 22:37 . 2010-07-13 22:37 -------- d-----w- c:\documents and settings\JEL\Application Data\runData
2010-07-13 22:33 . 2010-07-13 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\1320go
2010-07-13 13:59 . 2010-07-13 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-07-13 13:59 . 2010-07-13 13:58 -------- d-----w- c:\program files\AIM7
2010-07-13 13:58 . 2010-07-13 13:58 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-13 13:58 . 2009-10-13 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-07-12 08:56 . 2010-07-22 19:06 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2009-03-21 15:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2009-03-22 15:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-05 15:08 . 2010-07-05 15:08 503808 ----a-w- c:\documents and settings\JEL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-35d8e072-n\msvcp71.dll
2010-07-05 15:08 . 2010-07-05 15:08 499712 ----a-w- c:\documents and settings\JEL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-35d8e072-n\jmc.dll
2010-07-05 15:08 . 2010-07-05 15:08 61440 ----a-w- c:\documents and settings\JEL\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-18f3a435-n\decora-sse.dll
2010-07-05 15:08 . 2010-07-05 15:08 348160 ----a-w- c:\documents and settings\JEL\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-35d8e072-n\msvcr71.dll
2010-07-05 15:08 . 2010-07-05 15:08 12800 ----a-w- c:\documents and settings\JEL\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-18f3a435-n\decora-d3d.dll
2010-06-30 12:31 . 2002-12-22 22:06 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-12-22 22:07 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-12-22 22:06 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-12-22 22:04 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2002-12-22 22:25 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\BINARIES\helpsvc.exe
2010-06-14 07:41 . 2002-12-22 22:05 1172480 ----a-w- c:\windows\system32\msxml3.dll
2000-10-13 22:56 . 2000-10-13 22:56 23357 ---h--w- c:\program files\folder.htt
1998-10-07 23:15 . 2004-11-30 00:28 122832 ------w- c:\program files\UNWISE.EXE
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288]
"Aim"="c:\program files\AIM7\aim.exe" [2010-04-19 3972440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-11-30 684032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TraySantaCruz"="c:\windows\SYSTEM32\tbctray.exe" [2002-04-03 290816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2001-7-26 167936]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-18 169472]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-8-12 1568768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^67x Commander.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\67x Commander.lnk
backup=c:\windows\pss\67x Commander.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JEL^Start Menu^Programs^Startup^AccessDTV Service.lnk]
path=c:\documents and settings\JEL\Start Menu\Programs\Startup\AccessDTV Service.lnk
backup=c:\windows\pss\AccessDTV Service.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JEL^Start Menu^Programs^Startup^Shortcut to zremote beta.exe.lnk]
path=c:\documents and settings\JEL\Start Menu\Programs\Startup\Shortcut to zremote beta.exe.lnk
backup=c:\windows\pss\Shortcut to zremote beta.exe.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryMeter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-12 17:07 36864 ------w- c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-10 18:00 28739 ------w- c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2002-05-21 01:36 90112 ------w- c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-12 16:33 45108 ------w- c:\program files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2001-10-10 01:42 26112 ------w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Write DVD-R!]
2003-05-29 21:53 122880 ------w- c:\program files\Write DVD!\Saimon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2002-11-23 08:15 631362 ------w- c:\program files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LoadQM"=loadqm.exe
"PCHealth"=c:\windows\PCHealth\Support\PCHSchd.exe -s
"RealTray"=c:\program files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
"MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
"MadExe"=c:\program files\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
"WorksFUD"=c:\program files\Microsoft Works\wkfud.exe
"Microsoft Works Portfolio"=c:\program files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe
"AttuneClientEngine"=c:\progra~1\AVEO\ATTUNE\bin\Attune_ce.exe
"MotiveMonitor"=c:\program files\Motive\motmon.exe
"TCASUTIEXE"=TCAUDIAG -off
"RxMon"=c:\program files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
"CreateCD50"=c:\progra~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
"TaskMonitor"=c:\windows\taskmon.exe
"MULTIMEDIA KEYBOARD"=c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe
"QuickTime Task"=c:\windows\SYSTEM32\qttask.exe
"POINTER"=c:\program files\Microsoft Hardware\Mouse\point32.exe
"QAGENT"=c:\quickenw\QAGENT.EXE
"HPAIO_PrintFolderMgr"=c:\windows\SYSTEM\hpoopm07.exe
"SystemTray"=SysTray.Exe
"vptray"=c:\progra~1\NORTON~1\vptray.exe
"NAV Agent"=c:\progra~1\NORTON~2\NORTON~3\NAVAPW32.EXE
"NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"LoadQM"=loadqm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"*StateMgr"=c:\windows\System\Restore\StateMgr.exe
"ScriptBlocking"="c:\program files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
"SSDPSRV"=c:\windows\SYSTEM\ssdpsrv.exe
"NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
"CSINJECT.EXE"=c:\program files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
"rtvscn95"=c:\progra~1\NORTON~1\rtvscn95.exe
"defwatch"=c:\progra~1\NORTON~1\defwatch.exe
"SymTray - Norton SystemWorks"=c:\program files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
"GoBack Polling Service"=c:\program files\Roxio\GoBack\GBPoll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=

R0 ezgmntr;EZ GIG II Backup Archive Explorer;c:\windows\SYSTEM32\DRIVERS\ezgmntr.sys [6/17/2006 8:56 AM 213760]
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [3/21/2009 10:38 AM 64288]
R1 saicdr;saicdr;c:\windows\SYSTEM32\DRIVERS\Saicdr.sys [10/6/2003 10:53 AM 51456]
R1 saicdrwup;saicdrwup;c:\windows\SYSTEM32\DRIVERS\saicdrwup.sys [10/6/2003 10:53 AM 3328]
R1 saiudf;saiudf;c:\windows\SYSTEM32\DRIVERS\Saiudf.sys [10/6/2003 10:53 AM 364800]
R2 ezgfsfilt;EZ GIG II FS Filter;c:\windows\SYSTEM32\DRIVERS\ezgfsfilt.sys [6/17/2006 8:56 AM 28800]
R3 Eacfilt;Eacfilt Miniport;c:\windows\SYSTEM32\DRIVERS\eacfilt.sys [12/10/2005 1:00 PM 9161]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/24/2010 5:43 PM 102448]
R3 Janus;Janus, WDM Video Capture;c:\windows\SYSTEM32\DRIVERS\tazJanus.sys [12/10/2003 11:54 PM 323808]
R3 Saa7146;Saa7146, WDM Video Capture;c:\windows\SYSTEM32\DRIVERS\taz7146.sys [10/14/2003 8:13 PM 40512]
R3 tbcspud;Santa Cruz Driver;c:\windows\SYSTEM32\DRIVERS\tbcspud.sys [12/9/2003 12:19 PM 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\SYSTEM32\DRIVERS\tbcwdm.sys [12/9/2003 12:19 PM 545088]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\SYSTEM32\DRIVERS\ipsecw2k.sys [12/10/2005 12:59 PM 114016]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 3:55 AM 1355416]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [1/10/2005 3:57 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [1/10/2005 3:57 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [1/10/2005 3:57 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [1/10/2005 3:57 PM 10368]
S3 DST;HiDTV PRO;c:\windows\SYSTEM32\DRIVERS\HiDTV.sys [12/20/2002 2:15 AM 629392]
S3 GEMSER;Gemplus GemPC410 Serial Smart Card Reader;c:\windows\SYSTEM32\DRIVERS\gemser.sys [2/25/2004 12:15 PM 26944]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 8:17 AM 15008]
S3 magaService;Lan Discover Agent;c:\program files\Sygate\SSA\maga\maga.exe --> c:\program files\Sygate\SSA\maga\maga.exe [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]
S3 SNDP202;Dual Mode Camera (8008 VGA);c:\windows\SYSTEM32\DRIVERS\sndp202.sys [12/25/2004 10:12 AM 245120]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [12/9/2003 12:19 PM 19232]
S3 zremote;zremote;c:\windows\SYSTEM32\DRIVERS\zremote.sys [12/25/2002 2:28 AM 39504]

--- Other Services/Drivers In Memory ---

*Deregistered* - wg3n
*Deregistered* - wg4n
*Deregistered* - wg5n
*Deregistered* - wg6n

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 22:17 7168 ------w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 13:16]

2010-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Name-Space Handler: ftp\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\SYSTEM32\NZDD.DLL
Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\SYSTEM32\NZDD.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RemoteControl - (no file)
HKCU-Run-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
HKLM-Run-RemoteCenter - (no file)
HKLM-Run-CTHelper - CTHELPER.EXE
HKLM-Run-AsioReg - CTASIO.DLL
MSConfigStartUp-System Soap Pro - c:\program files\System Soap Pro\soap.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
ActiveSetup-RNA - rundll rnasetup.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-26 10:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-26  10:11:14
ComboFix-quarantined-files.txt  2010-08-26 15:10

Pre-Run: 23,163,957,248 bytes free
Post-Run: 23,847,997,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - E64C143A88E484E5D23ECC4CB3E91D12

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:18:39 AM, on 8/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SYSTEM32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\ACCESS~2\ACCESS~1\bin\cbm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM32\NZDD.DLL
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\SYSTEM32\tbctray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM7\aim.exe" /d locale=en-US
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.apple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8783 bytes

Kevin,

1. Scanned "cachefile0" with Jotti.  Results - Status =  0 out of 19 scans report malware.

2. Scanned "cachefile0" with Virustotal  - Results   

File name: cachefile0.sys
Submission date: 2010-08-27 12:46:28 (UTC)
Current status: queued (#33) queued (#32) analysing finished

Result: 0/ 42 (0.0%)

3. Created file CFScript.txt and added it to and ran ComboFix.  Logs attached.

4. I had the same issue with Kaspersky as I did with my son's PC.  It appears to not like the Java level even though I have 1.6 installed.  I tried a number of things recommended by Jave but it still thinks I don't have the correct level.   In the end, I did not run it.

5. Security Checks  -  Log attached.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

 ComboFix 10-08-26.04 - JEL 08/27/2010   9:02.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.304 [GMT -5:00]
Running from: c:\documents and settings\JEL\Desktop\ComboFix.exe
Command switches used :: c:\temp\LarryViruslogs\8-27-2010\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_magaService

(((((((((((((((((((((((((   Files Created from 2010-07-27 to 2010-08-27  )))))))))))))))))))))))))))))))
.

2010-08-26 15:16 . 2010-08-27 13:01 -------- d-----w- c:\temp\LarryViruslogs
2010-08-25 17:55 . 2010-08-25 17:55 -------- d-----w- c:\documents and settings\JEL\Application Data\Malwarebytes
2010-08-25 17:55 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 17:55 . 2010-08-25 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 17:55 . 2010-08-25 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-25 17:55 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 23:42 . 2010-08-16 23:42 -------- d-----w- c:\program files\Trend Micro

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 14:20 . 2007-05-08 18:42 -------- d-----w- c:\program files\Symantec AntiVirus
2010-08-24 21:58 . 2006-02-12 16:18 -------- d-----w- c:\documents and settings\JEL\Application Data\Viewpoint
2010-08-24 21:58 . 2005-09-09 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-24 21:58 . 2002-08-08 02:14 -------- d-----w- c:\program files\Viewpoint
2010-08-24 17:58 . 2008-10-23 16:01 -------- d-----w- c:\program files\Common Files\Java
2010-08-24 17:57 . 2008-10-23 16:01 -------- d-----w- c:\program files\Java
2010-08-17 17:35 . 2008-12-22 18:43 -------- d-----w- c:\program files\RGS-CardMaster
2010-07-22 19:18 . 2010-07-22 19:18 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-22 19:06 . 2010-07-22 19:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-22 18:10 . 2010-07-22 17:57 9699328 ---ha-w- C:\cachefile0.sys
2010-07-17 10:00 . 2010-07-05 15:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-13 22:37 . 2010-07-13 22:37 -------- d-----w- c:\documents and settings\JEL\Application Data\runData
2010-07-13 22:33 . 2010-07-13 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\1320go
2010-07-13 13:59 . 2010-07-13 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-07-13 13:59 . 2010-07-13 13:58 -------- d-----w- c:\program files\AIM7
2010-07-13 13:58 . 2010-07-13 13:58 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-13 13:58 . 2009-10-13 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-07-12 08:55 . 2009-03-21 15:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2009-03-22 15:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 2002-12-22 22:06 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-12-22 22:07 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-12-22 22:06 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-12-22 22:04 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2002-12-22 22:05 1172480 ----a-w- c:\windows\system32\msxml3.dll
2000-10-13 22:56 . 2000-10-13 22:56 23357 ---h--w- c:\program files\folder.htt
1998-10-07 23:15 . 2004-11-30 00:28 122832 ------w- c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E} ----

2010-07-22 19:06 . 2010-07-22 19:06 90 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\instance.dat
2010-07-22 19:06 . 2010-07-22 19:06 9 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.lan
2010-07-22 19:06 . 2010-07-22 19:06 5381 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.par
2010-07-22 19:06 . 2010-07-22 19:07 490 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.dat
2010-07-22 19:06 . 2010-07-12 08:56 574219 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\mia.lib
2010-07-22 19:06 . 2010-07-12 08:56 24055397 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.res
2010-07-22 19:06 . 2010-07-12 08:56 1867264 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.msi
2010-07-22 19:06 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288]
"Aim"="c:\program files\AIM7\aim.exe" [2010-04-19 3972440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-11-30 684032]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-08-12 864624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TraySantaCruz"="c:\windows\SYSTEM32\tbctray.exe" [2002-04-03 290816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2001-7-26 167936]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-10-18 169472]
SmartUI.lnk - c:\program files\Scansoft\PaperPort\SmartUI\SmartUI.exe [2002-8-12 1568768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^67x Commander.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\67x Commander.lnk
backup=c:\windows\pss\67x Commander.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JEL^Start Menu^Programs^Startup^AccessDTV Service.lnk]
path=c:\documents and settings\JEL\Start Menu\Programs\Startup\AccessDTV Service.lnk
backup=c:\windows\pss\AccessDTV Service.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JEL^Start Menu^Programs^Startup^Shortcut to zremote beta.exe.lnk]
path=c:\documents and settings\JEL\Start Menu\Programs\Startup\Shortcut to zremote beta.exe.lnk
backup=c:\windows\pss\Shortcut to zremote beta.exe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2002-08-12 17:07 36864 ------w- c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-10 18:00 28739 ------w- c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2002-05-21 01:36 90112 ------w- c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2002-08-12 16:33 45108 ------w- c:\program files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2001-10-10 01:42 26112 ------w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Write DVD-R!]
2003-05-29 21:53 122880 ------w- c:\program files\Write DVD!\Saimon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
2002-11-23 08:15 631362 ------w- c:\program files\Logitech\iTouch\iTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LoadQM"=loadqm.exe
"PCHealth"=c:\windows\PCHealth\Support\PCHSchd.exe -s
"RealTray"=c:\program files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
"MMTray"=c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
"MadExe"=c:\program files\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
"WorksFUD"=c:\program files\Microsoft Works\wkfud.exe
"Microsoft Works Portfolio"=c:\program files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=c:\program files\Microsoft Works\WkDetect.exe
"AttuneClientEngine"=c:\progra~1\AVEO\ATTUNE\bin\Attune_ce.exe
"MotiveMonitor"=c:\program files\Motive\motmon.exe
"TCASUTIEXE"=TCAUDIAG -off
"RxMon"=c:\program files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
"CreateCD50"=c:\progra~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
"TaskMonitor"=c:\windows\taskmon.exe
"MULTIMEDIA KEYBOARD"=c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe
"QuickTime Task"=c:\windows\SYSTEM32\qttask.exe
"POINTER"=c:\program files\Microsoft Hardware\Mouse\point32.exe
"QAGENT"=c:\quickenw\QAGENT.EXE
"HPAIO_PrintFolderMgr"=c:\windows\SYSTEM\hpoopm07.exe
"SystemTray"=SysTray.Exe
"vptray"=c:\progra~1\NORTON~1\vptray.exe
"NAV Agent"=c:\progra~1\NORTON~2\NORTON~3\NAVAPW32.EXE
"NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"LoadQM"=loadqm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"*StateMgr"=c:\windows\System\Restore\StateMgr.exe
"ScriptBlocking"="c:\program files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
"SSDPSRV"=c:\windows\SYSTEM\ssdpsrv.exe
"NPROTECT"=c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
"CSINJECT.EXE"=c:\program files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
"rtvscn95"=c:\progra~1\NORTON~1\rtvscn95.exe
"defwatch"=c:\progra~1\NORTON~1\defwatch.exe
"SymTray - Norton SystemWorks"=c:\program files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
"GoBack Polling Service"=c:\program files\Roxio\GoBack\GBPoll.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=

R0 ezgmntr;EZ GIG II Backup Archive Explorer;c:\windows\SYSTEM32\DRIVERS\ezgmntr.sys [6/17/2006 8:56 AM 213760]
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [3/21/2009 10:38 AM 64288]
R1 saicdr;saicdr;c:\windows\SYSTEM32\DRIVERS\Saicdr.sys [10/6/2003 10:53 AM 51456]
R1 saicdrwup;saicdrwup;c:\windows\SYSTEM32\DRIVERS\saicdrwup.sys [10/6/2003 10:53 AM 3328]
R1 saiudf;saiudf;c:\windows\SYSTEM32\DRIVERS\Saiudf.sys [10/6/2003 10:53 AM 364800]
R2 ezgfsfilt;EZ GIG II FS Filter;c:\windows\SYSTEM32\DRIVERS\ezgfsfilt.sys [6/17/2006 8:56 AM 28800]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 3:55 AM 1355416]
R3 Eacfilt;Eacfilt Miniport;c:\windows\SYSTEM32\DRIVERS\eacfilt.sys [12/10/2005 1:00 PM 9161]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/24/2010 5:43 PM 102448]
R3 Janus;Janus, WDM Video Capture;c:\windows\SYSTEM32\DRIVERS\tazJanus.sys [12/10/2003 11:54 PM 323808]
R3 Saa7146;Saa7146, WDM Video Capture;c:\windows\SYSTEM32\DRIVERS\taz7146.sys [10/14/2003 8:13 PM 40512]
R3 tbcspud;Santa Cruz Driver;c:\windows\SYSTEM32\DRIVERS\tbcspud.sys [12/9/2003 12:19 PM 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\SYSTEM32\DRIVERS\tbcwdm.sys [12/9/2003 12:19 PM 545088]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\SYSTEM32\DRIVERS\ipsecw2k.sys [12/10/2005 12:59 PM 114016]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [1/10/2005 3:57 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [1/10/2005 3:57 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [1/10/2005 3:57 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [1/10/2005 3:57 PM 10368]
S3 DST;HiDTV PRO;c:\windows\SYSTEM32\DRIVERS\HiDTV.sys [12/20/2002 2:15 AM 629392]
S3 GEMSER;Gemplus GemPC410 Serial Smart Card Reader;c:\windows\SYSTEM32\DRIVERS\gemser.sys [2/25/2004 12:15 PM 26944]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]
S3 SNDP202;Dual Mode Camera (8008 VGA);c:\windows\SYSTEM32\DRIVERS\sndp202.sys [12/25/2004 10:12 AM 245120]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [12/9/2003 12:19 PM 19232]
S3 zremote;zremote;c:\windows\SYSTEM32\DRIVERS\zremote.sys [12/25/2002 2:28 AM 39504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\progra~1\OUTLOO~1\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 22:17 7168 ------w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-08-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 13:16]

2010-08-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Name-Space Handler: ftp\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\SYSTEM32\NZDD.DLL
Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\windows\SYSTEM32\NZDD.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

ActiveSetup-RNA - rundll rnasetup.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 09:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Lavasoft Kernexplorer]
"ImagePath"="\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1124)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\progra~1\PANICW~1\POP-UP~1\XAHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\System32\drivers\CDAC11BA.EXE
c:\windows\System32\CTsvcCDA.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Logitech\MouseWare\system\em_exec.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LuComServer_3_4.EXE
.
**************************************************************************
.
Completion time: 2010-08-27  09:31:48 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-27 14:31
ComboFix2.txt  2010-08-26 15:11

Pre-Run: 23,827,607,552 bytes free
Post-Run: 23,733,555,200 bytes free

- - End Of File - - 247AFD72ED247BBE3C366AF53BADFC3D

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

 Results of screen317's Security Check version 0.99.5 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 Symantec AntiVirus    
 Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
 Ad-Aware
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 21 
 Adobe Flash Player 9 (Out of date Flash Player installed!)
 Adobe Flash Player  
Adobe Reader 9.3.4
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Symantec AntiVirus DefWatch.exe  
 Symantec AntiVirus Rtvscan.exe  
````````````````````````````````
DNS Vulnerability Check:
 GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Kevin,

1. ran BitDefender and attached log.

2. updated Adobe Flash player.

3. Ran Hijackthis and attached logs.

Other than not being able to run Kaspesky scan (due to issues with Java), I am not aware of any other specifice run/performance issues.

I plan to load and use FoxFire for the browser.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:54:23 PM, on 8/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SYSTEM32\tbctray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NOS\bin\getPlusPlus_Adobe.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM32\NZDD.DLL
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\SYSTEM32\tbctray.exe
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM7\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010620/qtinstall.info.apple.com/qt502/us/win/QuickTimeInstaller.exe
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9324 bytes

Hiya Larry,

Those logs are fine, lets clean up. Proceed as follows :-

Step 1

Remove Combofix now that we're done with it

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

Step 2

• Download OTC by OldTimer and save it to your desktop.
• Alternative link
• Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
• Then Click the big button.
• You will get a prompt saying "Being Cleanup Process". Please select Yes.
• Restart your computer when prompted.

Step 3

Download and scan with CCleaner

1. Starting with v 1.27.26 (This version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 24 hours"
3. Then select the items you wish to clean up.

In the Windows Tab:

• Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:

• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Step 4

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan  button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

Post back to let me know above tasks are done, other than that you should be good to go. You have my advice and tips speech from your other thread, if you need it here let me know.

Good luck and take care,

Kevin

Kevin,

Sorry to take so long to reply. 

1. Removed ComboFix

2. Ran OTC  "CleanUp"

3. Ran CCleaner

4. Secunia ran for 3.5 hours and then hung.  I ran it without thorough checked and it ran but only listed three programs.

I will be loading FireFox and using it for the search engine.   Thanks for all the help and support.   I will let you know if I encounter any issues.

Larry G

Hiya Larry,

Yes come back and let me know how your system is responding, also any specific issues or if all OK...

Kevin