PC Grizzle - Slow Startup & Issues w/ Norton 360

[JodyWood]

This PC takes a while to get started. Not sure why it takes so long to get up an running. Looking to make sure it is clean if viruses and ad/spy/malware.

Also, the Norton 360 product running on the PC does not seem to be working properly. It keeps showing with a red X. When processing the Fix Now, it seems to fix everything. However, the red X remains. Also, it does not seem like it is installing any updates or new definitions.

Here is the HiJack This log. Let me know if you see anything in this log or any subsequent logs that I post.

Thanks!
Jody

PS - This is a neighbors PC. Helping him out!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:25 AM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9781 bytes

[JodyWood]

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-04 15:57:54
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kxddqpow.sys


---- System - GMER 1.0.15 ----

SSDT 843F0750 ZwAlertResumeThread
SSDT 843F0830 ZwAlertThread
SSDT 843F3880 ZwAllocateVirtualMemory
SSDT 843EC8D8 ZwAssignProcessToJobObject
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xF3CB9A00]
SSDT 84B6E448 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF3F5E130]
SSDT 843EF728 ZwCreateMutant
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xF3CB9730]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xF3CB98A0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xF3CBA340]
SSDT 843EC6F8 ZwCreateSymbolicLinkObject
SSDT 84407748 ZwCreateThread
SSDT 843ED748 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF3F5E3B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF3F5E910]
SSDT 843F57D8 ZwDuplicateObject
SSDT 843F2908 ZwFreeVirtualMemory
SSDT 843EF818 ZwImpersonateAnonymousToken
SSDT 843EF8D8 ZwImpersonateThread
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xF3CB7F80]
SSDT 843F68A0 ZwMapViewOfSection
SSDT 843EE8B8 ZwOpenEvent
SSDT 843F4740 ZwOpenProcess
SSDT 843F56F8 ZwOpenProcessToken
SSDT 843EE6F8 ZwOpenSection
SSDT 843F58C8 ZwOpenThread
SSDT 843EC7E8 ZwProtectVirtualMemory
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xF3CBA910]
SSDT 8440B6C8 ZwResumeThread
SSDT 843F1848 ZwSetContextThread
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xF3CBB560]
SSDT 843F1908 ZwSetInformationProcess
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xF3CB6C40]
SSDT 843ED828 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF3F5EB60]
SSDT 843EE7D8 ZwSuspendProcess
SSDT 843F16C8 ZwSuspendThread
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xF3CB82F0]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF3D7E0B0]
SSDT 843F1768 ZwTerminateThread
SSDT 843F27A0 ZwUnmapViewOfSection
SSDT 843F3790 ZwWriteVirtualMemory
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[284] [0xF3CB5D40]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[285] [0xF3CB5D50]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[286] [0xF3CB5D60]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[287] [0xF3CB5D80]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[288] [0xF3CB5DA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[289] [0xF3CB5DD0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[290] [0xF3CB5DE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[291] [0xF3CB5E00]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[292] [0xF3CB5E10]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[293] [0xF3CB5ED0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[294] [0xF3CB5FA0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[295] [0xF3CB5FE0]
SSDT \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) SSDT[296] [0xF3CB6020]

Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\System32\DRIVERS\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1096] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] ntdll.dll!RtlValidateUnicodeString + 554 7C915CB6 10 Bytes JMP 02F7003A
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!UnhookWindowsHookEx 7E41F21E 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!CallNextHookEx 7E41F85B 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!CreateWindowExW 7E41FC25 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] ole32.dll!OleInitialize + 38C 774FFA66 7 Bytes JMP 02F700F3
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] ole32.dll!CoGetCallContext + 7C 77515DAD 7 Bytes JMP 02F701A9
.text C:\Program Files\Internet Explorer\iexplore.exe[3600] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[3600] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)

---- EOF - GMER 1.0.15 ----

[Train]

Red X is displayed on PC Security in the Norton 360 program interface and clicking Details shows "Off" next to Auto-Protect

Maybe. . .
http://service1.symantec.com/support...5?OpenDocument

[JodyWood]

Malwarebytes' Anti-Malware 1.41
Database version: 2900
Windows 5.1.2600 Service Pack 2

10/3/2009 8:52:53 PM
mbam-log-2009-10-03 (20-52-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 236493
Time elapsed: 46 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[JodyWood]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/02/2009 at 10:36 PM

Application Version : 4.29.1002

Core Rules Database Version : 4143
Trace Rules Database Version: 2075

Scan type : Complete Scan
Total Scan Time : 01:51:50

Memory items scanned : 575
Memory threats detected : 0
Registry items scanned : 5599
Registry threats detected : 0
File items scanned : 130245
File threats detected : 20

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@media6degrees[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@revsci[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@1066552357[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@questionmarket[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@interclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@doubleclick[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mynortonaccount[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@amsweb[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@apmebf[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@mediaplex[2].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@1063026240[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@atdmt[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@fastclick[1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Compaq_Administrator\Cookies\compaq_administrator@collective-media[1].txt

[JodyWood]

Red X is displayed on PC Security in the Norton 360 program interface and clicking Details shows "Off" next to Auto-Protect

Maybe. . .
http://service1.symantec.com/support...5?OpenDocument

This did not work. Red X remains. :-(

[Broni]

GMER says:

SYMEFA.SYS The system cannot find the file specified

SYMEFA.SYS is part of Norton, so the program itself may be corrupted and it may need reinstallation, but let's make sure, the computer is clean.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE. If Combofix asks you to install Recovery Console, please allow it.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[JodyWood]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:41 PM, on 10/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\explorer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/...2/axofupld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9453 bytes

[JodyWood]

Attached is the ComboFix log as it was too big to place in here.

[Broni]

If log doesn't fit, please, span it between couple of posts...

ComboFix 09-10-08.04 - Compaq_Administrator 10/09/2009 23:17.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.184 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll
c:\recycler\S-1-5-21-145798878-3544877357-3177396588-1007
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\1041ba.msi
c:\windows\Installer\1041bb.msp
c:\windows\Installer\1041bc.msp
c:\windows\Installer\1041bd.msp
c:\windows\Installer\1041be.msp
c:\windows\Installer\1041bf.msp
c:\windows\Installer\1041c0.msp
c:\windows\Installer\1041c1.msp
c:\windows\Installer\1041c2.msp
c:\windows\Installer\1041c3.msp
c:\windows\Installer\1540e440.msi
c:\windows\Installer\188b79.msp
c:\windows\Installer\2060f7.msp
c:\windows\Installer\20610c.msp
c:\windows\Installer\206113.msi
c:\windows\Installer\206128.msp
c:\windows\Installer\238a26d9.msi
c:\windows\Installer\2881e4.msi
c:\windows\Installer\288313.msp
c:\windows\Installer\288329.msp
c:\windows\Installer\288340.msp
c:\windows\Installer\30f13247.msi
c:\windows\Installer\30f1324a.msi
c:\windows\Installer\32552.msi
c:\windows\Installer\32558.msi
c:\windows\Installer\3255f.msi
c:\windows\Installer\57a876cf.msi
c:\windows\Installer\5e28a.msi
c:\windows\Installer\8807a9d.msi
c:\windows\Installer\8c2ebc3.msi
c:\windows\Installer\8d75e94.msi
c:\windows\Installer\8fbf7a5.msi
c:\windows\Installer\9e5b68.msi
c:\windows\Installer\9e5b6e.msi
c:\windows\Installer\9e5b74.msi
c:\windows\Installer\9e5b7a.msi
c:\windows\Installer\9e5b80.msi
c:\windows\Installer\9e5b86.msi
c:\windows\Installer\9e5b91.msi
c:\windows\Installer\9e5b9c.msi
c:\windows\Installer\9e5ba2.msi
c:\windows\Installer\9e5bac.msi
c:\windows\Installer\9e5bb3.msi
c:\windows\Installer\9e5bc4.msi
c:\windows\Installer\9e5bd0.msi
c:\windows\Installer\9e5bd6.msi
c:\windows\Installer\9e5bdc.msi
c:\windows\Installer\a7b15df.msp
c:\windows\Installer\ec2857c.msi
c:\windows\Installer\ec28587.msi
c:\windows\Installer\ec2858c.msi
c:\windows\Installer\ff852fc.msi
c:\windows\Installer\ff85560.msi
c:\windows\Installer\ff85639.msi
c:\windows\kb913800.exe
c:\windows\system32\_004793_.tmp.dll
c:\windows\system32\_004794_.tmp.dll
c:\windows\system32\_004795_.tmp.dll
c:\windows\system32\_004796_.tmp.dll
c:\windows\system32\_004803_.tmp.dll
c:\windows\system32\_004804_.tmp.dll
c:\windows\system32\_004805_.tmp.dll
c:\windows\system32\_004806_.tmp.dll
c:\windows\system32\_004808_.tmp.dll
c:\windows\system32\_004809_.tmp.dll
c:\windows\system32\_004812_.tmp.dll
c:\windows\system32\_004813_.tmp.dll
c:\windows\system32\_004815_.tmp.dll
c:\windows\system32\_004816_.tmp.dll
c:\windows\system32\_004817_.tmp.dll
c:\windows\system32\_004819_.tmp.dll
c:\windows\system32\_004822_.tmp.dll
c:\windows\system32\_004823_.tmp.dll
c:\windows\system32\_004827_.tmp.dll
c:\windows\system32\_004828_.tmp.dll
c:\windows\system32\_004830_.tmp.dll
c:\windows\system32\_004833_.tmp.dll
c:\windows\system32\_004835_.tmp.dll
c:\windows\system32\_004836_.tmp.dll
c:\windows\system32\_004837_.tmp.dll
c:\windows\system32\_004838_.tmp.dll
c:\windows\system32\_004839_.tmp.dll
c:\windows\system32\_004842_.tmp.dll
c:\windows\system32\_004843_.tmp.dll
c:\windows\system32\_004844_.tmp.dll
c:\windows\system32\_004845_.tmp.dll
c:\windows\system32\_004846_.tmp.dll
c:\windows\system32\_004851_.tmp.dll
c:\windows\system32\_004853_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-10 to 2009-10-10 )))))))))))))))))))))))))))))))
.

2009-10-09 05:34 . 2009-10-09 05:34 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-10-07 07:51 . 2009-10-07 07:53 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HpUpdate
2009-10-07 07:51 . 2009-10-07 07:51 -------- d-----w- c:\windows\Hewlett-Packard
2009-10-06 05:39 . 2009-10-06 05:39 -------- d-----w- c:\program files\Norton Support
2009-10-06 03:02 . 2009-10-06 03:02 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-06 03:02 . 2009-10-06 03:02 -------- d-----w- c:\program files\MSBuild
2009-10-06 03:02 . 2009-10-06 03:02 -------- d-----w- c:\program files\Reference Assemblies
2009-10-06 02:27 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-06 02:27 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-06 02:27 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-06 02:27 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-06 02:27 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-06 02:27 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-06 02:27 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-06 02:27 . 2009-10-06 03:01 -------- d-----w- C:\5cd1218650d80cd6415c745572
2009-10-04 01:57 . 2009-10-04 01:57 -------- d-----w- C:\gmer
2009-10-02 09:40 . 2009-10-02 09:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-02 09:39 . 2009-10-02 09:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-02 09:25 . 2009-10-02 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-02 09:24 . 2009-10-02 09:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-02 09:24 . 2009-10-02 09:24 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2009-10-02 09:23 . 2009-10-02 09:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-01 03:16 . 2009-10-02 01:30 -------- d-----w- c:\windows\BDOSCAN8
2009-10-01 03:10 . 2009-10-01 03:10 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IECompatCache
2009-10-01 03:08 . 2009-10-01 03:08 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\PrivacIE
2009-10-01 02:58 . 2009-10-01 02:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-01 02:20 . 2009-10-06 00:00 -------- d-----w- c:\windows\system32\scripting
2009-10-01 02:20 . 2009-10-06 00:00 -------- d-----w- c:\windows\l2schemas
2009-10-01 02:20 . 2009-10-06 00:00 -------- d-----w- c:\windows\system32\en
2009-10-01 02:20 . 2009-10-06 00:00 -------- d-----w- c:\windows\system32\bits
2009-10-01 02:03 . 2008-04-13 18:36 15488 ------w- c:\windows\system32\drivers\mssmbios.sys
2009-10-01 02:03 . 2008-04-13 18:31 37760 ------w- c:\windows\system32\drivers\amdk7.sys
2009-10-01 02:03 . 2008-04-13 16:36 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2009-10-01 02:03 . 2008-04-13 18:56 12288 ------w- c:\windows\system32\drivers\tunmp.sys
2009-10-01 02:03 . 2008-04-13 18:40 11904 ------w- c:\windows\system32\drivers\sffdisk.sys
2009-10-01 02:03 . 2008-04-13 18:40 11008 ------w- c:\windows\system32\drivers\sffp_sd.sys
2009-10-01 02:03 . 2008-04-13 18:36 79232 ------w- c:\windows\system32\drivers\sdbus.sys
2009-10-01 02:03 . 2008-04-13 18:53 264832 ------w- c:\windows\system32\drivers\http.sys
2009-10-01 02:03 . 2008-04-13 18:45 30208 ------w- c:\windows\system32\drivers\usbehci.sys
2009-10-01 02:03 . 2008-04-13 18:45 19200 ------w- c:\windows\system32\drivers\hidir.sys
2009-10-01 02:02 . 2008-04-13 17:39 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2009-10-01 02:02 . 2008-04-13 18:53 36608 ------w- c:\windows\system32\drivers\ip6fw.sys
2009-10-01 02:02 . 2008-04-13 18:32 129792 ------w- c:\windows\system32\drivers\fltmgr.sys
2009-10-01 02:02 . 2008-04-14 00:12 409088 ------w- c:\windows\system32\qmgr.dll
2009-10-01 02:02 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-01 01:44 . 2009-10-01 01:44 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IETldCache
2009-09-30 16:01 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-09-30 15:59 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-09-30 15:58 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-09-30 15:57 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-30 15:56 . 2008-04-14 00:11 15423 ------w- c:\windows\system32\drivers\ch7xxnt5.dll
2009-09-30 13:21 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-09-30 13:20 . 2009-10-01 08:02 -------- d-----w- c:\windows\ie8updates
2009-09-30 13:19 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-09-30 13:19 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-30 13:19 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-30 13:18 . 2009-07-19 23:48 11067392 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-09-30 13:18 . 2009-07-03 17:09 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-09-30 13:18 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-30 13:15 . 2009-09-30 13:18 -------- dc-h--w- c:\windows\ie8
2009-09-12 02:01 . 2009-09-12 02:01 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-10 04:30 . 2009-08-26 23:21 324896 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-10 04:29 . 2009-08-26 23:21 4141344 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-10 04:28 . 2009-08-26 23:21 56468 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-10 04:28 . 2009-08-26 23:21 31436 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-10 03:54 . 2008-08-16 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-09 05:46 . 2006-11-01 18:41 -------- d-----w- c:\program files\Trend Micro
2009-10-06 04:44 . 2006-08-01 21:04 51808 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-02 09:31 . 2009-08-27 00:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 19:54 . 2009-08-27 00:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-08-27 00:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-27 02:11 . 2006-11-10 22:28 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\LimeWire
2009-08-27 01:06 . 2006-08-01 20:33 -------- d-----w- c:\program files\Java
2009-08-27 00:35 . 2009-08-27 00:35 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-08-27 00:34 . 2009-08-27 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-27 00:14 . 2009-08-26 23:10 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-08-27 00:14 . 2009-08-26 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-08-26 23:02 . 2009-08-26 23:02 120 ----a-w- c:\windows\Thobaxitiv.dat
2009-08-23 01:26 . 2009-08-23 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-21 02:33 . 2006-08-01 21:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-21 02:29 . 2009-08-21 02:29 -------- d-----w- c:\program files\Symantec
2009-08-21 02:29 . 2009-08-21 02:29 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-21 02:29 . 2009-08-21 02:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-21 02:29 . 2009-08-21 02:29 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-21 02:29 . 2009-08-21 02:29 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-21 02:28 . 2009-08-21 02:29 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-21 02:28 . 2008-01-29 17:01 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-21 02:28 . 2008-01-29 17:02 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-08-21 02:28 . 2009-08-21 02:27 -------- d-----w- c:\program files\Norton 360
2009-08-21 02:27 . 2009-08-21 02:27 -------- d-----w- c:\program files\Windows Sidebar
2009-08-21 02:27 . 2009-08-21 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-21 02:27 . 2009-08-21 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-21 02:19 . 2009-08-21 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-08-21 02:19 . 2009-08-21 02:19 -------- d-----w- c:\program files\NortonInstaller
2009-08-07 00:24 . 2004-08-10 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-10 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-07-31 02:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-10 04:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-10 04:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-10 04:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-10 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2004-08-10 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-10 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 10:23 . 2009-03-06 00:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2004-08-10 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2006-11-01 22:15 . 2006-11-01 21:15 22 --sha-w- c:\windows\SMINST\HPCD.sys

[Broni]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-01 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-03 18085888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-8-1 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\LimeWire1\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0305020.00B\SymEFA.sys [9/11/2009 8:35 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0305020.00B\BHDrvx86.sys [9/11/2009 8:35 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0305020.00B\cchpx86.sys [9/11/2009 8:35 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSXpx86.sys [9/30/2009 1:04 AM 329080]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [9/11/2009 8:33 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/1/2009 3:00 AM 102448]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2009-10-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-16 00:19]

2009-09-12 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-09-12 02:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = *.local
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\b2rrwfmm.default\
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: XUL Cache: {B9279840-69EB-4889-9031-701FB16AB88B} - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{B9279840-69EB-4889-9031-701FB16AB88B}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
AddRemove-Amazon MP3 Downloader - c:\program files\Amazon\MP3 Downloader\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 23:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2396)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\IPOD\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-10-10 23:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-10 04:34

Pre-Run: 114,768,719,872 bytes free
Post-Run: 114,596,020,224 bytes free

363 --- E O F --- 2009-10-06 00:21

[Broni]

All clean.
If Norton still doesn't work, I suggest, you reinstall it.