Here are the logs:
Combofix:ComboFix 09-08-27.02 - Carolyn Rucker 08/27/2009 16:38.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.171 [GMT -5:00]
Running from: c:\documents and settings\Carolyn Rucker\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\CAROLY~1\APPLIC~1\alot
c:\docume~1\CAROLY~1\APPLIC~1\alot\BrowserSearch\BrowserSearch.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\BrowserSearch\BrowserSearch.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_0\Button_0.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_0\Button_0.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_1\Button_1.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_1\Button_1.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_2\Button_2.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_2\Button_2.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_3\Button_3.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_3\Button_3.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_4\Button_4.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_4\Button_4.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_5\Button_5.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_5\Button_5.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_6\Button_6.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_6\Button_6.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_7\Button_7.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_7\Button_7.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_8\Button_8.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_8\Button_8.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_9\Button_9.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Button_9\Button_9.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\configurator\configurator.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\configurator\configurator.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\contextMenu\contextMenu.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\contextMenu\contextMenu.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\ErrorSearch\ErrorSearch.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\ErrorSearch\ErrorSearch.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\postInstallLayout\postInstallLayout.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\postInstallLayout\postInstallLayout.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\products\products.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\products\products.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\BrowserSearch\alot_search_defend.html
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\BrowserSearch\images\favicon.ico
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_0\images\alot_logo_button.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_0\images\alot_logo_button.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_1\images\alot_search_button.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_1\images\alot_search_button.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_2\images\2361_icon.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_2\images\2361_icon.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_3\images\default_2334_default_2301_hulu.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_3\images\default_2334_default_2301_hulu.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_4\images\default_1042_alot_video_vault.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_4\images\default_1042_alot_video_vault.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_5\images\default_1390_facebook.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_5\images\default_1390_facebook.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_6\images\default_1045_alot_rea_laughs.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_6\images\default_1045_alot_rea_laughs.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_7\images\2433_icon.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_7\images\2433_icon.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_8\images\default_1013_alot_cas_playgames.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_8\images\default_1013_alot_cas_playgames.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Button_9\images\default_1795_default_1795_alot_configure.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\contextMenu\images\alot_icon.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\contextMenu\images\alot_icon.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\contextMenu\images\alot_logo_button.bmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\contextMenu\images\alot_logo_button.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Shared\images\alot_brand.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Shared\images\alot_splitter.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Resources\Shared\images\discover.png
c:\docume~1\CAROLY~1\APPLIC~1\alot\Tem134.tmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\Tem59C.tmp
c:\docume~1\CAROLY~1\APPLIC~1\alot\TimerManager\TimerManager.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\TimerManager\TimerManager.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\toolbar.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\toolbar.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\toolbarContextMenu\toolbarContextMenu.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\toolbarContextMenu\toolbarContextMenu.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\ToolbarSearch\ToolbarSearch.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\ToolbarSearch\ToolbarSearch.xml.backup
c:\docume~1\CAROLY~1\APPLIC~1\alot\Updater\Updater.xml
c:\docume~1\CAROLY~1\APPLIC~1\alot\Updater\Updater.xml.backup
c:\docume~1\CAROLY~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Carolyn Rucker\Local Settings\Temp\IadHide5.dll
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
c:\recycler\S-1-5-21-484763869-2025429265-1177238915-1003
c:\recycler\S-1-5-21-606747145-1085031214-725345543-500
c:\windows\system32\ps2.bat
c:\windows\system32\winsrc.dll.tmp
c:\windows\viassary-hp.reg
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_svchost
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.
2009-08-27 21:57 . 2009-08-18 19:11 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-08-27 15:26 . 2009-08-25 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090827.002\NAVENG.SYS
2009-08-27 15:26 . 2009-08-25 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090827.002\NAVENG32.DLL
2009-08-27 15:26 . 2009-08-25 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090827.002\NAVEX32A.DLL
2009-08-27 15:26 . 2009-08-25 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090827.002\NAVEX15.SYS
2009-08-27 15:26 . 2009-08-25 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090827.002\ECMSVR32.DLL
2009-08-27 08:00 . 2009-08-27 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090827.002\EECTRL.SYS
2009-08-27 08:00 . 2009-08-27 08:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090827.002\CCERASER.DLL
2009-08-27 08:00 . 2009-08-27 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090827.002\ERASER.SYS
2009-08-18 23:57 . 2009-08-18 23:57 -------- d-----w- c:\program files\Trend Micro
2009-08-13 11:48 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 12:01 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-12 12:01 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-12 12:01 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-12 12:01 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-12 12:01 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 21:58 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-30 21:58 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-30 21:58 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-30 21:58 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-30 21:58 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 21:21 . 2006-05-22 20:58 -------- d-----w- c:\program files\Lx_cats
2009-08-23 23:00 . 2008-08-06 06:52 -------- d-----w- c:\program files\Norton Security Scan
2009-08-20 02:49 . 2009-03-06 12:28 -------- d-----w- c:\program files\Symantec
2009-08-20 02:48 . 2009-03-06 12:28 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-20 02:48 . 2009-03-06 12:28 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-20 02:48 . 2007-06-25 16:22 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-20 02:48 . 2007-06-25 16:22 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-20 02:48 . 2009-05-19 12:45 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2009-08-20 01:28 . 2006-11-30 17:36 -------- d-----w- c:\docume~1\CAROLY~1\APPLIC~1\Skype
2009-08-19 00:35 . 2008-06-29 20:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 00:20 . 2008-11-25 04:02 -------- d-----w- c:\program files\Best Buy Digital Music Store Powered by Rhapsody
2009-08-19 00:12 . 2008-06-29 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-19 00:11 . 2006-02-17 15:56 -------- d-----w- c:\program files\Quicken
2009-08-18 19:11 . 2009-03-06 12:28 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-08-17 12:30 . 2009-05-06 16:57 -------- d-----w- c:\program files\Coupons
2009-08-14 18:55 . 2006-05-31 17:15 -------- d-----w- c:\docume~1\CAROLY~1\APPLIC~1\7100Series
2009-08-13 22:01 . 2009-02-07 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest
2009-08-05 09:01 . 2004-08-04 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 22:53 . 2009-07-25 22:53 -------- d-----w- c:\docume~1\CAROLY~1\APPLIC~1\j2 Global
2009-07-25 22:49 . 2009-07-25 22:46 -------- d-----w- c:\program files\eFax Messenger 4.4
2009-07-25 22:49 . 2009-07-25 22:49 -------- d-----w- c:\docume~1\CAROLY~1\APPLIC~1\eFax Messenger
2009-07-25 22:49 . 2009-07-25 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\eFax Messenger 4.4 Output
2009-07-17 19:01 . 2004-08-04 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-04 04:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-11 04:41 . 2009-07-11 04:41 -------- d-----w- c:\program files\Unity
2009-07-03 17:09 . 2004-08-04 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-04 04:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 04:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-07-05 4538368]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"LXBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll" [2004-11-02 69632]
"lxbxmon.exe"="c:\program files\Lexmark 7100 Series\lxbxmon.exe" [2005-01-18 196608]
"FaxCenterServer4_in_1"="c:\program files\Lexmark 7100 Series\fm3032.exe" [2004-12-06 286720]
"EzPrint"="c:\program files\Lexmark 7100 Series\ezprint.exe" [2004-09-17 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-02-17 180269]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2006-2-17 36864]
c:\documents and settings\Carolyn Rucker\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-2-17 36903]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2008-8-19 217088]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00A\SymEFA.sys [8/19/2009 9:48 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00A\BHDrvx86.sys [8/19/2009 9:48 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00A\cchpx86.sys [8/19/2009 9:48 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/12/2009 7:01 AM 276344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 3:00 AM 102448]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-08-23 c:\windows\Tasks\Norton Security Scan for Carolyn Rucker.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
TB.txt:
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Carolyn Rucker ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 16.7.2.10 (Activated)
Firewall : Norton Internet Security 16.7.2.10 (Activated)
C:\ (Local Disk) - NTFS - Total:141 Go (Free:124 Go)
D:\ (Local Disk) - FAT32 - Total:7 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( Thu 08/27/2009|17:12 )
-----------\\ Searching for Files - Folders ...
C:\DOCUME~1\CAROLY~1\Cookies\carolyn_rucker@alot[1].txt
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.yahoo.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html"
--------------------\\ Searching for other infections
No other infections found !
1 - "C:\ToolBar SD\TB_1.txt" - Thu 08/27/2009|17:13 - Option : [1]
-----------\\ Scan completed at 17:13:54.60
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:33 PM, on 8/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
C:\Program Files\Lexmark 7100 Series\lxbxmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\lxbxcoms.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [LXBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxbxmon.exe] "C:\Program Files\Lexmark 7100 Series\lxbxmon.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 7100 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7100 Series\ezprint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://*.att.netO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
https://www-secure.symantec.com/techsup ... gctlsr.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\coIEPlg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxbx_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbxcoms.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.10\ccSvcHst.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10822 bytes