Expert: Brian Benosky - 10/25/2011

Question
QUESTION: hijackthis
1 recipients
CC: recipientsYou More
BCC: recipientsYou
Show Details

FROM:

       * Jess Wasdin

TO:

       *

Message flagged
Thursday, October 20, 2011 2:24 PM
Message body
 Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:26:04 AM, on 3/8/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/yme/*http://www.yahoo.c
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [frfwynil] C:\Documents and Settings\NetworkService\Local Settings\Application Data\yyddcsolf\jtjkgwishdw.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKUS\S-1-5-18\..\Run: [frfwynil] C:\Documents and Settings\NetworkService\Local Settings\Application Data\yyddcsolf\jtjkgwishdw.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [frfwynil] C:\Documents and Settings\NetworkService\Local Settings\Application Data\yyddcsolf\jtjkgwishdw.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 9301 bytes

Reply to:
Reply to Jess Wasdin
Reply to Jess Wasdin
Send


My desktop runs very very slow and I was wondering if I could get your expertise to try and fix it. At one point, I know the computer had been hit by one or more viruses. When Norton scans the computer, it says that there are no problems, when clearly there are. I have also bought some PC doctor discs to try to resolve the problem but when I called to get a tech's help - he laughed and told me to get a new computer. I was just wondering if there is a way to fix it or if I really need to purchase another one. Thanks for any if your help in advance.

ANSWER: Hi Jess

There are indeed a number of infections in your log file.  I will try to help you clean things up.  Please download ComboFix from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
*Important*-Save it to your desktop.
Double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall.  If asked to install the Windows Recovery Console, please allow the program to do so.  ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.  If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. ComboFix may also restart your computer.  Do not intervene.  Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.  It will then display the log file automatically for you.  Post me that log and a HJT this in your follow-up.

Brian

---------- FOLLOW-UP ----------

QUESTION: I read your answer and ran both of those programs. Here is the ComboFix log file:
ComboFix 11-10-24.04 - Owner 03/12/2004  15:07:54.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.217 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\pragmamfeklnmal.dll
c:\documents and settings\Owner\GoToAssistDownloadHelper.exe
c:\documents and settings\Owner\My Documents\~WRL0204.tmp
c:\documents and settings\Owner\My Documents\~WRL0816.tmp
c:\documents and settings\Owner\My Documents\~WRL0839.tmp
c:\documents and settings\Owner\My Documents\~WRL1163.tmp
c:\documents and settings\Owner\My Documents\~WRL1315.tmp
c:\documents and settings\Owner\My Documents\~WRL2906.tmp
c:\documents and settings\Owner\My Documents\~WRL3050.tmp
c:\program files\messenger\msmsgsin.exe
c:\program files\msn\msncorefiles\custdial.dll
c:\program files\msn\msncorefiles\logonmgr.dll
c:\program files\sh3.dat
c:\program files\sh4.dat
c:\program files\skynet.dat
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\smdat32a.sys
c:\windows\system\winspool.drv
c:\windows\system32\d3d9caps.dat
c:\windows\system32\mgg.exe
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msgsvc.dll
.
.
(((((((((((((((((((((((((   Files Created from 2004-02-13 to 2004-03-13  )))))))))))))))))))))))))))))))
.
.
2010-08-07 20:46 . 2010-08-07 20:46   --------   d-----w-   C:\Wireshark Antivirus
2009-11-20 01:19 . 2009-11-20 01:19   --------   d-----w-   C:\Lxkx5150
2007-08-05 01:52 . 2007-08-05 01:52   --------   d-----w-   C:\found.000
2007-04-18 01:17 . 2007-04-18 01:17   --------   d-----w-   C:\Application Data
2007-04-03 02:47 . 2007-10-17 16:47   --------   d-----w-   C:\Temp
2007-02-07 03:05 . 2007-02-07 03:05   --------   d-----w-   C:\DBBackup
2007-01-08 21:52 . 2007-01-08 21:52   --------   d-----w-   C:\Lxk510
2006-12-04 19:35 . 2006-12-04 19:35   --------   d-----w-   C:\drvrtmp
2006-12-04 19:32 . 2006-12-04 19:32   --------   d-----w-   C:\dell
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-29 21:41 . 2010-12-29 21:41   74703   ----a-w-   c:\windows\system32\mfc45.dll
2010-10-15 19:08 . 2010-10-15 19:08   60808   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2010-06-14 14:30 . 2006-12-04 18:54   743936   ----a-w-   c:\windows\pchealth\HelpCtr\Binaries\helpsvc.exe
2010-05-02 05:56 . 2003-03-31 12:00   1850880   ----a-w-   c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2003-03-31 12:00   285696   ----a-w-   c:\windows\system32\atmfd.dll
2010-04-16 15:36 . 2006-06-23 16:33   662016   ----a-w-   c:\windows\system32\wininet.dll
2010-04-16 15:36 . 2003-03-31 12:00   61952   ----a-w-   c:\windows\system32\tdc.ocx
2010-03-10 08:02 . 2003-03-31 12:00   417792   ----a-w-   c:\windows\system32\vbscript.dll
2010-03-05 14:57 . 2003-03-31 12:00   65536   ----a-w-   c:\windows\system32\asycfilt.dll
2010-02-24 12:31 . 2003-03-31 12:00   454016   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:17 . 2003-03-31 12:00   2137088   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2002-08-29 01:04   2016768   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-02-11 12:01 . 2003-03-31 12:00   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys
2010-02-05 18:40 . 2005-08-30 04:02   1291264   ----a-w-   c:\windows\system32\quartz.dll
2010-02-03 15:21 . 2010-12-29 21:43   12288   ----a-w-   c:\windows\system32\smrgdf.exe
2010-01-29 14:43 . 2003-03-31 12:00   307260   ----a-w-   c:\windows\system32\l3codeca.acm
2010-01-29 14:43 . 2003-03-31 12:00   143422   ----a-w-   c:\windows\system32\l3codecx.ax
2010-01-13 14:10 . 2003-03-31 12:00   85504   ----a-w-   c:\windows\system32\cabview.dll
2009-12-31 16:14 . 2003-03-31 12:00   352640   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-24 07:05 . 2003-03-31 12:00   177664   ----a-w-   c:\windows\system32\wintrust.dll
2009-12-16 12:58 . 2006-12-04 18:53   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2003-03-31 12:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-11-27 17:33 . 2001-08-17 22:36   17920   ----a-w-   c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2003-03-31 12:00   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2003-03-31 12:00   28672   ----a-w-   c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2003-03-31 12:00   11264   ----a-w-   c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2001-08-17 22:36   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-11-27 16:37 . 2001-08-17 22:36   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
2009-11-21 16:36 . 2003-03-31 12:00   470528   ----a-w-   c:\windows\apppatch\aclayers.dll
2009-11-11 04:08 . 2009-11-11 04:08   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2009-11-11 04:08 . 2009-11-11 04:08   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2009-10-21 06:00 . 2004-08-04 07:56   75776   ----a-w-   c:\windows\system32\strmfilt.dll
2009-10-16 03:51 . 2003-03-31 12:00   119808   ----a-w-   c:\windows\system32\t2embed.dll
2009-10-15 17:21 . 2003-03-31 12:00   82432   ----a-w-   c:\windows\system32\fontsub.dll
2009-10-13 10:53 . 2006-05-14 09:13   266752   ----a-w-   c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2003-03-31 12:00   69632   ----a-w-   c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2003-03-31 12:00   112128   ----a-w-   c:\windows\system32\rastls.dll
2009-09-11 14:33 . 2003-03-31 12:00   133632   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2003-03-31 12:00   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-09-01 14:32 . 2003-03-31 12:00   282654   ----a-w-   c:\windows\system32\msaud32.acm
2009-08-29 00:42 . 2009-11-23 01:45   2065696   ----a-w-   c:\windows\system32\usbaaplrc.dll
2009-08-26 08:16 . 2003-03-31 12:00   247326   ----a-w-   c:\windows\system32\strmdll.dll
2009-08-25 09:47 . 2006-12-18 02:49   352256   ----a-w-   c:\windows\system32\winhttp.dll
2009-08-19 22:07 . 2009-08-19 22:07   1415000   ----a-w-   c:\windows\system32\msxml6.dll
2009-08-07 00:24 . 2007-06-21 01:21   21728   ----a-w-   c:\windows\system32\wucltui.dll.mui
2009-08-07 00:24 . 2006-12-18 02:44   327896   ----a-w-   c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2006-12-18 02:44   209632   ----a-w-   c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2007-06-21 01:21   15072   ----a-w-   c:\windows\system32\wuaucpl.cpl.mui
2009-08-07 00:24 . 2006-12-18 02:44   35552   ----a-w-   c:\windows\system32\wups.dll
2009-08-07 00:24 . 2006-12-18 02:44   217816   ----a-w-   c:\windows\system32\wuaucpl.cpl
2009-08-07 00:24 . 2005-05-26 09:16   44768   ----a-w-   c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2007-06-21 01:21   15064   ----a-w-   c:\windows\system32\wuapi.dll.mui
2009-08-07 00:24 . 2006-12-04 18:53   53472   ----a-w-   c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2003-03-31 12:00   96480   ----a-w-   c:\windows\system32\cdm.dll
2009-08-07 00:24 . 2007-06-21 01:21   17632   ----a-w-   c:\windows\system32\wuaueng.dll.mui
2009-08-07 00:23 . 2006-12-18 02:44   575704   ----a-w-   c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2010-01-23 07:35   274288   ----a-w-   c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2010-01-23 07:35   215920   ----a-w-   c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2010-01-23 07:35   16736   ----a-w-   c:\windows\system32\mucltui.dll.mui
2009-08-07 00:23 . 2006-12-04 18:53   1929952   ----a-w-   c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2003-03-31 12:00   204800   ----a-w-   c:\windows\system32\mswebdvd.dll
2009-07-31 04:57 . 2006-09-13 05:09   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2009-07-17 18:55 . 2003-03-31 12:00   58880   ----a-w-   c:\windows\system32\atl.dll
2009-07-17 16:27 . 2003-03-31 12:00   1435648   ----a-w-   c:\windows\system32\query.dll
2009-07-14 04:43 . 2004-08-04 07:56   286208   ----a-w-   c:\windows\system32\wmpdxm.dll
2009-06-25 08:44 . 2005-06-15 17:50   298496   ----a-w-   c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2003-03-31 12:00   724480   ----a-w-   c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2003-03-31 12:00   59392   ----a-w-   c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2003-03-31 12:00   56320   ----a-w-   c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2003-03-31 12:00   168448   ----a-w-   c:\windows\system32\schannel.dll
2009-06-22 11:34 . 2003-03-31 12:00   92544   ----a-w-   c:\windows\system32\drivers\ksecdd.sys
2009-06-12 11:50 . 2003-03-31 12:00   76288   ----a-w-   c:\windows\system32\telnet.exe
2009-06-10 06:32 . 2003-03-31 12:00   132096   ----a-w-   c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2006-12-04 18:53   655872   ----a-w-   c:\windows\system32\mstscax.dll
2009-05-07 15:44 . 2003-03-31 12:00   344064   ----a-w-   c:\windows\system32\localspl.dll
2009-04-15 15:11 . 2004-03-06 02:16   584192   ----a-w-   c:\windows\system32\rpcrt4.dll
2009-04-02 04:02 . 2005-01-28 18:44   604160   ----a-w-   c:\windows\system32\wmspdmod.dll
2009-03-06 14:44 . 2003-03-31 12:00   283648   ----a-w-   c:\windows\system32\pdh.dll
2009-02-27 05:08 . 2003-03-31 12:00   177152   ----a-w-   c:\windows\system32\msctfime.ime
2009-02-09 10:20 . 2005-07-26 04:31   399360   ----a-w-   c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2003-03-31 12:00   714752   ----a-w-   c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2003-03-31 12:00   616960   ----a-w-   c:\windows\system32\advapi32.dll
2009-02-06 17:14 . 2003-03-31 12:00   110592   ----a-w-   c:\windows\system32\services.exe
2009-02-06 16:54 . 2003-03-31 12:00   35328   ----a-w-   c:\windows\system32\sc.exe
2008-10-23 13:01 . 2003-03-31 12:00   283648   ----a-w-   c:\windows\system32\gdi32.dll
2008-08-14 09:51 . 2003-03-31 12:00   138368   ----a-w-   c:\windows\system32\drivers\afd.sys
2008-07-09 07:38 . 2006-12-24 10:13   26488   ----a-w-   c:\windows\system32\spupdsvc.exe
2008-06-24 23:12 . 2006-10-19 01:47   295936   ------w-   c:\windows\system32\wmpeffects.dll
2008-06-24 16:23 . 2005-06-29 01:54   74240   ----a-w-   c:\windows\system32\mscms.dll
2008-06-20 17:41 . 2003-03-31 12:00   245248   ----a-w-   c:\windows\system32\mswsock.dll
2008-06-20 10:45 . 2003-03-31 12:00   360320   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2008-06-18 10:03 . 2005-01-28 18:44   938496   ----a-w-   c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09 . 2005-01-28 18:44   100864   ----a-w-   c:\windows\system32\logagent.exe
2008-06-12 14:16 . 2006-12-04 18:53   956928   ----a-w-   c:\windows\system32\msdtctm.dll
2008-06-12 14:16 . 2006-12-04 18:53   161792   ----a-w-   c:\windows\system32\msdtcuiu.dll
2008-06-12 14:16 . 2006-12-04 18:53   58880   ----a-w-   c:\windows\system32\msdtclog.dll
2008-06-12 14:16 . 2006-12-04 18:52   428032   ----a-w-   c:\windows\system32\msdtcprx.dll
2008-06-12 14:16 . 2006-03-01 19:44   91648   ----a-w-   c:\windows\system32\mtxoci.dll
2008-06-12 14:16 . 2006-03-01 19:44   66560   ----a-w-   c:\windows\system32\mtxclu.dll
2008-05-08 12:28 . 2003-03-31 12:00   202752   ----a-w-   c:\windows\system32\drivers\rmcast.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 02:20   1515688   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-11-19 2356088]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01 243000]
"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-10-07 2314608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-18 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-03-30 15:20   13672   ----a-w-   c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\Downloads\\AudioConverterSetup.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 3:49 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 3:49 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111014.001\BHDrvx86.sys [10/14/2011 6:10 PM 818808]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 3:49 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 3:49 PM 116784]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/29/2010 4:43 PM 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/29/2010 4:43 PM 704432]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 3:47 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/23/2004 2:42 PM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20111021.030\IDSXpx86.sys [3/9/2004 12:27 PM 356280]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2004-03-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 02:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.comcast.net/
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1obeenh9.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6522
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter:  - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF - Ext: Search Toolbar:  - %profile%\extensions\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-Weather Services - c:\progra~1\THEWEA~1\Framework\wxfw.cpl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-03-12 20:36
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(1864)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2004-03-12  20:50:48 - machine was rebooted
ComboFix-quarantined-files.txt  2004-03-13 01:50
.
Pre-Run: 7,682,498,560 bytes free
Post-Run: 9,347,887,104 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Professional" /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
.
- - End Of File - - 14B0B47239708D6AAECA79E2A1061522


And here is another HIjack This log:
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll
O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe -rem
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 8398 bytes

I also wanted to tell you that the speakers on this computer also stopped working as soon as I downloaded Norton onto the machine. Is this normal? Thought you might be able to help me with that too!

I hope this helps and appreciate your time.

Thanks!

Answer
Hi Jess

After we get the infections fixed, we'll dig into the speaker issue.  Restart the computer while tapping the F8 button continuously until a menu screen appears.  Choose to Boot Windows into Safe Mode With Networking.  Once in safe mode, open a browser and download Malwarebytes' Anti-Malware to your desktop from here:

http://fileforum.betanews.com/download/Malwarebytes-AntiMalware/1186760019/1

Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end of the install, Malwarebytes will perform an update to it's definitions.
* Once the program has loaded, select Full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* Reboot the computer normally.
* When completed, a log will open in Notepad.  Please save it to your desktop.

Copy the Malwarebytes log and paste it to me in a follow-up along with a new HJT scan log.

Brian