Hi andrewuk:

Thank you again for your help on the XP machine. Last Norton scan showed no trojans!

Based on your approval, here is the Hijackthis log for the second machine on my network.
It is a Vista machine.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:20 AM, on 11/30/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\JS\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\JS\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\JS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8437 bytes

Thanks you,

LikeTelevision

I don't see anything suspicious in this log. Is this computer having any problems? We can run the following tool to see if anything is hidden from us:

1. Download combofix at http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

Hi Greyknight:

Here is the log file from ComboFix:

ComboFix 08-11-30.01 - JS 2008-11-30 11:47:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.320 [GMT -5:00]
Running from: c:\users\JS\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-30 )))))))))))))))))))))))))))))))
.

2008-11-30 11:14 . 2008-11-30 11:14 <DIR> d-------- c:\program files\Trend Micro
2008-11-26 06:13 . 2008-10-21 00:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 06:13 . 2008-08-27 22:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 06:13 . 2008-08-27 22:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 06:13 . 2008-08-27 22:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 06:13 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-21 14:48 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-21 14:48 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-21 14:48 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-21 14:48 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-21 14:48 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-21 14:48 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-21 14:48 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-21 14:47 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-21 14:47 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-21 08:25 . 2008-11-21 08:25 <DIR> d-------- c:\users\All Users\Apple Computer
2008-11-21 08:25 . 2008-11-21 08:25 <DIR> d-------- c:\programdata\Apple Computer
2008-11-21 08:25 . 2008-11-21 08:27 <DIR> d-------- c:\program files\QuickTime
2008-11-21 08:25 . 2008-11-21 08:25 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-20 20:34 . 2008-11-20 20:34 <DIR> d-------- c:\users\JS\AppData\Roaming\HP
2008-11-20 20:34 . 2008-11-20 20:34 <DIR> d-------- c:\users\JS\AppData\Roaming\CyberLink
2008-11-17 20:12 . 2008-11-17 20:12 <DIR> d-------- c:\program files\Bonjour
2008-11-16 16:19 . 2008-11-16 16:19 <DIR> d-------- c:\users\All Users\WindowsSearch
2008-11-16 16:19 . 2008-11-16 16:19 <DIR> d-------- c:\programdata\WindowsSearch
2008-11-13 12:34 . 2008-11-13 12:34 <DIR> d-------- c:\users\All Users\Symantec
2008-11-13 12:34 . 2008-11-13 12:34 <DIR> d-------- c:\programdata\Symantec
2008-11-12 07:24 . 2008-11-12 07:24 <DIR> d-------- c:\users\JS\AppData\Roaming\Creative
2008-11-11 22:39 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 22:39 . 2008-09-05 00:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 22:39 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 18:36 . 2008-11-11 18:37 <DIR> d-------- c:\program files\DNA
2008-11-11 18:36 . 2008-11-11 18:37 <DIR> d-------- c:\program files\BitTorrent
2008-11-11 18:26 . 2008-11-11 18:26 <DIR> d-------- c:\users\JS\AppData\Roaming\Uniblue
2008-11-11 13:19 . 2008-11-11 13:19 <DIR> d-------- c:\users\All Users\FLEXnet
2008-11-11 13:19 . 2008-11-11 13:19 <DIR> d-------- c:\programdata\FLEXnet
2008-11-11 13:01 . 2008-11-11 13:01 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-10 15:03 . 2008-11-10 15:03 <DIR> d--hs---- c:\windows\ftpcache
2008-11-10 15:03 . 2008-11-10 15:03 <DIR> d-------- c:\users\JS\AppData\Roaming\Blumentals
2008-11-10 14:45 . 2008-11-10 14:45 <DIR> d-------- c:\users\All Users\engadven
2008-11-10 14:45 . 2008-11-10 14:45 <DIR> d-------- c:\programdata\engadven
2008-11-10 14:45 . 2008-11-10 14:51 <DIR> d-------- c:\program files\EngAdven
2008-11-10 14:45 . 2008-11-10 14:45 24 -rah----- c:\windows\wcpx_.dat
2008-11-09 20:19 . 2008-11-09 20:19 <DIR> d-------- c:\program files\Symantec
2008-11-09 20:19 . 2008-11-09 20:19 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2008-11-09 20:19 . 2008-11-09 20:19 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2008-11-09 20:18 . 2008-11-13 14:17 <DIR> d-------- c:\windows\System32\drivers\NIS
2008-11-09 20:18 . 2008-11-09 20:18 <DIR> d-------- c:\program files\Norton Internet Security
2008-11-09 20:11 . 2008-11-09 20:11 <DIR> d-------- c:\users\All Users\PCSettings
2008-11-09 20:11 . 2008-11-09 20:11 <DIR> d-------- c:\users\All Users\NortonInstaller
2008-11-09 20:11 . 2008-11-09 20:20 <DIR> d-------- c:\users\All Users\Norton
2008-11-09 20:11 . 2008-11-09 20:11 <DIR> d-------- c:\programdata\PCSettings
2008-11-09 20:11 . 2008-11-09 20:11 <DIR> d-------- c:\programdata\NortonInstaller
2008-11-09 20:11 . 2008-11-09 20:20 <DIR> d-------- c:\programdata\Norton
2008-11-09 20:11 . 2008-11-09 20:11 <DIR> d-------- c:\program files\NortonInstaller
2008-11-07 09:33 . 2008-11-07 09:35 <DIR> d-------- c:\users\JS\AppData\Roaming\ooVoo Details
2008-11-07 09:33 . 2008-11-07 09:33 <DIR> d-------- c:\program files\ooVoo
2008-11-06 22:37 . 2008-11-06 22:37 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-11-06 07:28 . 2008-11-06 07:28 <DIR> d-------- c:\users\JS\AppData\Roaming\Lexmark Productivity Studio
2008-11-06 07:27 . 2008-11-06 07:27 <DIR> d-------- c:\users\All Users\lx_cats
2008-11-06 07:27 . 2008-11-06 07:27 <DIR> d-------- c:\programdata\lx_cats
2008-11-06 07:26 . 2008-11-06 07:26 <DIR> d-------- C:\logs
2008-11-06 07:20 . 2007-02-19 16:00 1,645,320 --a------ c:\windows\System32\gdiplus.dll
2008-11-06 07:19 . 2008-11-06 07:21 <DIR> d-------- c:\program files\Lexmark 3500-4500 Series
2008-11-06 07:18 . 2008-11-06 07:18 <DIR> d-------- C:\lexmark
2008-11-05 12:15 . 2008-11-05 12:15 <DIR> d-------- c:\users\JS\AppData\Roaming\Virtual Mechanics
2008-11-05 12:15 . 2008-11-05 12:15 <DIR> d-------- c:\users\All Users\Virtual Mechanics
2008-11-05 12:15 . 2008-11-05 12:15 <DIR> d-------- c:\programdata\Virtual Mechanics
2008-10-30 21:18 . 2008-10-31 13:49 <DIR> d-------- c:\users\JS\AppData\Roaming\gtk-2.0
2008-10-30 21:15 . 2008-10-30 21:15 <DIR> d-------- c:\users\JS\.thumbnails
2008-10-30 21:13 . 2008-11-11 22:03 <DIR> d-------- c:\users\JS\.gimp-2.6
2008-10-30 21:13 . 2008-10-30 21:13 <DIR> d-------- c:\users\JS\.gegl-0.0
2008-10-30 10:59 . 2008-11-04 20:12 <DIR> d-------- c:\users\JS\AppData\Roaming\FileZilla
2008-10-30 08:21 . 2008-10-30 08:21 <DIR> d-------- c:\users\JS\AppData\Roaming\Hewlett-Packard
2008-10-30 08:19 . 2008-11-20 15:24 <DIR> dr------- c:\users\JS\Videos
2008-10-30 08:19 . 2008-10-30 08:19 <DIR> dr------- c:\users\JS\Searches
2008-10-30 08:19 . 2008-10-30 08:19 <DIR> dr------- c:\users\JS\Saved Games
2008-10-30 08:19 . 2008-10-30 21:48 <DIR> dr------- c:\users\JS\Pictures
2008-10-30 08:19 . 2008-11-11 22:31 <DIR> dr------- c:\users\JS\Music
2008-10-30 08:19 . 2008-10-30 08:19 <DIR> dr------- c:\users\JS\Links
2008-10-30 08:19 . 2008-10-30 08:19 <DIR> dr------- c:\users\JS\Downloads
2008-10-30 08:19 . 2008-11-24 18:34 <DIR> dr------- c:\users\JS\Documents
2008-10-30 08:19 . 2008-10-30 08:19 <DIR> dr------- c:\users\JS\Contacts
2008-10-30 08:19 . 2008-10-30 08:19 <DIR> d-------- c:\users\JS\AppData\Roaming\Symantec
2008-10-30 08:19 . 2006-11-02 07:37 <DIR> d-------- c:\users\JS\AppData\Roaming\Media Center Programs
2008-10-30 08:19 . 2008-10-30 08:19 <DIR> d--h----- c:\users\JS\AppData
2008-10-30 08:19 . 2008-11-13 10:41 <DIR> d-------- c:\users\JS
2008-10-29 19:28 . 2008-10-29 20:00 <DIR> d-------- c:\users\Guest\AppData\Roaming\FileZilla
2008-10-29 19:17 . 2008-10-30 04:38 <DIR> d-------- c:\users\KS\.gimp-2.6
2008-10-29 19:17 . 2008-10-29 19:17 <DIR> d-------- c:\users\KS\.gegl-0.0
2008-10-29 19:12 . 2008-10-31 04:38 <DIR> d-------- c:\users\KS\AppData\Roaming\FileZilla
2008-10-29 19:12 . 2008-10-29 19:12 <DIR> d-------- c:\program files\FileZilla FTP Client
2008-10-29 04:06 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 04:06 . 2008-08-05 04:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-29 04:06 . 2008-08-05 04:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-29 04:06 . 2008-08-05 04:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-29 04:06 . 2008-08-05 04:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-29 04:06 . 2008-09-17 23:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 04:06 . 2008-09-17 23:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-29 04:06 . 2008-08-05 04:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-15 04:32 . 2008-09-18 00:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-15 04:32 . 2008-09-18 00:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-15 04:32 . 2008-09-17 21:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-15 04:32 . 2008-10-01 20:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-15 04:32 . 2008-10-01 22:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-15 04:32 . 2008-08-26 20:06 288,768 --a------ c:\windows\System32\drivers\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 01:13 --------- d-----w c:\program files\Common Files\Adobe
2008-11-12 13:18 --------- d-----w c:\programdata\CyberLink
2008-11-12 12:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 01:23 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-10 01:19 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-11-10 01:19 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-10 01:10 --------- d-----w c:\programdata\Symantec Temporary Files
2008-10-22 21:21 21,248 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2008-10-17 11:15 --------- d-----w c:\users\Guest\AppData\Roaming\Move Networks
2008-10-16 09:45 --------- d-----w c:\program files\Windows Mail
2008-10-06 16:51 20,224 ----a-w c:\windows\Help\OEM\scripts\HC_checkMUI.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-04 00:11 54,600 ----a-w C:\npbittorrent.dll
2008-08-21 21:16 11,520 ----a-w c:\windows\Help\OEM\scripts\HCNetworkTest.exe
2008-08-02 03:26 36,864 ----a-w c:\windows\System32\cdd.dll
2008-07-05 13:29 174 --sha-w c:\program files\desktop.ini
2007-11-06 23:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-06 23:04 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-06 23:04 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-08-18 16:49 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-18 171448]
"Google Update"="c:\users\JS\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-12 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 c:\windows\System32\P0630Pin.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2007-03-12 13:54 50696 c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 01:11 49152 c:\program files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-02-13 13:38 159744 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--------- 2007-04-23 17:11 176128 c:\program files\Hp\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-20 20:23 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{411D0265-523C-4C23-93B2-A686144EE2E7}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A618E181-A524-4E62-8E77-D364DE34850C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A07CD5B6-9B9D-40AB-9555-43055215DAA3}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A3E61AF1-A002-4E7E-B4BE-F96F7D7A1906}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1CB5E2B2-223D-4192-BDDA-189A900AEFBA}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{996EBD35-5809-4CDD-AC96-9EA2610271C5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{737224D1-2A12-465C-81BA-C555BAE5A1FC}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{E078A105-4EC5-43F1-8560-050E50D1EC51}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{F61D5A65-B978-4D5B-9DD1-724B4BD9A252}"= UDP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{CF88FAC5-A32C-4FD1-979C-6DAF7AB77C8B}"= TCP:c:\windows\System32\lxdicoms.exe:Lexmark Communications System
"{77E40052-8BE3-4B65-9F50-177B0B205780}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{0F2C54C2-FAB6-4DA5-B371-9117BB9956DC}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe:Lexmark Device Monitor
"{F4B17366-A87E-4462-A690-8AD1DBD5643B}"= UDP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{6DE3FC2D-52B0-425A-A167-A4F197970581}"= TCP:c:\program files\Lexmark 3500-4500 Series\App4R.exe:Lexmark Imaging Studio
"{2121957E-80B1-4AD3-A38D-C99F92B1799B}"= UDP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{90917DC5-99AC-4CDD-B1E0-6D316644FE59}"= TCP:c:\program files\Lexmark 3500-4500 Series\lxdimon.exe:Device Monitor
"{F1B815C0-1C77-4D0B-B5BA-E826D4319111}"= UDP:443:ooVoo TCP port 443
"{60A574A7-189A-4F75-B7D0-6A7B5C546B92}"= TCP:443:ooVoo UDP port 443
"{FA96D605-987F-4197-AA85-47A037A24717}"= UDP:37674:ooVoo TCP port 37674
"{D7262A7C-D9BE-414C-8837-EAD1ADBD0466}"= TCP:37674:ooVoo UDP port 37674
"{107F764F-085B-4B6B-B83B-865873C65636}"= TCP:37675:ooVoo UDP port 37675
"{832E8D19-F828-4EFC-9F96-C441E3D1053C}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{18953004-3F41-49A6-ADCE-B63264E69050}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{E5E7E400-9B1D-4E3D-8BA1-668FF64C8455}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application
"UDP Query User{C437DDC3-578C-4828-8B99-98865C909978}c:\\program files\\lexmark 3500-4500 series\\lxdiamon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdiamon.exe:Device Monitor Application
"TCP Query User{367786BF-EF92-438E-9011-1404F6EF40DD}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= UDP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
"UDP Query User{3A4A6F21-C652-4A9D-982D-C00F1AC6B64D}c:\\program files\\lexmark 3500-4500 series\\lxdimon.exe"= TCP:c:\program files\lexmark 3500-4500 series\lxdimon.exe:Device Monitor
"{8FFE38E0-A4E9-4DF6-83A4-960A97980C90}"= c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe:Symantec Service Framework
"TCP Query User{23900943-53EF-4C8C-A067-12F49791DF1E}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{5ADDDAA4-A029-48AF-AD12-253207BE840A}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NIS\1001000.021\BHDrvx86.sys [2008-11-13 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NIS\1001000.021\ccHPx86.sys [2008-11-13 362544]
R1 IDSVix86;IDSVix86;\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081127.002\IDSvix86.sys [2008-11-29 289840]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service []
R2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.1.0.33\diMaster.dll" /prefetch:1 []
R2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys [2008-01-20 5120]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\NIS\1001000.021\SYMNDISV.SYS [2008-11-13 40496]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-11-12 91841]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-30 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\JS\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 08:30]

2008-11-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - KS.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 11:56:20
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4472)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2008-11-30 12:01:32
ComboFix-quarantined-files.txt 2008-11-30 17:01:17

Pre-Run: 67,531,784,192 bytes free
Post-Run: 68,721,147,904 bytes free

275 --- E O F --- 2008-11-26 18:31:34

Thanks you and look forward to your response.

LikeTelevision

Nothing much found here. It looks good. Is everything ok on this computer?

Hi Greyknight:

All is good on this machine. Thank you for all your assistance.

LikeTelvision

No problem. Just one final step to wrap things up:

Go to Start->Run, copy/paste in combofix /u and hit OK to remove it.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

You should be set to go

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.