Ok. I had to reboot because the laptop froze, and this time it decided it didn't care it hasn't worked in three days. All the programs work again. I'm sending the CFScript.txt log.
ComboFix 10-07-08.02 - Mr.Clark 07/09/2010 16:00:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.252 [GMT -5:00]
Running from: c:\users\Mr.Clark\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Mr.Clark\Desktop\CFScript.txt
AV: Norton Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Security Online *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-06-09 to 2010-07-09 )))))))))))))))))))))))))))))))
.
2010-07-09 21:15 . 2010-07-09 21:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-09 21:15 . 2010-07-09 21:15 -------- d-----w- c:\users\Patrick\AppData\Local\temp
2010-07-09 21:15 . 2010-07-09 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-09 20:53 . 2010-07-09 20:54 -------- d-----w- C:\32788R22FWJFW
2010-07-09 11:26 . 2010-07-09 11:26 19 ----a-w- c:\windows\popcinfo.dat
2010-07-08 16:33 . 2010-07-08 17:11 -------- d-----w- C:\Combo-Fix
2010-07-07 02:49 . 2010-07-07 02:49 -------- d-----w- C:\_OTL
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\Malwarebytes
2010-07-05 03:32 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 03:32 . 2010-07-05 03:32 -------- d-----w- c:\programdata\Malwarebytes
2010-07-05 03:32 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 20:48 . 2008-04-30 16:00 -------- d-----w- c:\program files\Lx_cats
2010-07-09 18:55 . 2008-04-04 03:54 -------- d-----w- c:\programdata\Google Updater
2010-07-09 13:45 . 2007-04-12 01:41 -------- d-----w- c:\program files\Gateway Games
2010-07-09 11:13 . 2009-10-01 22:06 2319072 ----a-w- c:\programdata\WildTangent\Gateway Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2010-07-06 13:13 . 2007-04-12 01:41 -------- d-----w- c:\programdata\WildTangent
2010-07-05 04:56 . 2008-05-29 17:55 -------- d-----w- c:\program files\GamesBar
2010-07-05 03:26 . 2008-12-07 03:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-02 16:03 . 2007-11-27 21:01 3304 ----a-w- c:\users\Mr.Clark\AppData\Roaming\wklnhst.dat
2010-07-02 14:25 . 2010-03-06 01:08 439816 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-07-01 18:52 . 2010-07-07 02:36 1496064 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-01 18:51 . 2010-07-07 02:36 43008 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-01 18:51 . 2010-07-07 02:36 338944 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-01 18:51 . 2010-07-07 02:36 346112 ----a-w- c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-13 08:18 . 2007-04-12 01:48 -------- d-----w- c:\programdata\Microsoft Help
2010-06-02 18:37 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\DreamDale
2010-06-02 18:27 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\MB3
2010-06-02 18:23 . 2010-06-02 18:23 -------- d-----w- c:\users\Mr.Clark\AppData\Roaming\SmashFrenzy3
2010-05-30 12:38 . 2010-05-30 12:38 -------- d-----w- c:\programdata\PopCap Games
2010-05-29 12:56 . 2010-05-29 12:56 -------- d-----w- c:\programdata\MumboJumbo
2010-05-27 11:56 . 2010-05-27 11:56 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-27 11:55 . 2010-05-27 11:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-13 12:20 . 2007-04-12 01:52 -------- d-----w- c:\program files\Google
2010-02-10 15:32 . 2010-02-10 15:32 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-03-23 18:02 . 2007-10-01 00:32 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-03-23 18:02 . 2007-10-01 00:32 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-23 18:02 . 2007-10-01 00:32 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-03-23 18:02 . 2007-10-01 00:32 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-03-23 18:02 . 2007-10-01 00:32 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-17 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-10 30192]
"NapsterShell"="c:\program files\Napster\napster.exe" [2006-09-06 323216]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 185896]
"LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-30 205744]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-30 103344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\Mr.Clark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-7-7 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-9-23 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-9-23 692224]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-8-17 54512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004181874-1218646721-3285697250-1000]
"EnableNotificationsRef"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4004181874-1218646721-3285697250-500]
"EnableNotificationsRef"=dword:00000002
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-10 30192]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090604.001\IDSvix86.sys [2009-02-09 272432]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MRVW147;Marvell TOPDOG (TM) 802.11n Driver for Vista Native WIFI (CB8x/EC8x);c:\windows\system32\DRIVERS\MRVW147.sys [2007-01-27 321536]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-24 05:17]
2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 05:20]
2010-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 05:20]
2010-05-04 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Mr.Clark.job
- c:\progra~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{9E180437-3F6A-40F3-A2C5-DFE896E3C40D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.mail.yahoo.com/mStart Page =
hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6458uSearchURL,(Default) =
hxxp://www.google.com/keyword/%sHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL -
hxxp://search.myheritage.com/?orig=ds&q=FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\users\Mr.Clark\AppData\Roaming\Mozilla\Firefox\Profiles\aee0t5jc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-09 16:15
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4004181874-1218646721-3285697250-1001\Software\SecuROM\License information*]
"datasecu"=hex:a7,cc,63,cb,11,18,b2,ce,50,dc,9d,83,1d,9a,78,db,c2,4b,60,6e,67,
27,e0,9d,7b,02,d5,63,fb,f4,d8,a8,97,60,51,70,c3,69,82,19,59,98,fd,47,37,a1,\
"rkeysecu"=hex:53,23,ec,92,8c,0b,b6,ed,90,02,0c,7a,7e,b5,b9,67
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3400)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2010-07-09 16:26:52
ComboFix-quarantined-files.txt 2010-07-09 21:26
ComboFix2.txt 2010-07-08 17:11
Pre-Run: 88,742,576,128 bytes free
Post-Run: 88,391,405,568 bytes free
- - End Of File - - 22416CFEB2958CA8FCA8C7A8CEF66882