I followed your directions and the gmer log was much shorter. Besides 'show all' I had all the other things checked. Here are my mbam, gmer, and dss logs:
Malwarebytes' Anti-Malware 1.44
Database version: 3850
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
3/10/2010 7:29:27 PM
mbam-log-2010-03-10 (19-29-27).txt
Scan type: Quick Scan
Objects scanned: 132944
Time elapsed: 12 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit scan 2010-03-17 00:53:07
Windows 5.1.2600 Service Pack 2
Running: mejcdbm8.exe; Driver: C:\DOCUME~1\Evan\LOCALS~1\Temp\pxtdrpob.sys
---- System - GMER 1.0.15 ----
SSDT 86B56100 ZwAlertResumeThread
SSDT 86B567E0 ZwAlertThread
SSDT 86C5FF48 ZwAllocateVirtualMemory
SSDT 86B63230 ZwAssignProcessToJobObject
SSDT 86D53880 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF2BD1210]
SSDT 86D7C360 ZwCreateMutant
SSDT 8662F5B0 ZwCreateSymbolicLinkObject
SSDT 86B35DA8 ZwCreateThread
SSDT 86B62E70 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF2BD1490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF2BD19F0]
SSDT 86C896E0 ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey [0xF742FE2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF74301BA]
SSDT 86C1C2A8 ZwFreeVirtualMemory
SSDT 86B55B38 ZwImpersonateAnonymousToken
SSDT 86B55DF0 ZwImpersonateThread
SSDT 8682E220 ZwLoadDriver
SSDT 86B35008 ZwMapViewOfSection
SSDT 86B556E8 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xF2BD17A0]
SSDT 86B490D0 ZwOpenProcess
SSDT 8675F168 ZwOpenProcessToken
SSDT 86B60AA8 ZwOpenSection
SSDT 86B2FA98 ZwOpenThread
SSDT 8662FF80 ZwProtectVirtualMemory
SSDT sptd.sys ZwQueryKey [0xF7430292]
SSDT sptd.sys ZwQueryValueKey [0xF7430112]
SSDT 86B57510 ZwResumeThread
SSDT 86B59290 ZwSetContextThread
SSDT 86FCBFC0 ZwSetInformationProcess
SSDT 86B61DD0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF2BD1C40]
SSDT 86B60440 ZwSuspendProcess
SSDT 86B57908 ZwSuspendThread
SSDT 86B9F830 ZwTerminateProcess
SSDT 86B58A50 ZwTerminateThread
SSDT 86B594C8 ZwUnmapViewOfSection
SSDT 86C27B18 ZwWriteVirtualMemory
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86FCF1E8
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\USBSTOR \Device\0000009e 867857A0
Device \Driver\USBSTOR \Device\0000009f 867857A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{1125B7C2-3196-4D35-8654-718A3C72CA54} 8679B1E8
Device \Driver\usbuhci \Device\USBPDO-0 86D0B7A0
Device \Driver\usbuhci \Device\USBPDO-1 86D0B7A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F601E8
Device \Driver\dmio \Device\DmControl\DmConfig 86F601E8
Device \Driver\dmio \Device\DmControl\DmPnP 86F601E8
Device \Driver\dmio \Device\DmControl\DmInfo 86F601E8
Device \Driver\usbuhci \Device\USBPDO-2 86D0B7A0
Device \Driver\usbuhci \Device\USBPDO-3 86D0B7A0
Device \Driver\usbehci \Device\USBPDO-4 86CC84F0
Device \Driver\PCI_NTPNP9278 \Device\00000055 sptd.sys
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD11E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD11E8
Device \Driver\Cdrom \Device\CdRom0 86C817A0
Device \Driver\Ftdisk \Device\HarddiskVolume3 86FD11E8
Device \Driver\Cdrom \Device\CdRom1 86C817A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86FD01E8
Device \Driver\atapi \Device\Ide\IdePort0 86FD01E8
Device \Driver\atapi \Device\Ide\IdePort1 86FD01E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 86FD01E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8679B1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{141F4DAE-D694-47F9-9455-1BBC04A94089} 8679B1E8
Device \Driver\NetBT \Device\NetbiosSmb 8679B1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2F752040-547F-43F7-B8CC-0A6922AE2371} 8679B1E8
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 86D0B7A0
Device \Driver\usbuhci \Device\USBFDO-1 86D0B7A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B4B1E8
Device \Driver\usbuhci \Device\USBFDO-2 86D0B7A0
Device 86B4B1E8
Device \Driver\usbuhci \Device\USBFDO-3 86D0B7A0
Device \Driver\usbehci \Device\USBFDO-4 86CC84F0
Device \Driver\Ftdisk \Device\FtControl 86FD11E8
Device \Driver\a6kvpwkd \Device\Scsi\a6kvpwkd1 86C59738
Device \Driver\a6kvpwkd \Device\Scsi\a6kvpwkd1Port2Path0Target0Lun0 86C59738
Device 8595B5C8
Device B56761F9
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 85B173A0
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0x8B 0xD3 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0x5F 0x3C 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0x8F 0x6B 0xAF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0x8B 0xD3 0xDE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1F 0x5F 0x3C 0x1A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x36 0x8F 0x6B 0xAF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DE191883-0715-2F88-B6B9-67D306B77518}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DE191883-0715-2F88-B6B9-67D306B77518}@iakbhjpofgccfboajn 0x6B 0x61 0x70 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DE191883-0715-2F88-B6B9-67D306B77518}@haadblggdcjajdik 0x6B 0x61 0x70 0x6C ...
---- EOF - GMER 1.0.15 ----
DDS (Ver_09-06-26.01) - NTFSx86
Run by Evan at 1:18:13.10 on Sun 03/14/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.416 [GMT -5:00]
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Evan\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
mDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.5.0.127\IPSBHO.DLL
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [Google Update] "c:\documents and settings\evan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SNPSTD2] c:\windows\vsnpstd2.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\evan\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155936059281
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {2F752040-547F-43F7-B8CC-0A6922AE2371} = 128.253.180.2
AppInit_DLLs: wxvault.dll
LSA: Authentication Packages = msv1_0 wvauth
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\evan\applic~1\mozilla\firefox\profiles\fvnbwutr.default\
FF - prefs.js: browser.startup.homepage - hxxps://uportal.cornell.edu/uPortal/render.uP
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\evan\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "
https://www.google.com/loc/json");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1105000.07f\SymDS.sys [2010-2-27 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1105000.07f\SymEFA.sys [2010-2-27 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\bashdefs\20100211.001\BHDrvx86.sys [2010-2-11 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1105000.07f\cchpx86.sys [2010-2-27 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1105000.07f\Ironx86.sys [2010-2-27 116272]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.5.0.127\ccSvcHst.exe [2010-2-27 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-27 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\ipsdefs\20100310.001\IDSXpx86.sys [2010-3-10 329592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100313.021\NAVENG.SYS [2010-3-13 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100313.021\NAVEX15.SYS [2010-3-13 1324720]
RUnknown SASKUTIL;SASKUTIL; [x]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-3-13 709248]
=============== Created Last 30 ================
2010-03-13 14:48 <DIR> --d----- c:\program files\WebEx
2010-03-13 14:45 <DIR> --d----- c:\program files\Linksys
2010-03-13 14:42 709,248 a----r-- c:\windows\system32\drivers\rt2870.sys
2010-03-13 14:42 221,184 a----r-- c:\windows\system32\RaCoInst.dll
2010-03-13 14:42 13,931 a----r-- c:\windows\system32\RaCoInst.dat
2010-03-10 19:12 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 19:12 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-03-10 16:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-10 16:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2010-03-10 16:33 <DIR> --d----- c:\docume~1\evan\applic~1\SUPERAntiSpyware.com
2010-03-10 00:07 <DIR> --d----- c:\program files\CCleaner
2010-03-01 01:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-02-28 03:50 <DIR> --d----- c:\windows\ServicePackFiles
2010-02-27 22:40 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2010-02-27 22:40 283,648 -------- c:\windows\system32\dllcache\pdh.dll
2010-02-27 22:40 60,416 -------- c:\windows\system32\dllcache\colbact.dll
2010-02-27 22:40 35,328 -------- c:\windows\system32\dllcache\sc.exe
2010-02-27 22:40 399,360 -------- c:\windows\system32\dllcache\rpcss.dll
2010-02-27 22:40 110,592 -------- c:\windows\system32\dllcache\services.exe
2010-02-27 22:40 473,088 -------- c:\windows\system32\dllcache\fastprox.dll
2010-02-27 22:40 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2010-02-27 22:40 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2010-02-27 22:40 616,960 -------- c:\windows\system32\dllcache\advapi32.dll
2010-02-27 22:40 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2010-02-27 22:31 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2010-02-27 22:29 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2010-02-27 18:44 95,024 a------- c:\windows\system32\drivers\SBREDrv.sys
2010-02-27 18:39 <DIR> --d----- c:\program files\Lavasoft
2010-02-27 18:29 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2010-02-27 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-27 18:24 <DIR> --d----- c:\docume~1\evan\applic~1\Malwarebytes
2010-02-27 18:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-27 18:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 01:39 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-27 01:39 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2010-02-27 01:39 7,443 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-27 01:39 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-27 01:38 <DIR> --d----- c:\windows\system32\drivers\NAV
2010-02-27 01:38 <DIR> --d----- c:\program files\Norton AntiVirus
2010-02-27 01:38 <DIR> --d----- c:\program files\NortonInstaller
2010-02-27 01:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-02-27 01:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
==================== Find3M ====================
2010-03-10 00:28 11,242 a------- c:\windows\system32\nvModes.dat
2010-01-14 04:57 55,172 a---h--- c:\windows\system32\mlfcache.dat
2009-12-31 11:14 352,640 -------- c:\windows\system32\dllcache\srv.sys
2009-12-16 07:58 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-16 07:58 343,040 -------- c:\windows\system32\dllcache\mspaint.exe
2009-12-16 07:57 18,432 a------- c:\windows\system32\dllcache\iedw.exe
2009-12-14 02:35 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-14 02:35 33,280 -------- c:\windows\system32\dllcache\csrsrv.dll
============= FINISH: 1:19:27.01 ===============
Thanks so much. Hopefully the spam problem can be resolved otherwise I don't really know what I'm going to do.