Sorry... I didn't scan it properly the first time with GMER. I just did it again the right way and here's what I got. GMER said it did find rootkits. Are the red lines of text the problem areas? I'll wait for your instructions on next step, but should I also attach my peripherals (iPod, Sony MP3 player, 3 flash drives, WD Sync external hard drive), and run GMER on them somehow?
**ACTUALLY - what is below is just a portion of the GMER log - the Norton forum text editor said my posting was over 20,000 characters long, so I deleted some lines of the log that didn't seem to indicate anything unusual.
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB10142C0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB1014820]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB1014A70]
SSDT 8A1A3978 ZwSuspendProcess
SSDT 8A459630 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0xB0E9F660]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 450 804E2AAC 8 Bytes JMP AF0C3B61
PAGE ntoskrnl.exe!ZwOpenKey + 7 80568D60 1 Byte [F5]
PAGE ntoskrnl.exe!ZwCreateKey + 7 80570664 1 Byte [57]
? SYMEFA.SYS The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\ujypmcpx \Device\SAMPLEDEV35 F7648416
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device AF052D20
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Modules - GMER 1.0.15 ----
Module wpsxbayy.sys (*** hidden *** ) F7647000-F7650000 (36864 bytes)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSofxh.dll
Reg HKLM\SYSTEM\ControlSet002\Control\Lsa@Authentication Packages msv1_0?C:\WINDOWS\system32\cbXQgGwv?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@Authentication Packages msv1_0?C:\WINDOWS\system32\cbXQgGwv?
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\SYSTEM32\DRIVERS\wpsxbayy.sys 25088 bytes executable <-- ROOTKIT !!!
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\wpsxbayy.sys [BOOT] ujypmcpx <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----