Here are both logs. Let me know what I should do next..
ComboFix 08-05-21.3 - Christopher 2008-05-23 0:41:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2060 [GMT -7:00]
Running from: F:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Christopher\Desktop\MOVIES\Rambo_4\RRRaammbboo[1].IV-BaLD---by_cozi\RRRaammbboo.IV-BaLD---by_cozi\Yeni Klas”r\Desktop_.ini
C:\Program Files\ADS Plugins
C:\Program Files\ADS Plugins\ContextHelper.xpi
C:\Program Files\ADS Plugins\Enigma.dll
C:\Program Files\ADS Plugins\uninstall.exe
C:\WINDOWS\b2new.exe
C:\WINDOWS\BM9b0cb6dd.xml
C:\WINDOWS\lfn.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aerkdpsx.exe
C:\WINDOWS\system32\ahlirsum.dll
C:\WINDOWS\system32\dctbyosy.dll
C:\WINDOWS\system32\ddcDwvSl.dll
C:\WINDOWS\system32\edfyolvx.dll
C:\WINDOWS\system32\FMnqYcdd.ini2
C:\WINDOWS\system32\fskpheuq.dll
C:\WINDOWS\system32\heavtjkb.dll
C:\WINDOWS\system32\lSvwDcdd.ini
C:\WINDOWS\system32\lSvwDcdd.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\musrilha.ini
C:\WINDOWS\system32\ouxavcps.exe
C:\WINDOWS\system32\ybmiscmq.ini
----- BITS: Possible infected sites -----
hxxp://80.93.48.89.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.
2008-05-23 00:20 . 2008-05-23 00:20 100,016 --a------ C:\WINDOWS\system32\daeitxnp.dll
2008-05-18 13:24 . 2008-05-18 13:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-18 13:23 . 2008-05-20 19:38 <DIR> d-------- C:\SDFix
2008-05-18 13:13 . 2008-05-18 13:13 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-05-17 21:22 . 2008-05-17 21:22 <DIR> d-------- C:\_OTMoveIt
2008-05-17 20:59 . 2008-05-17 20:59 <DIR> d-------- C:\Program Files\lspfix
2008-05-15 19:42 . 2008-05-15 19:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 16:32 . 2008-05-15 16:32 <DIR> d-------- C:\EmergencyUtils
2008-05-13 22:50 . 2008-05-13 22:50 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-05-13 22:50 . 2008-05-13 22:50 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-05-12 20:56 . 2008-05-12 20:56 <DIR> d-------- C:\Documents and Settings\James\Application Data\Logitech
2008-05-12 20:52 . 2008-05-13 03:25 <DIR> d-------- C:\Documents and Settings\James
2008-05-12 03:53 . 2008-05-12 03:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-11 22:26 . 2008-05-13 02:18 1,014 --ahs---- C:\WINDOWS\system32\hgkmocjf.ini
2008-05-11 22:10 . 2008-05-11 22:10 <DIR> d-------- C:\Program Files\BearShare
2008-05-11 07:23 . 2008-05-11 22:11 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-05-10 13:22 . 2008-05-10 13:22 62,910 --a------ C:\Program Files\Uninstall.exe
2008-05-10 13:22 . 2008-05-10 13:22 0 --a------ C:\Program Files\uninstall.dat
2008-05-08 23:23 . 2008-05-08 23:23 <DIR> d-------- C:\Program Files\Acelogix
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 07:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-23 07:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-22 01:06 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-10 20:48 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-10 20:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-10 20:48 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-10 20:48 --------- d-----w C:\Program Files\Symantec
2008-05-10 20:33 --------- d-----w C:\Program Files\DivX
2008-05-09 06:31 --------- d-----w C:\Program Files\WaveReader
2008-05-09 06:31 --------- d-----w C:\Program Files\Support Tools
2008-04-23 12:55 --------- d-----w C:\Program Files\Vietcong
2008-04-21 20:52 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2008-04-21 20:52 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2008-04-21 20:52 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2008-04-21 20:52 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2008-04-21 20:52 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2008-04-21 20:52 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2008-04-21 20:52 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2008-04-21 20:52 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2008-04-21 20:52 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2008-04-06 19:04 --------- d-----w C:\Program Files\Creative
2008-03-31 20:35 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-31 20:34 --------- d-----w C:\Program Files\Common Files\Real
2008-03-31 03:37 --------- d-----w C:\Program Files\SplitWave
2008-03-29 16:47 120 ----a-w C:\drmHeader.bin
2008-03-25 00:26 102,608 ----a-w C:\Documents and Settings\Christopher\Application Data\GDIPFONTCACHEV1.DAT
2005-06-19 08:36 784 ----a-w C:\Documents and Settings\Christopher\Application Data\mpauth.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ac014177-5247-40ba-8981-997fa396051b}]
2008-05-23 00:20 100016 --a------ C:\WINDOWS\system32\daeitxnp.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 06:18 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04 114741]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-23 01:05 172032]
"V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 10:01 32768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-06-04 19:05 116328]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-25 22:00 771440]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [ ]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2007-09-12 19:27 492912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 01:48 53760 C:\WINDOWS\system32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-23 22:13:58 692224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\983f8541]
C:\WINDOWS\system32\fjcomkgh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVFX Engine]
--------- 2006-06-09 01:11 24576 C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM9b0cb6dd]
C:\WINDOWS\system32\bucrunud.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
--a------ 2002-12-10 18:32 155648 C:\Program Files\Logitech\ImageStudio\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
--a------ 2002-12-10 18:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a------ 2002-12-10 17:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalWarrior]
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-03-04 03:36 36975 C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-31 13:33 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebCamRT.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"iPodService"=3 (0x3)
"MDM"=2 (0x2)
"comHost"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"MsSecurity1.209.4"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\system32\drivers\lvsound2.sys [2002-06-10 14:20]
S3 lredbooo;lredbooo;C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\lredbooo.sys []
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 14:21]
S3 LVVI500A;LVVI500A Service;C:\WINDOWS\system32\DRIVERS\lvvi500a.sys [2002-06-10 14:24]
S3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-28 22:58]
S3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 01:00]
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2003-12-15 19:22]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 16:23:36 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Christopher.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-23 00:47:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\full-webauth.sql.bin 1338016 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\Identifiers.xml.bin 1044882 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\Indicators.xml.bin 74555 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\PopularSites.xml.bin 8363 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\Redirectors.xml.bin 47431 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\Resources.xml.bin 556 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\SafeList.xml.bin 593215 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\SearchServices.xml.bin 20719 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\Throttle.xml.bin 454 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\TrustedDomains.xml.bin 262717 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\URLAnalysis.xml.bin 568756 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080522.002\WebHostingSites.xml.bin 29070 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\full-webauth.sql.bin 1338016 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\Identifiers.xml.bin 1178794 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\Indicators.xml.bin 74555 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\PopularSites.xml.bin 8405 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\Redirectors.xml.bin 47431 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\Resources.xml.bin 556 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\SafeList.xml.bin 594019 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\SearchServices.xml.bin 20719 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\Throttle.xml.bin 454 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\TrustedDomains.xml.bin 262717 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\URLAnalysis.xml.bin 568756 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20080523.002\WebHostingSites.xml.bin 29070 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\latest-hub-webauth.sql.bin 7503850 bytes
scan completed successfully
hidden files: 25
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-05-23 0:56:11 - machine was rebooted [Christopher]
ComboFix-quarantined-files.txt 2008-05-23 07:55:57
Pre-Run: 3,683,319,808 bytes free
Post-Run: 3,631,808,512 bytes free
288 --- E O F --- 2008-05-21 02:56:04
************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:00 AM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\Catbarber.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealOne Player\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {b150693a-f799-1898-ab04-7425771410ca} - {ac014177-5247-40ba-8981-997fa396051b} - C:\WINDOWS\system32\daeitxnp.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -
https://quickplace01.geextranet.com/qp2.cabO16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://static.windupdates.com/cab/Media ... ge-c15.cabO16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -
https://www-secure.symantec.com/techsup ... gctlsr.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3022738078O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDow ... eqlab2.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3022730656O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cabO16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) -
http://www.systemrequirementslab.com/sysreqlab.cabO16 - DPF: {EF58E341-49C3-4156-A3C4-5FFCA7C1EAB7} (EURAS_Portal.Gateway) -
http://www.euras.com/euras/activex2/euras.CABO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8304 bytes