Thank you so much for your prompt reply and assistance. As a side note, I didn't have the Windows Disk and am running SP3, but in th list on the Windows download site it only had boot downloads for SP1 and SP2, so I picked the download for SP2. Please let me know if I need to do it differently.
Again, I can't thank you enough for your assistance. Here are the two logs generated:
Uninstall ListAd-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Player ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Alky for Applications (Windows XP)
AppCore
AV
Broadcom 440x 10/100 Integrated Controller
ccCommon
CCleaner (remove only)
DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
Gadget Installer
HijackThis 2.0.2
IconPackager
Intel(R) Extreme Graphics Driver
Java(TM) 6 Update 6
LClock
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Recent Documents Gadget
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.14)
MSRedist
MSXML 4.0 SP2 Parser and SDK
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
PDF Settings
QuickBooks Premier Edition 2007
QuickBooks Product Listing Service
Resource Hacker 3.4.0
Right Click Image Converter
SPBBC 32bit
Styler
SupportSoft Assisted Service
SymNet
Unlocker 1.8.5
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Sidebar
Windows Vista Sounds Pack
WinRAR archiver
ComboFix log:ComboFix 08-06-16.5 - Administrator 2008-06-19 9:01:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.175 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMff08b893.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dnlkfomd.ini
C:\WINDOWS\system32\ehwilqap.dll
C:\WINDOWS\system32\eltoskqh.dll
C:\WINDOWS\system32\fdalxvxl.dll
C:\WINDOWS\system32\hpunjhes.ini
C:\WINDOWS\system32\nlcnwifs.dll
C:\WINDOWS\system32\xgmfwrki.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.
2008-06-19 09:05 . 2008-06-19 09:05 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-06-19 09:04 . 2008-06-19 09:04 <DIR> d-------- C:\Program Files\microsoft frontpage
2008-06-19 01:41 . 2008-06-19 01:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-06-19 01:32 . 2008-06-19 01:32 <DIR> d-------- C:\Program Files\Common Files\Control Panels
2008-06-19 01:28 . 2008-06-19 01:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-06-19 01:01 . 2008-06-19 01:01 <DIR> d-------- C:\Program Files\QuickTime
2008-06-19 00:58 . 2008-06-19 00:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-19 00:47 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-06-19 00:47 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-06-19 00:45 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-06-19 00:45 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-06-19 00:45 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-06-19 00:38 . 2008-06-19 00:38 <DIR> d-------- C:\Program Files\Bonjour
2008-06-19 00:33 . 2008-06-19 00:33 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-19 00:24 . 2008-06-19 01:38 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-19 00:02 . 2008-04-14 10:42 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-19 00:02 . 2008-04-14 05:15 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-19 00:02 . 2001-08-18 03:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-18 23:44 . 2008-06-18 23:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-06-18 23:43 . 2008-06-18 23:43 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-06-18 23:37 . 2006-04-12 10:11 1,933,312 --a------ C:\WINDOWS\system32\cdintf251.dll
2008-06-18 23:30 . 2008-06-18 23:43 <DIR> d-------- C:\Program Files\Intuit
2008-06-18 23:30 . 2008-06-18 23:31 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-06-18 23:30 . 2008-06-18 23:30 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-06-18 23:30 . 2008-06-19 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-06-18 23:28 . 2008-06-18 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-06-18 23:27 . 2008-06-18 23:27 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-18 23:02 . 2008-06-18 23:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-18 23:02 . 2008-06-18 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-18 23:02 . 2008-06-18 23:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-18 23:02 . 2008-06-11 15:00 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-18 23:02 . 2008-06-11 15:00 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-18 22:04 . 2008-06-18 22:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-18 22:04 . 2008-06-18 22:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-18 22:04 . 2008-06-18 22:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-18 20:29 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-06-18 20:29 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-06-18 20:29 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-06-18 20:29 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-06-18 19:09 . 2008-06-18 19:10 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-18 19:09 . 2008-06-18 19:10 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-18 18:54 . 2008-06-19 00:47 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-06-18 18:52 . 2008-06-18 19:10 <DIR> d-------- C:\Program Files\Symantec
2008-06-18 18:52 . 2008-06-19 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-18 18:52 . 2008-06-18 19:10 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-18 18:52 . 2008-06-18 19:10 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-18 18:50 . 2008-06-19 09:05 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-18 14:05 . 2008-06-18 14:05 <DIR> d-------- C:\Program Files\Mplayer
2008-06-18 13:52 . 2008-06-18 14:14 196,608 --a------ C:\WINDOWS\IsUninst.exe
2008-06-18 13:45 . 2008-06-18 14:12 583 --a------ C:\WINDOWS\QIII.INI
2008-06-18 13:26 . 2008-06-18 13:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-06-18 13:22 . 2008-04-14 05:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-06-18 12:20 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-18 12:12 . 2008-06-18 12:12 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-18 12:10 . 2008-06-18 12:10 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-18 12:07 . 2008-06-18 12:07 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-18 12:06 . 2008-06-18 12:11 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-06-18 12:05 . 2008-06-18 12:05 <DIR> dr-h----- C:\MSOCache
2008-06-18 12:05 . 2008-06-18 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-18 12:00 . 2004-02-10 11:50 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2008-06-18 11:57 . 2008-06-18 13:32 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2008-06-18 11:56 . 2008-06-18 11:56 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-18 11:56 . 2008-06-18 11:56 <DIR> d-------- C:\Program Files\Broadcom
2008-06-18 11:56 . 2008-06-18 11:56 <DIR> d-------- C:\dell
2008-06-18 11:52 . 2008-06-18 11:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-06-18 11:49 . 2008-06-18 11:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Styler
2008-06-18 11:47 . 2008-06-18 11:47 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-18 11:47 . 2008-06-18 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\IXP000.TMP
2008-06-18 11:47 . 2008-06-19 00:46 <DIR> d-------- C:\Documents and Settings\Administrator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 19:11 --------- d-----w C:\Program Files\MSBuild
2008-06-18 18:49 --------- d-----w C:\Program Files\VistaExperience.org
2008-06-18 18:49 --------- d-----w C:\Program Files\Styler
2008-06-18 17:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-18 17:46 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-18 17:45 --------- d-----w C:\Program Files\Stardock
2008-06-18 17:45 --------- d-----w C:\Program Files\Resource Hacker 3.4.0
2008-06-18 17:45 --------- d-----w C:\Program Files\Kristanix
2008-06-18 17:45 --------- d-----w C:\Program Files\Common Files\Stardock
2008-06-18 17:45 --------- d-----w C:\Program Files\Alky for Applications
2008-06-18 17:44 --------- d-----w C:\Program Files\Java
2008-06-18 17:44 --------- d-----w C:\Program Files\Common Files\Java
2008-06-18 17:44 --------- d-----w C:\Program Files\CCleaner
2008-06-18 17:40 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-18 17:30 --------- d-----w C:\Program Files\Unlocker
2008-06-18 17:30 --------- d-----w C:\Program Files\Desktop
2008-06-18 17:29 --------- d-----w C:\Program Files\Microsoft PowerToys
2008-06-18 17:29 --------- d-----w C:\Program Files\LClock
2008-06-18 17:29 --------- d-----w C:\Program Files\HashTab Shell Extension
2008-04-29 18:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 09:35 58,112 ----a-w C:\WINDOWS\system32\drivers\vdmindvd.sys
2008-04-23 09:35 51,712 ----a-w C:\WINDOWS\system32\drivers\tosdvd.sys
2008-04-23 09:35 262,528 ----a-w C:\WINDOWS\system32\drivers\cinemst2.sys
2008-04-23 09:35 21,376 ----a-w C:\WINDOWS\system32\drivers\tsbvcap.sys
2008-04-23 09:35 18,688 ----a-w C:\WINDOWS\system32\drivers\cdaudio.sys
2008-04-23 09:35 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
2008-04-23 09:35 12,160 ----a-w C:\WINDOWS\system32\drivers\fsvga.sys
2008-04-23 09:35 12,032 ----a-w C:\WINDOWS\system32\drivers\riodrv.sys
2008-04-23 09:35 12,032 ----a-w C:\WINDOWS\system32\drivers\rio8drv.sys
2008-04-23 09:35 12,032 ----a-w C:\WINDOWS\system32\drivers\nikedrv.sys
2008-04-23 09:35 11,776 ----a-w C:\WINDOWS\system32\drivers\cpqdap01.sys
2008-04-23 09:32 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-23 09:29 8,636 ----a-w C:\WINDOWS\modifyPE.exe
2008-04-23 09:29 269,312 ----a-w C:\WINDOWS\upx.exe
2008-04-14 07:40 1,296,669 ----a-r C:\WINDOWS\SET3.tmp
2008-04-14 07:34 16,535 ----a-r C:\WINDOWS\SET8.tmp
2008-04-14 07:34 1,088,840 ----a-r C:\WINDOWS\SET4.tmp
2008-04-14 05:42 69,120 ----a-w C:\WINDOWS\NOTEPAD.EXE
2008-04-14 05:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 05:42 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 05:42 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 05:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 05:42 279,040 ----a-w C:\WINDOWS\Help\TSHOOT.dll
2008-04-14 05:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 05:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 05:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 05:41 451,072 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
2008-04-14 05:41 39,424 ----a-w C:\WINDOWS\AppPatch\AcAdProc.dll
2008-04-14 05:41 245,248 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
2008-04-14 05:41 141,312 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
2008-04-14 05:41 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
2008-04-14 05:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
.
------- Sigcheck -------
2008-04-23 02:32 361344 68f06fe0021b01e670af37b8c5964fdf C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-22 17:34 2350208 af263738fad02e11d21f2c8f18054c80 C:\WINDOWS\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-22 22:18 1271808]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:42 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-19 12:27 65536]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 17:19 15872]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 11:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 11:51 118784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 00:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-23 02:31 124928 C:\WINDOWS\system32\advpack.dll]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Styler.lnk - C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2008-06-18 11:47:55 15086]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-11-29 11:09:20 968224]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder
"2008-06-19 02:03:01 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-06-18 19:06:31 C:\WINDOWS\Tasks\User_Feed_Synchronization-{455973A0-5436-49BA-8D1E-5DE216AC2726}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-19 09:05:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20060801.001\full-webauth.sql.bin 4180533 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20060801.001\Identifiers.xml.bin 505177 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20060801.001\Indicators.xml.bin 61052 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20060801.001\PopularSites.xml.bin 2621 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20060801.001\Redirectors.xml.bin 46752 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20060801.001\Resources.xml.bin 490 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20060801.001\SafeList.xml.bin 533997 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20060801.001\SearchServices.xml.bin 15750 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20060801.001\Throttle.xml.bin 454 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\20060801.001\TrustedDomains.xml.bin 218792 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\concat-webauth.sql.bin 14201413 bytes
C:\Program Files\Common Files\Symantec Shared\SymcData\nco1.0defs\latest-hub-webauth.sql.bin 13520192 bytes
scan completed successfully
hidden files: 12
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tsd32.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-06-19 9:11:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 16:10:20
Pre-Run: 185,623,236,608 bytes free
Post-Run: 185,551,548,416 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
271