Okay, done. ComboFix says this:
ComboFix 08-01-30.1 - Open 2008-01-29 14:23:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.57 [GMT -8:00]
Running from: C:\Documents and Settings\Open\Desktop\ComboFix.exe
[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
/wow section - STAGE 29
/wow section not completed
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-29 14:15 . 2008-01-29 14:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-29 13:26 . 2008-01-29 13:40 <DIR> d-------- C:\Documents and Settings\Open\Application Data\FileZilla
2008-01-29 13:23 . 2008-01-29 13:23 <DIR> d-------- C:\Program Files\FileZilla FTP Client
2008-01-29 05:49 . 2008-01-29 05:49 1,162,310 ---hs---- C:\WINDOWS\system32\eqvnemqc.ini
2008-01-29 05:49 . 2008-01-29 05:49 88,640 --a------ C:\WINDOWS\system32\cqmenvqe.dll
2008-01-28 10:02 . 2008-01-28 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-28 05:51 . 2008-01-30 14:32 1,162,817 ---hs---- C:\WINDOWS\system32\kxcgltpo.ini
2008-01-28 05:51 . 2008-01-28 05:51 88,640 --a------ C:\WINDOWS\system32\optlgcxk.dll
2008-01-28 05:48 . 2008-01-28 05:48 1,149,600 ---hs---- C:\WINDOWS\system32\dpnanelb.ini
2008-01-27 21:49 . 2008-01-27 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-01-27 18:24 . 2008-01-27 18:24 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-27 18:24 . 2008-01-27 18:38 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-01-27 18:22 . 2008-01-27 18:26 <DIR> d-------- C:\Program Files\Symantec
2008-01-27 18:22 . 2008-01-27 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-27 18:22 . 2008-01-27 18:26 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-27 18:22 . 2008-01-27 18:26 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-27 18:22 . 2008-01-27 18:26 10,652 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-27 18:22 . 2008-01-27 18:26 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-27 18:08 . 2008-01-27 19:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-27 17:58 . 2008-01-27 17:58 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2008-01-27 17:56 . 2008-01-27 17:56 38,400 --a------ C:\WINDOWS\system32\khfghif.dll
2008-01-27 17:54 . 2008-01-27 17:54 38,400 --a------ C:\WINDOWS\system32\gebbaay.dll
2008-01-27 17:52 . 2008-01-27 17:52 38,400 --a------ C:\WINDOWS\system32\hggffgh.dll
2008-01-27 17:39 . 2008-01-27 18:17 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-26 08:06 . 2008-01-26 08:06 0 --ahs---- C:\Documents and Settings\Open\Application Data\
00479b5a81.dat
2008-01-26 07:28 . 2008-01-26 07:28 270,698 --a------ C:\WINDOWS\system32\LD771.tmp
2008-01-26 07:28 . 2008-01-26 07:28 181,965 --a------ C:\WINDOWS\system32\LB9C7.tmp
2008-01-25 22:33 . 2008-01-30 14:32 332,638 --ahs---- C:\WINDOWS\system32\nnnmp.ini
2008-01-25 22:33 . 2008-01-30 14:30 332,536 --ahs---- C:\WINDOWS\system32\nnnmp.ini2
2008-01-25 22:33 . 2008-01-25 22:33 321,024 --a------ C:\WINDOWS\system32\pmnnn.dll
2008-01-25 22:32 . 2008-01-27 17:39 <DIR> d-------- C:\Program Files\Temporary
2008-01-25 22:31 . 2008-01-25 22:31 38,400 --a------ C:\WINDOWS\system32\ddcbyvv.dll
2008-01-25 22:29 . 2008-01-27 21:37 <DIR> d-------- C:\Program Files\A?pPatch
2008-01-25 22:28 . 2008-01-27 20:38 <DIR> d-------- C:\WINDOWS\system32\wnis6
2008-01-25 22:28 . 2008-01-27 20:43 <DIR> d-------- C:\WINDOWS\system32\nip4
2008-01-25 22:28 . 2008-01-25 22:28 <DIR> d-------- C:\WINDOWS\system32\ets1
2008-01-25 22:28 . 2008-01-25 22:28 <DIR> d-------- C:\WINDOWS\system32\deb3
2008-01-25 22:28 . 2008-01-25 22:28 <DIR> d-------- C:\Temp\gTiis19
2008-01-25 22:28 . 2008-01-25 22:28 <DIR> d-------- C:\Temp\1cb
2008-01-25 22:28 . 2008-01-25 22:28 38,400 --a------ C:\WINDOWS\system32\vturpqo.dll
2008-01-25 22:26 . 2008-01-27 18:18 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-25 22:26 . 2008-01-25 22:26 <DIR> d-------- C:\Temp\cXzz9
2008-01-25 22:26 . 2008-01-25 22:28 <DIR> d-------- C:\Temp
2008-01-25 22:26 . 2008-01-25 22:26 38,400 --a------ C:\WINDOWS\system32\urqponl.dll
2008-01-18 20:17 . 2008-01-18 20:17 50 --a------ C:\WINDOWS\brmx2001.ini
2008-01-18 20:17 . 2008-01-18 20:17 40 --a------ C:\WINDOWS\opt_2460.ini
2008-01-18 17:42 . 2008-01-23 16:55 643 --a------ C:\WINDOWS\Brpcfx.ini
2008-01-18 17:42 . 2008-01-18 17:42 52 --a------ C:\WINDOWS\BRPP2KA.INI
2008-01-18 17:42 . 2008-01-23 16:55 50 --a------ C:\WINDOWS\system32\m8220def.dat
2008-01-18 17:42 . 2008-01-18 17:42 0 --a------ C:\WINDOWS\brwmark.ini
2008-01-18 17:41 . 2008-01-18 17:41 <DIR> d-------- C:\Program Files\Brother
2008-01-13 13:45 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-01-13 13:45 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-13 12:35 . 2008-01-13 12:35 <DIR> d-------- C:\Program Files\Common Files\Vbox
2008-01-12 19:35 . 2008-01-12 19:35 <DIR> d---s---- C:\Documents and Settings\Open\UserData
2008-01-12 08:40 . 2008-01-13 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-12 08:13 . 2008-01-13 13:30 <DIR> d-------- C:\Program Files\Macromedia
2008-01-12 08:13 . 2008-01-12 08:13 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared
2008-01-12 07:54 . 2008-01-12 07:54 <DIR> d-------- C:\Program Files\Bonjour
2008-01-11 23:03 . 2008-01-11 23:03 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-11 22:51 . 2008-01-13 12:00 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-01-11 20:04 . 2008-01-12 11:31 <DIR> d-------- C:\Program Files\Google
2008-01-11 17:05 . 2007-06-30 19:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-11 17:05 . 2007-06-30 19:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-11 16:58 . 2008-01-11 16:59 <DIR> d-------- C:\WINDOWS\system32\zh-cn
2008-01-11 16:58 . 2008-01-11 16:58 <DIR> d-------- C:\WINDOWS\system32\bg-bg
2008-01-11 16:58 . 2008-01-11 16:58 <DIR> d-------- C:\WINDOWS\system32\ar-sa
2008-01-11 15:46 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-11 15:46 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-11 15:46 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-11 15:46 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-11 15:26 . 2008-01-11 18:54 <DIR> d-------- C:\Documents and Settings\Open\Application Data\RegistrySmart
2008-01-11 14:40 . 2008-01-11 18:54 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-01-10 21:20 . 2008-01-11 18:54 <DIR> d-------- C:\Program Files\DAZ
2008-01-10 21:11 . 2008-01-10 21:11 <DIR> d-------- C:\Program Files\Common Files\DAZ
2008-01-10 20:41 . 2008-01-10 20:41 <DIR> d-------- C:\Documents and Settings\Open\save2
2008-01-10 12:41 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-10 12:41 . 2008-01-10 12:41 376 --a------ C:\WINDOWS\ODBC.INI
2008-01-10 12:40 . 2008-01-10 12:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-10 12:38 . 2008-01-10 12:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-10 12:38 . 2008-01-10 12:38 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-10 03:03 . 2004-03-11 16:53 171,648 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-01-10 03:03 . 2004-03-11 16:14 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-01-10 03:03 . 2004-03-11 17:12 82,688 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-01-10 03:03 . 2004-03-11 17:11 60,672 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-01-10 03:03 . 2001-08-17 06:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-01-10 03:03 . 2004-03-11 16:52 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-01-10 03:03 . 2004-03-11 16:44 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-01-10 03:03 . 2004-03-11 16:53 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-01-10 03:03 . 2004-03-11 16:44 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-01-10 03:03 . 2004-03-11 16:53 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-01-10 03:02 . 2004-03-11 18:18 4,256,640 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-01-10 03:02 . 2004-03-11 16:14 1,893,728 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-01-10 03:02 . 2001-08-17 04:12 117,760 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2008-01-10 03:02 . 2004-03-11 16:46 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-01-10 03:02 . 2004-03-11 16:44 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-01-10 03:02 . 2001-08-17 05:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-01-10 03:01 . 2004-03-11 17:14 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-01-10 03:01 . 2004-03-11 18:19 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-01-10 03:01 . 2001-08-17 04:20 96,256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 01:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 01:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-15 17:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 13:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-13 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-10 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-01-10 19:32 --------- d-----w C:\Program Files\GlobalSCAPE
2008-01-10 19:32 --------- d-----w C:\Documents and Settings\Open\Application Data\GlobalSCAPE
2008-01-10 19:24 --------- d--h--w C:\Program Files\Uninstall Information
2008-01-10 19:24 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2008-01-10 19:16 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-10 19:14 --------- d-----w C:\Program Files\Windows Journal Viewer
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-27 18:30 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}]
2008-01-25 22:26 38400 --a------ C:\WINDOWS\system32\urqponl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA4E4480-4066-43E8-B993-B81AE6E9FBA2}]
2008-01-25 22:33 321024 --a------ C:\WINDOWS\system32\pmnnn.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-24 22:02 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SetDefPrt"="C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-10 12:56 45056]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 21:07 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-08-24 20:53 714608]
"c4fef7b7"="C:\WINDOWS\system32\optlgcxk.dll" [2008-01-28 05:51 88640]
"combofix"="C:\ComboFix\kmd.exe" [2004-03-11 17:18 387584]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}"= C:\WINDOWS\system32\urqponl.dll [2008-01-25 22:26 38400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqponl]
urqponl.dll 2008-01-25 22:26 38400 C:\WINDOWS\system32\urqponl.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmnnn.dll
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-24 21:07]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 16:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 16:27]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 04:05:51 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Open.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2008-01-29 11:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-30 14:32:34
Windows 5.1.2600 Service Pack 2, v.2096 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2096]
-> C:\WINDOWS\system32\pmnnn.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2096]
-> C:\WINDOWS\system32\pmnnn.dll
-> C:\WINDOWS\system32\urqponl.dll
-> C:\WINDOWS\system32\optlgcxk.dll
-> C:\WINDOWS\system32\etpdfkdq.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2008-01-30 14:37:34 - machine was rebooted [Open]
ComboFix-quarantined-files.txt 2008-01-30 22:37:24
[/b]