Here is the log it took awhile to run
ComboFix 10-01-13.06 - Craig Morris 01/13/2010 14:08:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.747 [GMT -6:00]
Running from: c:\documents and settings\Craig Morris\Desktop\Combo-Fix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\smp.bat
c:\windows\system32\drivers\H8SRTtcuqxeovpp.sys
c:\windows\system32\H8SRTfnnbtmowxw.dll
c:\windows\system32\H8SRTgkqpypshfo.dat
c:\windows\system32\H8SRTswsqjwsstw.dll
c:\windows\system32\H8SRTvvebmvdbqu.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\memowuga.dll
c:\windows\system32\sefoseyo.dll
c:\windows\system32\suluyeba.dll
c:\windows\system32\zayezeru.dll
c:\windows\Tasks\ghcquclg.job
----- BITS: Possible infected sites -----
hxxp://liveupdate.symantec.com.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys
((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.
2010-01-13 17:28 . 2010-01-13 17:28 -------- d-----w- c:\program files\TrendMicro
2010-01-13 14:33 . 2010-01-13 14:42 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-13 14:27 . 2010-01-13 14:29 -------- d-----w- c:\program files\TweakNow RegCleaner
2010-01-13 14:27 . 2010-01-13 14:27 -------- d-----w- c:\documents and settings\Craig Morris\Application Data\TweakNow RegCleaner
2010-01-13 14:26 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 18:49 . 2010-01-08 18:49 -------- d-----w- C:\f5013cb86796cc2dc5bff1656b2d
2010-01-08 18:44 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 18:44 . 2010-01-13 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 18:44 . 2010-01-08 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-08 18:44 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 17:16 . 2010-01-07 17:16 -------- d-sh--w- c:\documents and settings\Craig Morris\IECompatCache
2009-12-24 15:46 . 2009-12-24 15:46 -------- d-----w- C:\found.000
2009-12-21 21:07 . 2009-12-21 21:07 -------- d-----w- c:\documents and settings\Craig Morris\Local Settings\Application Data\Temp
2009-12-16 00:35 . 2009-12-16 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 20:07 . 2008-05-08 15:29 -------- d-----w- c:\program files\Google
2010-01-13 20:07 . 2008-05-08 15:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-13 19:58 . 2008-05-08 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-13 17:38 . 2010-01-13 17:38 388096 ----a-r- c:\documents and settings\Craig Morris\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-13 14:37 . 2008-05-08 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-13 14:33 . 2009-12-03 20:53 -------- d-----w- c:\program files\DivX
2010-01-07 15:21 . 2009-12-03 15:14 79488 ----a-w- c:\documents and settings\Craig Morris\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-31 20:09 . 2008-06-11 22:55 -------- d-----w- c:\documents and settings\Craig Morris\Application Data\LimeWire
2009-12-11 02:29 . 2009-12-16 00:35 1782128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2009-12-01 21:46 . 2008-05-21 17:39 -------- d-----w- c:\program files\Arkona Web Client
2009-11-21 15:51 . 2004-08-11 22:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 21:01 . 2009-09-05 17:51 127325 ----a-w- c:\documents and settings\Craig Morris\Application Data\Move Networks\uninstall.exe
2009-11-13 21:01 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Craig Morris\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-11-13 21:01 . 2009-11-13 21:00 1408376 ----a-w- c:\documents and settings\Craig Morris\Application Data\Move Networks\MoveMediaPlayerWinSilent_071505000011.exe
2009-10-29 07:45 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-11 22:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-11 22:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 04:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 03:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2008-10-15 07:03 45936 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Synchronizer]
2007-05-11 05:29 738968 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Client Access Service]
2006-12-04 10:40 20531 ----a-w- c:\program files\IBM\Client Access\cwbsvstr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-26 20:16 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2006-12-02 14:02 937984 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-07-17 18:23 162328 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-07-27 00:03 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-07-17 18:23 141848 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 19:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-07-17 18:23 137752 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-09-25 00:12 1036288 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-04 17:33 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdate1ca745ac1427b5e"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"IAANTMON"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"FileZilla Server"=2 (0x2)
"Cwbrxd"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ASFIPmon"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\FileZilla Server\\FileZilla Server Interface.exe"=
"c:\\Program Files\\Arkona Web Client\\Nlsvr.exe"=
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [6/20/2007 1:30 PM 79168]
.
Contents of the 'Scheduled Tasks' folder
2009-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8Trusted Zone: adpalliance.com
Trusted Zone: arkona.com\dms
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-pukonotef - c:\windows\system32\lujivoni.dll
MSConfigStartUp-settdebugx - c:\docume~1\CRAIGM~1\LOCALS~1\Temp\settdebugx.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-system tool - c:\windows\sysguard.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-13 14:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3561598376-675117924-2178707222-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(588)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-13 14:20:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-13 20:20
Pre-Run: 64,649,310,208 bytes free
Post-Run: 64,747,347,968 bytes free
- - End Of File - - 1C4D09AF65848D0026E37181474DE752