Heres the log:
ComboFix 09-06-03.02 - HP_Owner 06/03/2009 22:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.154 [GMT -3:00]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\LimeWire
c:\program files\LimeWire\#1.m3u
c:\program files\LimeWire\blah.m3u
c:\program files\LimeWire\cory.m3u
c:\program files\LimeWire\donotremove.htm
c:\program files\LimeWire\GenericWindowsUtils.dll
c:\program files\LimeWire\hashes
c:\program files\LimeWire\hs_err_pid1732.log
c:\program files\LimeWire\hs_err_pid1788.log
c:\program files\LimeWire\hs_err_pid2464.log
c:\program files\LimeWire\i18n.jar
c:\program files\LimeWire\jl011.jar
c:\program files\LimeWire\LimeWire20.dll
c:\program files\LimeWire\log4j.properties
c:\program files\LimeWire\logicrypto.jar
c:\program files\LimeWire\matt.m3u
c:\program files\LimeWire\MessagesBundle.properties
c:\program files\LimeWire\MessagesBundles.jar
c:\program files\LimeWire\mp3sp14.jar
c:\program files\LimeWire\tasha.m3u
c:\program files\LimeWire\unpackedJars.tmp
c:\program files\LimeWire\update.ver
c:\program files\LimeWire\vorbis.jar
c:\program files\LimeWire\WindowsFirewall.dll
c:\program files\LimeWire\xerces.jar
c:\program files\LimeWire\xml-apis.jar
c:\program files\LimeWire\xml.war
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
c:\program files\WinBlueSoft Software
c:\program files\WinBlueSoft Software\WinBlueSoft\data.bin
c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.
2009-06-03 04:52 . 2009-06-03 04:52 -------- d-----w- c:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2098-01-01 04:00 . 2008-01-05 00:49 9096 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\LUTPReg.dll
2098-01-01 04:00 . 2007-08-25 03:51 9584 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\IV20.dll
2098-01-01 04:00 . 2007-08-22 21:45 9048 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\LuRegManifests\Static\FWLUReg.dll
2009-06-04 01:13 . 2007-06-01 14:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-04 00:08 . 2009-01-21 22:44 -------- d-----w- c:\program files\Lx_cats
2009-06-03 21:26 . 2005-08-30 20:48 -------- d-----w- c:\program files\Java
2009-06-03 20:35 . 2007-06-29 16:40 -------- d-----w- c:\program files\Burger Rush
2009-06-03 03:07 . 2009-02-01 18:52 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\uTorrent
2009-05-26 19:46 . 2005-08-30 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-18 11:28 . 2008-09-30 20:56 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-19 10:19 . 2007-09-07 13:06 -------- d-----w- c:\program files\Ricochet Xtreme
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2006-05-22 22:52 . 2006-05-22 22:53 774144 -c--a-w- c:\program files\RngInterstitial.dll
2008-04-09 21:51 . 2008-02-05 00:14 88 --sh--r- c:\windows\system32\1837B5E298.sys
2008-04-09 21:52 . 2008-02-05 00:14 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-20 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-25 714608]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2007-01-03 83568]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Net Assistant.lnk - c:\program files\Aliant\Net Assistant\bin\matcli.exe [2007-5-4 212992]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0stera
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 2:07 AM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/28/2009 10:24 PM 101936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 5:55 PM 23888]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-06-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.facebook.com/uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduseruSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mSearch Bar =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduseruInternet Connection Wizard,ShellNext =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduseruInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabDPF: {61A54BB0-F380-446F-8727-9AEA23711471} -
hxxp://multiplayer2.playfirst.com/play/game/weddingdash/WeddingDash.1.0.0.55.cabDPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} -
hxxp://www.download.com/html/dl/bug211623/CNetOnlineInstall.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-03 22:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-04 22:46
ComboFix-quarantined-files.txt 2009-06-04 01:46
ComboFix2.txt 2009-06-03 22:36
Pre-Run: 64,395,100,160 bytes free
Post-Run: 64,372,649,984 bytes free
162 --- E O F --- 2009-05-13 06:04