upon reading some posts I followed the combofix which produced this output:
ComboFix 08-08-24.03 - Steve 2008-08-26 7:55:35.1 - NTFSx86
Running from: C:\Documents and Settings\Steve\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Steve\Application Data\macromedia\Flash Player\#SharedObjects\GTW9B3SH\interclick.com
C:\Documents and Settings\Steve\Application Data\macromedia\Flash Player\#SharedObjects\GTW9B3SH\interclick.com\ud.sol
C:\Documents and Settings\Steve\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Steve\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Documents and Settings\Steve\Application Data\rhclddj0el9l
C:\Documents and Settings\Steve\Cookies\steve@fastclick[2].txt
C:\Program Files\rhclddj0el9l
C:\WINDOWS\system32\blphcgddj0el9l.scr
C:\WINDOWS\system32\lphcgddj0el9l.exe
C:\WINDOWS\system32\phcgddj0el9l.bmp
C:\WINDOWS\system32\pphcgddj0el9l.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.
2008-08-25 07:27 . 2008-08-25 07:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-08-25 07:27 . 2008-08-25 07:27 <DIR> d-------- C:\Program Files\AVG
2008-08-25 07:27 . 2008-08-25 07:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-25 07:27 . 2008-08-25 07:27 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-08-25 07:27 . 2008-08-25 07:27 75,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-08-25 07:27 . 2008-08-25 07:27 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-08-25 06:50 . 2008-08-25 06:50 3,570 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2008-08-25 06:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2008-08-25 06:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2008-08-25 06:49 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe
2008-08-25 06:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe
2008-08-25 06:49 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.C.exe
2008-08-25 06:49 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\SYSTEM32\404Fix.exe
2008-08-25 06:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2008-08-25 06:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2008-08-25 06:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2008-08-24 23:23 . 2008-08-24 23:23 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-24 22:31 . 2005-03-11 20:42 59,392 --a------ C:\WINDOWS\isxdl.dll
2008-08-22 17:48 . 2008-08-22 17:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 22:38 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-08-12 07:39 . 2008-08-12 07:39 <DIR> d-------- C:\Documents and Settings\Stephanie\Application Data\Yahoo! Messenger
2008-08-05 19:54 . 2008-08-05 19:54 <DIR> d-------- C:\Program Files\IrfanView
2008-07-26 08:51 . 2008-07-26 08:51 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-26 08:25 . 2008-07-26 08:26 <DIR> d-------- C:\WINDOWS\MVUNINST
2008-07-26 08:25 . 2008-07-26 08:26 <DIR> d-------- C:\STOMP35
2008-07-26 08:25 . 2008-07-26 08:25 <DIR> d-------- C:\Program Files\MVAPPS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 12:17 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp
2008-08-26 12:12 4,388,352 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2008-08-25 13:09 4,389,888 ----a-w C:\WINDOWS\Internet Logs\xDB90.tmp
2008-08-25 13:09 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp
2008-08-25 11:21 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB8F.tmp
2008-08-25 11:19 4,364,288 ----a-w C:\WINDOWS\Internet Logs\xDB8E.tmp
2008-08-25 10:55 20,480 ----a-w C:\WINDOWS\Internet Logs\xDB8C.tmp
2008-08-25 10:54 4,363,264 ----a-w C:\WINDOWS\Internet Logs\xDB8B.tmp
2008-08-25 10:44 --------- d-----w C:\Program Files\Norton SystemWorks
2008-08-25 10:20 18,944 ----a-w C:\WINDOWS\Internet Logs\xDB8A.tmp
2008-08-25 10:19 4,364,288 ----a-w C:\WINDOWS\Internet Logs\xDB89.tmp
2008-08-25 09:55 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB88.tmp
2008-08-25 09:50 4,367,872 ----a-w C:\WINDOWS\Internet Logs\xDB87.tmp
2008-08-25 04:05 41,984 ----a-w C:\WINDOWS\Internet Logs\xDB8D.tmp
2008-08-25 04:05 4,368,896 ----a-w C:\WINDOWS\Internet Logs\xDB86.tmp
2008-08-24 12:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-23 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-22 21:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-22 21:01 100,352 ----a-w C:\WINDOWS\Internet Logs\xDB83.tmp
2008-08-22 20:22 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB85.tmp
2008-08-22 20:12 4,360,192 ----a-w C:\WINDOWS\Internet Logs\xDB84.tmp
2008-08-22 15:44 4,363,264 ----a-w C:\WINDOWS\Internet Logs\xDB82.tmp
2008-08-22 03:48 --------- d-----w C:\Documents and Settings\Stephanie\Application Data\AdobeUM
2008-08-16 21:04 --------- d-----w C:\Documents and Settings\Steve\Application Data\Canon
2008-08-13 20:15 --------- d-----w C:\Documents and Settings\Steve\Application Data\AdobeUM
2008-08-12 03:03 4,336,640 ----a-w C:\WINDOWS\Internet Logs\xDB80.tmp
2008-08-12 03:03 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB81.tmp
2008-08-11 22:19 37,376 ----a-w C:\WINDOWS\Internet Logs\xDB7F.tmp
2008-08-11 22:17 4,344,832 ----a-w C:\WINDOWS\Internet Logs\xDB7E.tmp
2008-08-11 21:41 --------- d-----w C:\Documents and Settings\Stephanie\Application Data\Symantec
2008-08-08 06:29 4,340,224 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2008-08-08 06:29 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB7D.tmp
2008-08-06 11:27 123,392 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2008-08-06 11:24 4,358,656 ----a-w C:\WINDOWS\Internet Logs\xDB7A.tmp
2008-07-17 16:38 4,345,856 ----a-w C:\WINDOWS\Internet Logs\xDB78.tmp
2008-07-17 16:38 110,592 ----a-w C:\WINDOWS\Internet Logs\xDB79.tmp
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-07-05 06:51 4,322,304 ----a-w C:\WINDOWS\Internet Logs\xDB76.tmp
2008-07-05 06:51 31,232 ----a-w C:\WINDOWS\Internet Logs\xDB77.tmp
2008-07-04 21:22 4,318,208 ----a-w C:\WINDOWS\Internet Logs\xDB74.tmp
2008-07-04 21:22 154,112 ----a-w C:\WINDOWS\Internet Logs\xDB75.tmp
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-24 15:57 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-18 06:45 4,325,888 ----a-w C:\WINDOWS\Internet Logs\xDB73.tmp
2008-06-13 13:10 272,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-08 20:05 4,315,136 ----a-w C:\WINDOWS\Internet Logs\xDB71.tmp
2008-06-08 07:02 130,560 ----a-w C:\WINDOWS\Internet Logs\xDB72.tmp
2004-05-16 18:07 32 --sha-w C:\WINDOWS\{308F7D85-F297-4303-8DA1-6576660FD761}.dat
2004-05-16 18:05 32 --sha-w C:\WINDOWS\{55632152-313C-441C-82E7-4DE733156136}.dat
2004-05-16 18:06 32 --sha-w C:\WINDOWS\{99493DF4-9D43-4145-ABED-FE15063F6D9A}.dat
2004-05-16 18:08 32 --sha-w C:\WINDOWS\{9D72141C-C303-4B5E-9F0D-8050019A0FBA}.dat
2004-05-16 18:05 32 --sha-w C:\WINDOWS\{DE342CAA-4BE0-4E10-80FC-D63C7747199D}.dat
2004-05-16 18:05 32 --sha-w C:\WINDOWS\{FB3659FB-2205-4EDC-A52F-B89AE40AA04B}.dat
2004-05-16 18:06 32 --sha-w C:\WINDOWS\SYSTEM32\{10B59B15-2F42-49F0-8BB2-490515B657C6}.dat
2004-05-16 18:07 32 --sha-w C:\WINDOWS\SYSTEM32\{17142EDD-9851-4231-AC6A-586585D4A86B}.dat
2004-05-16 18:05 32 --sha-w C:\WINDOWS\SYSTEM32\{1990D04C-E24C-4E48-BCB6-611AF0A05C39}.dat
2004-05-16 18:05 32 --sha-w C:\WINDOWS\SYSTEM32\{733EA872-C2B4-4C56-AE69-D04621ABCA46}.dat
2004-05-16 18:05 32 --sha-w C:\WINDOWS\SYSTEM32\{B6BB9A60-59A5-4E7F-A0A0-23337408740B}.dat
2004-05-16 18:08 32 --sha-w C:\WINDOWS\SYSTEM32\{F1061651-F796-4527-ABF0-636DEBD25CA9}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2003-10-29 15:41 663552]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [2004-11-11 20:50 212992]
"C:_Program Files_WordPerfe3a"="C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe" [2003-03-07 04:58 57344]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-11-03 13:46 4800512]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 01:04 114741]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 10:27 28672]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 11:47 71328]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 18:35 70800]
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 14:21 94208]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 14:30 98304]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-22 14:36 100056]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 01:01 135264]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-25 07:27 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-05-11 02:32:25 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-25 07:27]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [2002-08-14 14:11]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-25 07:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 07:27]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-25 07:27]
R3 StkMini;VideoAdvantage USB;C:\WINDOWS\system32\Drivers\StkMini.sys [2004-08-31 23:23]
R3 StkScan;VideoAdvantage Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2004-08-31 23:25]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
.
Contents of the 'Scheduled Tasks' folder
2008-08-15 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe []
2007-10-17 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Steve.job
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.EXE [2003-12-04 17:22]
2008-08-19 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 17:22]
2008-08-22 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2002-09-29 20:57]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lphcgddj0el9l - C:\WINDOWS\system32\lphcgddj0el9l.exe
HKLM-Run-SMrhclddj0el9l - C:\Program Files\rhclddj0el9l\rhclddj0el9l.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\p1jkgp60.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://yahoo.sbc.com/dsl
.
.
------- File Associations (Beta) -------
.
inffile=C:\I386\NOTEPAD.EXE %1
inifile=C:\I386\NOTEPAD.EXE %1
txtfile=C:\I386\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 08:09:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\SYSTEM32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\SYSTEM32\UStorSrv.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-26 9:18:33 - machine was rebooted [Steve]
ComboFix-quarantined-files.txt 2008-08-26 14:18:27
Pre-Run: 10,358,059,008 bytes free
Post-Run: 10,336,718,848 bytes free
256 --- E O F --- 2008-08-15 22:53:38
Then I ran a Hijackthis which produce this output:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:24:20, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\NORTON~2\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [C:_Program Files_WordPerfe3a] C:\Program Files\WordPerfect Office 11\Programs\CorUpd.exe /Watch
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 12225 bytes
Now what do I do ? Thanks......