Thank you for the detailed instructions. I did what you said and initially it popped up a box that said "Combo Fix has detected the presence of rootkit activity and needs to reboot the machine." So I rebooted and it continued the scan (just thought I'd let you know)
Here is the log file:
ComboFix 09-05-05.04 - Compaq_Owner 05/06/2009 12:28.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.624 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-5-3-29-100009889-100003916-100009027-5937.com
c:\windows\IE4 Error Log.txt
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\gxvxceydcappqnquktvsaekyjpmavuntlalqk.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxclmxcvjwcxoghlhhcapouhyronpynruny.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\QWaJmUtv.ini
c:\windows\system32\QWaJmUtv.ini2
c:\windows\system32\wcldexdk.ini
D:\Autorun.inf
d:\recycler\S-5-3-29-100009889-100003916-100009027-5937.com
----- BITS: Possible infected sites -----
hxxp://i0006.photobucket.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gxvxcserv.sys
((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.
2009-04-14 19:06 . 2006-10-26 23:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-14 19:00 . 2009-04-14 19:00 -------- d-----w c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Microsoft Help
2009-04-14 18:59 . 2009-04-14 19:22 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-14 18:41 . 2009-04-14 18:41 -------- d-----w c:\program files\Microsoft SQL Server
2009-04-14 18:04 . 2009-04-14 18:57 -------- d-----w c:\documents and settings\Compaq_Owner\Application Data\GetRightToGo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 16:27 . 2008-12-27 18:57 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-06 09:49 . 2008-12-27 22:00 -------- d-----w c:\program files\Spyware Doctor
2009-05-04 19:29 . 2005-09-01 07:12 1338 ----a-w c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2009-04-23 17:45 . 2006-10-21 15:26 -------- d-----w c:\program files\DYMO Label
2009-04-15 16:36 . 2005-09-01 06:05 54480 ----a-w c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 16:34 . 2008-12-27 19:01 -------- d-----w c:\program files\Norton 360
2009-04-14 19:05 . 2005-05-25 21:14 -------- d-----w c:\program files\Microsoft Works
2009-04-03 19:55 . 2007-05-18 16:05 -------- d-----w c:\program files\DYMO Stamps
2009-02-19 17:03 . 2009-02-19 17:03 579464 ----a-w c:\windows\system32\SymNeti.dll
2009-02-19 17:03 . 2009-02-19 17:03 207240 ----a-w c:\windows\system32\SymRedir.dll
2009-02-19 16:31 . 2008-06-13 19:14 31280 ----a-w c:\windows\system32\drivers\SymIM.sys
2009-02-19 16:31 . 2009-02-19 16:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys
2009-02-19 16:31 . 2009-02-19 16:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys
2009-02-19 16:31 . 2009-02-19 16:31 38576 ----a-w c:\windows\system32\drivers\symids.sys
2009-02-19 16:31 . 2009-02-19 16:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys
2009-02-19 16:31 . 2009-02-19 16:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys
2009-02-19 16:31 . 2009-02-19 16:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys
2009-02-19 16:31 . 2009-02-19 16:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys
2008-12-25 05:35 . 2008-12-25 05:34 9216 --sha-w c:\program files\Thumbs.db
2008-12-12 20:28 . 2008-12-12 20:28 2766 ----a-w c:\program files\removebdsp.log
2008-12-12 20:08 . 2008-12-12 20:08 121216 ----a-w c:\program files\uninstal.log
2006-05-23 14:14 . 2006-05-23 14:15 774144 ----a-w c:\program files\RngInterstitial.dll
2005-10-11 00:28 . 2005-10-11 22:31 3057436 ----a-w c:\program files\create.exe
2005-10-05 23:53 . 2005-10-07 17:08 28 ----a-w c:\program files\BodySpectrum.ini
2005-08-29 17:51 . 2005-10-07 17:08 28233743 ----a-w c:\program files\BodySpectrum.dxr
2005-03-16 21:13 . 2005-10-07 17:08 3282656 ----a-w c:\program files\help.dxr
2005-03-01 20:11 . 2005-10-07 17:08 250672 ----a-w c:\program files\credits_05.jpg
2005-03-01 19:40 . 2005-10-07 17:08 17782936 ----a-w c:\program files\credits_05.mov
2003-09-17 14:16 . 2005-10-07 17:08 4027873 ----a-r c:\program files\BodySpectrum.exe
2003-09-09 14:21 . 2005-10-07 17:08 3779582 ----a-w c:\program files\9-9int800.mov
2009-04-01 02:47 . 2009-04-17 19:05 324976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-12-27 21:59 . 2008-12-27 21:59 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-24 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-27 30192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-31 282624]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-02 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-10-2 815104]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"GameConsoleService"=3 (0x3)
"Brother XP spl Service"=2 (0x2)
"brmfrmps"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [11/25/2008 1:48 PM 991232]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/1/2009 2:08 PM 101936]
S2 gupdate1c9686fc024f0a;Google Update Service (gupdate1c9686fc024f0a);c:\program files\Google\Update\GoogleUpdate.exe [12/27/2008 6:03 PM 133104]
S2 ppdriver;Plug and Play Support Driver;\??\c:\windows\system32\Policies\ppdriver.sys --> c:\windows\system32\Policies\ppdriver.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [9/30/2007 3:29 PM 18864]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/29/2008 12:27 PM 18560]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/27/2008 5:58 PM 30192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/27/2008 6:00 PM 356920]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-24 11:32]
2009-05-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-27 16:33]
2009-05-01 c:\windows\Tasks\Norton Security Scan for Compaq_Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]
.
- - - - ORPHANS REMOVED - - - -
Notify-khfDwwwU - khfDwwwU.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.christianpost.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: ncocc.org
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://166.82.128.235/controls/LTOCX14N.cab
DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx
DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} - hxxp://166.82.128.235/controls/prntpro2.CAB
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.gamehouse.com/games/GoBitGamesPlayer.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://162.39.119.110:4000/activex/AMC.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-06 12:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-05-06 12:33
ComboFix-quarantined-files.txt 2009-05-06 16:33
Pre-Run: 130,065,784,832 bytes free
Post-Run: 130,523,226,112 bytes free
179 --- E O F --- 2008-12-18 08:01