Here is the ComboFix scan.
ComboFix 08-06-12.2 - Jim 2008-06-14 22:07:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.156 [GMT -5:00]
Running from: C:\Documents and Settings\Jim\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jim\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_sysrest.sys
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-11 11:36 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 11:36 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 14:05 . 2008-06-10 14:05 <DIR> d-------- C:\Deckard
2008-06-10 13:48 . 2008-06-10 13:49 <DIR> d-------- C:\Program Files\Panda Security
2008-06-09 22:40 . 2008-06-09 08:31 52,736 --a------ C:\WINDOWS\system32\95.tmp
2008-06-09 08:31 . 2008-06-09 08:20 52,736 --a------ C:\WINDOWS\system32\91.tmp
2008-06-09 08:20 . 2008-06-09 08:10 52,736 --a------ C:\WINDOWS\system32\8D.tmp
2008-06-08 23:29 . 2008-06-08 23:18 52,736 --a------ C:\WINDOWS\system32\7A.tmp
2008-06-08 23:18 . 2008-06-08 23:08 52,736 --a------ C:\WINDOWS\system32\75.tmp
2008-06-08 22:57 . 2008-06-08 22:46 52,736 --a------ C:\WINDOWS\system32\6E.tmp
2008-06-08 22:46 . 2008-06-08 22:36 52,736 --a------ C:\WINDOWS\system32\6A.tmp
2008-06-08 22:36 . 2008-06-08 22:26 52,736 --a------ C:\WINDOWS\system32\66.tmp
2008-06-08 22:26 . 2008-06-08 22:16 52,736 --a------ C:\WINDOWS\system32\62.tmp
2008-06-08 21:45 . 2008-06-08 21:35 52,736 --a------ C:\WINDOWS\system32\4F.tmp
2008-06-08 20:55 . 2008-06-08 20:45 52,736 --a------ C:\WINDOWS\system32\1790.tmp
2008-06-08 20:45 . 2008-06-08 20:34 52,736 --a------ C:\WINDOWS\system32\178D.tmp
2008-06-08 20:36 . 2008-06-08 20:36 <DIR> d-------- C:\Documents and Settings\Jim\Application Data\shc99tj0e7u1
2008-06-08 20:34 . 2008-06-09 22:40 52,736 --a------ C:\WINDOWS\system32\blphce9tj0e7u1.scr
2008-06-08 20:33 . 2008-06-08 21:12 90,838 --a------ C:\WINDOWS\system32\phce9tj0e7u1.bmp
2008-05-22 17:22 . 2008-05-22 17:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 17:22 . 2008-05-22 17:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-22 17:22 . 2008-05-22 17:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-22 17:20 . 2007-11-29 17:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-22 17:20 . 2007-11-29 17:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-22 17:19 . 2008-05-22 17:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-22 17:19 . 2008-05-22 17:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-22 17:19 . 2008-05-22 17:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 17:19 . 2008-05-22 17:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-22 17:19 . 2008-05-22 17:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-22 17:19 . 2008-05-22 17:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-22 17:18 . 2008-05-22 17:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 00:14 25,640 ----a-w C:\Documents and Settings\Jim\Application Data\wklnhst.dat
2008-06-14 15:36 --------- d-----w C:\Documents and Settings\Jim\Application Data\AVG7
2008-06-10 18:44 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-06-06 18:23 --------- d-----w C:\Program Files\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-13 04:54 --------- d-----w C:\Documents and Settings\Jim\Application Data\AdobeUM
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-03 22:46 --------- d--h--w C:\Documents and Settings\Jim\Application Data\Move Networks
2008-04-26 15:45 --------- d-----w C:\Program Files\QuickTime
2008-04-25 17:58 --------- d-----w C:\Program Files\iTunes
2008-04-25 17:58 --------- d-----w C:\Program Files\iPod
2008-04-25 17:47 --------- d-----w C:\Program Files\Apple Software Update
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2006-08-09 18:57 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 21:49 454656]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 07:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 07:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 07:17 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 06:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 00:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 23:54 102400]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 15:38 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 10:03 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23 1187840]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 08:40 34904]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 09:42 579584]
"!AVG Anti-Spyware"="C:\Documents and Settings\Jim\My Documents\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40 1197648]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 12:16 185896]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"lphce9tj0e7u1"="C:\WINDOWS\system32\lphce9tj0e7u1.exe" [ ]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 08:01 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2006-12-20 18:58:18 1589330]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 12:39:30 73728]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\WINDOWS\\system32\\wupdmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-10 22:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-14 22:16:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???8Y??????(?@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Jim\My Documents\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-14 22:23:44 - machine was rebooted [Jim]
ComboFix-quarantined-files.txt 2008-06-15 03:23:39
Pre-Run: 9,957,519,360 bytes free
Post-Run: 10,568,708,096 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
190 --- E O F --- 2008-06-12 21:40:50