Thank you for the quick response. I did remove viewpoint media player and made sure that no other antvirus and antimalware were running before downloading the comboFix. Attached is the file.
ComboFix 08-12-01.03 - Craig Chapline 2008-12-02 18:56:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.164 [GMT -8:00]
Running from: c:\documents and settings\Craig Chapline\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Craig Chapline\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Craig Chapline\Application Data\inst.exe
c:\windows\jestertb.dll
c:\windows\setup.exe
c:\windows\system32\winrvc32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-01 19:03 . 2008-12-01 19:04 250 --a------ c:\windows\gmer.ini
2008-11-30 22:45 . 2008-12-01 18:52 <DIR> d-------- c:\program files\Norton Internet Security
2008-11-30 22:44 . 2008-11-30 23:12 123,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-30 22:44 . 2008-11-30 23:12 60,800 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-30 22:43 . 2008-11-30 23:12 <DIR> d-------- c:\program files\Symantec
2008-11-30 18:26 . 2008-11-30 18:30 4,946 --a------ c:\windows\system32\tmp.reg
2008-11-30 18:20 . 2008-11-30 22:02 <DIR> d-------- C:\!KillBox
2008-11-30 18:09 . 2008-11-30 18:09 <DIR> d-------- c:\program files\Trend Micro
2008-11-29 23:12 . 2008-11-29 23:20 <DIR> d-------- C:\Autoruns
2008-11-29 17:11 . 2004-11-16 19:08 <DIR> d-------- c:\documents and settings\Administrator.SONY\Application Data\Symantec
2008-11-29 17:11 . 2004-11-16 19:04 <DIR> d-------- c:\documents and settings\Administrator.SONY\Application Data\Intuit
2008-11-29 17:11 . 2008-11-29 17:11 <DIR> d-------- c:\documents and settings\Administrator.SONY
2008-11-28 23:32 . 2008-11-28 23:32 <DIR> d-------- c:\documents and settings\Craig Chapline\Application Data\AdwareAlert
2008-11-28 22:49 . 2008-11-30 20:33 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-28 22:38 . 2008-11-28 22:38 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2008-11-28 12:40 . 2008-11-30 15:51 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-11 18:21 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 18:20 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 13:05 . 2008-11-10 13:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\SonicStage
2008-11-10 12:55 . 2008-11-10 12:55 <DIR> d-------- c:\program files\Pricedex Software Inc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 02:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-03 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-01 07:12 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-12-01 07:12 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-29 05:01 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-29 04:59 --------- d-----w c:\documents and settings\Craig Chapline\Application Data\RipIt4Me
2008-11-28 19:42 --------- d-----w c:\documents and settings\Craig Chapline\Application Data\Vso
2008-11-28 19:41 47,360 ----a-w c:\documents and settings\Craig Chapline\Application Data\pcouffin.sys
2008-11-26 06:37 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-11-10 21:06 --------- d-----w c:\documents and settings\Craig Chapline\Application Data\Sony Corporation
2008-11-07 01:45 --------- d-----w c:\program files\Common Files\Adobe
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 03:18 --------- d-----w c:\program files\Common Files\AVSMedia
2008-10-20 03:18 --------- d-----w c:\program files\AVS4YOU
2008-10-20 02:44 --------- d-----w c:\documents and settings\Craig Chapline\Application Data\AVS4YOU
2008-10-20 02:44 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-10-20 01:44 --------- d-----w c:\program files\WinAVI Video Converter
2008-10-19 18:36 --------- d-----w c:\program files\Xvid
2008-10-03 22:14 39,984 ----a-w c:\windows\system32\drivers\symids.sys
2008-10-03 22:14 37,936 ----a-w c:\windows\system32\drivers\symndisv.sys
2008-10-03 22:14 35,120 ----a-w c:\windows\system32\drivers\symndis.sys
2008-10-03 22:14 27,696 ----a-w c:\windows\system32\drivers\symredrv.sys
2008-10-03 22:14 187,952 ----a-w c:\windows\system32\drivers\symtdi.sys
2008-10-03 22:14 146,096 ----a-w c:\windows\system32\drivers\symfw.sys
2008-10-03 22:14 12,848 ----a-w c:\windows\system32\drivers\symdns.sys
2008-10-03 22:14 10,804 ----a-w c:\windows\system32\drivers\SymRedir.cat
2008-10-03 22:14 1,358 ----a-w c:\windows\system32\drivers\SymRedir.inf
2006-07-24 23:04 26,780 ----a-w c:\documents and settings\Craig Chapline\Application Data\ViewerApp.dat
2003-08-27 21:19 36,963 ----a-r c:\program files\Common Files\SM1updtr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1175477631\ee\AOLSoftware.exe" [2006-09-25 50736]
"VMConsole.exe"="c:\program files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe" [2004-06-23 557056]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-02-26 26112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"eFax 4.2"="c:\program files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 107008]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-09 344064]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 84640]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-09-05 26248]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 c:\windows\SOUNDMAN.EXE]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 c:\windows\ALCWZRD.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-02-26 156784]
eFax 4.2.lnk - c:\program files\eFax Messenger 4.2\J2GTray.exe [2006-10-18 612352]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1175477631\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 Cinemsup;Cinemsup;c:\windows\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-30 99376]
S1 f391e39d;f391e39d;c:\windows\system32\drivers\f391e39d.sys []
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2008-12-02 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 10:05]
2008-12-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Craig Chapline.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-09-06 22:38]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-02 19:15:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\wanmpsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-12-02 19:22:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 03:21:49
Pre-Run: 124,604,878,848 bytes free
Post-Run: 125,539,393,536 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
206 --- E O F --- 2008-11-12 05:25:42