Please Analyze

[xm81bpm]

ComboFix 09-08-07.09 - Mom 08/08/2009 21:32.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.510 [GMT -4:00]
Running from: c:\documents and settings\Mom\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\NPROTECT
c:\recycler\NPROTECT\00000000.DAT
c:\recycler\NPROTECT\00000001.DAT
c:\recycler\NPROTECT\00000002
c:\recycler\NPROTECT\00000003
c:\recycler\NPROTECT\00000004
c:\recycler\NPROTECT\00000005
c:\recycler\NPROTECT\00000006
c:\recycler\NPROTECT\00000007
c:\recycler\NPROTECT\00000009
c:\recycler\NPROTECT\00000011
c:\recycler\NPROTECT\00000012
c:\recycler\NPROTECT\00000013
c:\recycler\NPROTECT\00000014
c:\recycler\NPROTECT\00000017.DAT
c:\recycler\NPROTECT\00000018
c:\recycler\NPROTECT\00000019
c:\recycler\NPROTECT\00000020
c:\recycler\NPROTECT\00000021
c:\recycler\NPROTECT\00000022
c:\recycler\NPROTECT\00000023
c:\recycler\NPROTECT\00000024
c:\recycler\NPROTECT\00000027
c:\recycler\NPROTECT\00000028.DAT
c:\recycler\NPROTECT\00000029
c:\recycler\NPROTECT\00000030
c:\recycler\NPROTECT\00000031
c:\recycler\NPROTECT\00000032
c:\recycler\NPROTECT\00000033
c:\recycler\NPROTECT\00000034
c:\recycler\NPROTECT\00000035
c:\recycler\NPROTECT\00000036
c:\recycler\NPROTECT\00000037
c:\recycler\NPROTECT\00000038
c:\recycler\NPROTECT\00000039
c:\recycler\NPROTECT\00000040
c:\recycler\NPROTECT\00000041
c:\recycler\NPROTECT\00000042
c:\recycler\NPROTECT\00000043
c:\recycler\NPROTECT\00000044
c:\recycler\NPROTECT\00000047
c:\recycler\NPROTECT\00000048
c:\recycler\NPROTECT\00000049
c:\recycler\NPROTECT\00000050
c:\recycler\NPROTECT\00000051
c:\recycler\NPROTECT\00000053
c:\recycler\NPROTECT\00000054
c:\recycler\NPROTECT\00000056
c:\recycler\NPROTECT\00000057
c:\recycler\NPROTECT\00000058
c:\recycler\NPROTECT\00000060
c:\recycler\NPROTECT\00000062
c:\recycler\NPROTECT\00000065
c:\recycler\NPROTECT\00000066
c:\recycler\NPROTECT\00000067
c:\recycler\NPROTECT\00000068
c:\recycler\NPROTECT\00000070
c:\recycler\NPROTECT\00000071
c:\recycler\NPROTECT\00000072
c:\recycler\NPROTECT\00000074
c:\recycler\NPROTECT\00000075
c:\recycler\NPROTECT\00000076
c:\recycler\NPROTECT\00000077
c:\recycler\NPROTECT\00000079
c:\recycler\NPROTECT\00000080
c:\recycler\NPROTECT\00000081
c:\recycler\NPROTECT\00000082
c:\recycler\NPROTECT\00000083
c:\recycler\NPROTECT\00000084
c:\recycler\NPROTECT\00000085
c:\recycler\NPROTECT\00000086
c:\recycler\NPROTECT\00000088
c:\recycler\NPROTECT\00000089
c:\recycler\NPROTECT\00000090
c:\recycler\NPROTECT\00000092
c:\recycler\NPROTECT\00000093
c:\recycler\NPROTECT\00000094
c:\recycler\NPROTECT\00000096
c:\recycler\NPROTECT\00000097
c:\recycler\NPROTECT\00000098
c:\recycler\NPROTECT\00000099
c:\recycler\NPROTECT\00000100
c:\recycler\NPROTECT\00000101
c:\recycler\NPROTECT\00000103
c:\recycler\NPROTECT\00000104
c:\recycler\NPROTECT\00000105
c:\recycler\NPROTECT\00000106
c:\recycler\NPROTECT\00000107
c:\recycler\NPROTECT\00000109
c:\recycler\NPROTECT\00000110
c:\recycler\NPROTECT\00000111
c:\recycler\NPROTECT\00000112
c:\recycler\NPROTECT\00000113
c:\recycler\NPROTECT\00000114
c:\recycler\NPROTECT\00000115
c:\recycler\NPROTECT\00000116
c:\recycler\NPROTECT\00000117
c:\recycler\NPROTECT\00000118
c:\recycler\NPROTECT\00000122
c:\recycler\NPROTECT\00000123.dat
c:\recycler\NPROTECT\00000124.dat
c:\recycler\NPROTECT\00000125.dat
c:\recycler\NPROTECT\00000126.dat
c:\recycler\NPROTECT\00000127
c:\recycler\NPROTECT\00000128
c:\recycler\NPROTECT\00000129
c:\recycler\NPROTECT\00000130
c:\recycler\NPROTECT\00000131
c:\recycler\NPROTECT\00000132
c:\recycler\NPROTECT\00000133
c:\recycler\NPROTECT\00000134
c:\recycler\NPROTECT\00000135
c:\recycler\NPROTECT\00000136
c:\recycler\NPROTECT\00000137
c:\recycler\NPROTECT\00000139
c:\recycler\NPROTECT\00000141.dat
c:\recycler\NPROTECT\00000143
c:\recycler\NPROTECT\00000144.bat
c:\recycler\NPROTECT\00000145
c:\recycler\NPROTECT\00000146
c:\recycler\NPROTECT\00000147
c:\recycler\NPROTECT\00000148
c:\recycler\NPROTECT\00000149
c:\recycler\NPROTECT\00000150
c:\recycler\NPROTECT\00000152
c:\recycler\NPROTECT\00000153
c:\recycler\NPROTECT\00000155
c:\recycler\NPROTECT\00000156
c:\recycler\NPROTECT\00000157
c:\recycler\NPROTECT\00000160
c:\recycler\NPROTECT\00000161
c:\recycler\NPROTECT\00000162
c:\recycler\NPROTECT\00000163
c:\recycler\NPROTECT\00000164
c:\recycler\NPROTECT\00000165
c:\recycler\NPROTECT\00000166
c:\recycler\NPROTECT\00000168
c:\recycler\NPROTECT\00000169
c:\recycler\NPROTECT\00000170
c:\recycler\NPROTECT\00000171
c:\recycler\NPROTECT\00000172
c:\recycler\NPROTECT\00000173
c:\recycler\NPROTECT\00000174
c:\recycler\NPROTECT\00000175
c:\recycler\NPROTECT\00000176
c:\recycler\NPROTECT\00000177
c:\recycler\NPROTECT\00000178
c:\recycler\NPROTECT\00000179
c:\recycler\NPROTECT\00000180
c:\recycler\NPROTECT\00000181
c:\recycler\NPROTECT\00000182
c:\recycler\NPROTECT\00000183
c:\recycler\NPROTECT\00000184
c:\recycler\NPROTECT\00000185
c:\recycler\NPROTECT\00000186
c:\recycler\NPROTECT\00000187
c:\recycler\NPROTECT\00000188
c:\recycler\NPROTECT\00000189
c:\recycler\NPROTECT\00000190
c:\recycler\NPROTECT\00000191
c:\recycler\NPROTECT\00000192
c:\recycler\NPROTECT\00000193
c:\recycler\NPROTECT\00000194
c:\recycler\NPROTECT\00000195
c:\recycler\NPROTECT\00000196
c:\recycler\NPROTECT\00000197
c:\recycler\NPROTECT\00000199
c:\recycler\NPROTECT\00000200
c:\recycler\NPROTECT\00000201
c:\recycler\NPROTECT\00000202
c:\recycler\NPROTECT\00000204
c:\recycler\NPROTECT\00000207
c:\recycler\NPROTECT\00000208
c:\recycler\NPROTECT\00000209
c:\recycler\NPROTECT\00000210
c:\recycler\NPROTECT\00000211
c:\recycler\NPROTECT\00000212.dat
c:\recycler\NPROTECT\00000213
c:\recycler\NPROTECT\00000214.bad
c:\recycler\NPROTECT\00000215
c:\recycler\NPROTECT\00000216
c:\recycler\NPROTECT\00000217
c:\recycler\NPROTECT\00000218
c:\recycler\NPROTECT\00000219
c:\recycler\NPROTECT\00000226
c:\recycler\NPROTECT\00000227.md5
c:\recycler\NPROTECT\NPROTECT.LOG
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\15d13.msi
c:\windows\Installer\15d19.msi
c:\windows\Installer\15d1f.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\Installer\WMEncoder.msi

.
((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-03 03:36 . 2009-08-03 03:36 -------- d-----w- c:\program files\ERUNT
2009-08-03 03:31 . 2009-08-03 03:31 -------- d-----w- c:\program files\Trend Micro
2009-08-03 02:25 . 2009-08-03 02:25 -------- d-----w- c:\documents and settings\Mom\Application Data\Malwarebytes
2009-08-03 02:25 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 02:25 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 02:25 . 2009-08-03 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-03 02:25 . 2009-08-06 02:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-03 01:27 . 2009-08-03 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-03 01:27 . 2009-08-03 01:27 -------- d-----w- c:\windows\system32\drivers\NSS
2009-08-03 01:27 . 2009-08-03 01:27 -------- d-----w- c:\program files\Norton Security Scan
2009-08-03 01:27 . 2009-08-03 01:27 -------- d-----w- c:\program files\NortonInstaller
2009-08-03 01:27 . 2009-08-03 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-03 01:25 . 2009-08-03 01:25 96234 ----a-w- C:\cc_20090802_212531.reg
2009-07-31 22:15 . 2009-07-31 22:29 -------- d-----w- c:\documents and settings\Mom\Local Settings\Application Data\The Weather Channel
2009-07-31 14:34 . 2009-07-31 22:13 -------- d-----w- c:\program files\Shared
2009-07-31 10:01 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-31 04:24 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-31 03:16 . 2009-07-31 03:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-31 03:16 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-31 03:14 . 2009-07-31 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-31 03:14 . 2009-07-31 03:14 -------- d-----w- c:\program files\Lavasoft
2009-07-31 02:30 . 2009-07-31 02:30 114444 ----a-w- C:\cc_20090730_223003.reg
2009-07-31 00:42 . 2009-07-31 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-31 00:21 . 2009-07-31 00:21 2812 ----a-w- C:\cc_20090730_202122.reg
2009-07-30 23:24 . 2009-07-30 23:24 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-30 23:24 . 2009-07-30 23:24 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-30 23:24 . 2009-07-30 23:24 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-30 23:24 . 2009-07-30 23:24 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-30 23:17 . 2009-07-30 23:17 105536 ----a-w- C:\cc_20090730_191731.reg
2009-07-30 15:55 . 2009-07-30 15:55 95772 ----a-w- C:\cc_20090730_115502.reg
2009-07-30 15:31 . 2009-07-30 15:31 -------- d-----w- c:\program files\r2 Studios
2009-07-26 17:22 . 2009-07-26 17:22 671724 ----a-w- C:\cc_20090726_132158.reg
2009-07-17 02:17 . 2009-07-17 02:17 -------- d-----w- c:\program files\Common Files\Skype
2009-07-17 02:17 . 2009-07-17 02:17 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 00:59 . 2009-06-21 01:58 -------- d-----w- c:\program files\LogMeIn
2009-08-03 03:44 . 2008-08-31 16:57 -------- d-----w- c:\documents and settings\Mom\Application Data\Skype
2009-08-03 02:40 . 2008-08-31 17:00 -------- d-----w- c:\documents and settings\Mom\Application Data\skypePM
2009-08-03 02:18 . 2005-12-23 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-03 01:27 . 2005-08-21 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-31 00:42 . 2008-12-12 11:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-31 00:42 . 2005-08-21 16:11 -------- d-----w- c:\program files\Java
2009-07-31 00:42 . 2009-06-21 01:48 152576 ----a-w- c:\documents and settings\Mom\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-30 23:36 . 2005-12-23 16:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-30 23:09 . 2005-08-21 16:23 -------- d-----w- c:\program files\Common Files\Intuit
2009-07-30 23:02 . 2008-01-23 03:01 -------- d-----w- c:\program files\Coupons
2009-07-30 23:02 . 2005-08-21 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-07-26 17:31 . 2005-08-21 16:26 -------- d-----w- c:\program files\Symantec
2009-07-17 02:20 . 2005-08-21 16:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-17 02:17 . 2008-08-31 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-15 11:52 . 2007-08-23 01:53 -------- d-----w- c:\program files\CCleaner
2009-07-15 01:10 . 2008-09-09 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-15 01:10 . 2008-09-09 14:09 -------- d-----w- c:\program files\NOS
2009-06-29 16:12 . 2004-08-11 22:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-11 22:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\Mom\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-21 02:00 . 2009-06-21 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-06-16 14:36 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-05 16:16 . 2009-06-05 16:16 726008 ----a-w- c:\documents and settings\Mom\gotomypc_437.exe
2009-06-03 19:09 . 2004-08-11 22:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-16 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NSWosCheck"="c:\program files\Norton SystemWorks Premier\osCheck.exe" [2007-09-18 25472]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
"LVComs"="c:\windows\system32\LVComS.exe" [2000-12-06 86016]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 148888]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 00:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk
backup=c:\windows\pss\dlbcserv.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Reality Fusion GameCam SE.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Reality Fusion GameCam SE.lnk
backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Mom\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Mom\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/31/2009 12:24 AM 64160]
R2 ANISERVICE;Airgo Networks NIC Service;c:\windows\system32\aniServ.exe [8/11/2004 12:00 PM 143360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [8/25/2007 1:07 AM 149352]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [6/20/2009 9:59 PM 47640]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [11/3/2005 11:08 PM 95832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/27/2009 7:05 AM 101936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/14/2007 11:53 AM 23888]
S3 MSSQL$NR2005;MSSQL$NR2005;c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005 --> c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe -sNR2005 [?]
S3 PID_0890_I;Logitech QuickCam Traveler (Still Camera)(PID_0890_I);c:\windows\system32\drivers\BULKUSB.sys [12/25/2008 11:16 PM 10547]
S3 PID_0890_V;Logitech QuickCam Traveler(PID_0890_V);c:\windows\system32\drivers\CA500AV.SYS [12/25/2008 11:16 PM 191052]
S3 SQLAgent$NR2005;SQLAgent$NR2005;c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE -i NR2005 --> c:\program files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlagent.EXE -i NR2005 [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-08-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2164052071-1037489642-4016618191-1006Core.job
- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-25 03:08]

2009-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2164052071-1037489642-4016618191-1006UA.job
- c:\documents and settings\Mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-25 03:08]

2009-08-04 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Mom.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]

2009-08-07 c:\windows\Tasks\Norton Security Scan for Mom.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-08-03 01:27]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-WebCamRT.exe - (no file)
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://www.shockwave.com/content/joboosgems/sis/AstoundLauncher.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 21:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1256)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(3096)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\progra~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-08-09 21:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-09 01:53

Pre-Run: 36,960,440,320 bytes free
Post-Run: 37,377,167,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

436 --- E O F --- 2009-07-29 05:15

[shelf life]

hi xm81bpm,

thanks for the info. not much there to be worried about. Looks like your malware free.

Microsoft Windows Security Center Disabled

these are notifications about your AV, Windows update etc. The notifications can be toggled off or on via the Security Center panel.
start>settings>control panel>Security center> Change the way security center alerts me. If you have auto updates turned off, then Windows will alert you about this. unless you uncheck the box next to 'Automatic Updates' under the 'Alert Settings' Same for the other two.
Just make sure you visit Windows update once a month or so to 'get patched'

You can delete combofix like this:
start>run and type in combofix /u
click ok or enter
Note: there is a space after the x and before the /

[tashi]

Thank you shelf life.