1. I did everything you said and I deleted the symantec folder.
2.
Combofix log
"HP_Ejer" - 2007-06-28 20:36:10 - ComboFix 07-06-28.4 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
Infected copy of C:\WINDOWS\system32\drivers\ndis.sys was found & disinfected
C:\cp1467.nls
Restored copy from - C:\WINDOWS\system32\dllcache\ndis.sys
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 )))))))))))))))))))))))))))))))
2007-06-28 20:35 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-28 11:12 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-06-28 11:12 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-28 11:12 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-28 11:12 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-06-28 11:12 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-28 11:12 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-28 11:12 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-28 01:06 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1.THO\NTUSER.DAT
2007-06-28 01:06 <DIR> dr------- C:\DOCUME~1\ADMINI~1.THO\Menuen Start
2007-06-28 01:06 <DIR> dr------- C:\DOCUME~1\ADMINI~1.THO\Foretrukne
2007-06-28 01:06 <DIR> dr------- C:\DOCUME~1\ADMINI~1.THO\Dokumenter
2007-06-28 01:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.THO\Skabeloner
2007-06-28 01:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.THO\Printere
2007-06-28 01:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.THO\Lokale indstillinger
2007-06-28 01:06 <DIR> d--h----- C:\DOCUME~1\ADMINI~1.THO\Andre computere
2007-06-28 01:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1.THO\WINDOWS
2007-06-28 01:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1.THO\Skrivebord
2007-06-28 01:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1.THO\APPLIC~1\Symantec
2007-06-28 01:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1.THO\APPLIC~1\SampleView
2007-06-28 01:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1.THO\APPLIC~1\Intervideo
2007-06-28 01:06 <DIR> d-------- C:\DOCUME~1\ADMINI~1.THO\APPLIC~1\Apple Computer
2007-06-28 01:03 186,880 --a------ C:\LSPFix.exe
2007-06-27 22:56 <DIR> d-------- C:\Programmer\Alwil Software
2007-06-26 01:21 1,572,864 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-26 01:21 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Menuen Start
2007-06-26 01:21 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Foretrukne
2007-06-26 01:21 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Dokumenter
2007-06-26 01:21 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Skabeloner
2007-06-26 01:21 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Printere
2007-06-26 01:21 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Lokale indstillinger
2007-06-26 01:21 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Andre computere
2007-06-26 01:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-06-26 01:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Skrivebord
2007-06-26 01:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-06-26 01:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-06-26 01:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Intervideo
2007-06-26 01:21 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-06-26 00:35 <DIR> d-------- C:\Programmer\uTorrent
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-28 10:13:13 -------- d-----w C:\Programmer\Diablo II
2007-06-28 09:08:33 -------- d-----w C:\Programmer\Fælles filer
2007-06-27 16:27:42 -------- d-----w C:\Programmer\StepMania
2007-06-27 16:21:39 69,706 ----a-w C:\WINDOWS\system32\perfc006.dat
2007-06-27 16:21:39 408,334 ----a-w C:\WINDOWS\system32\perfh006.dat
2007-06-26 12:14:23 -------- d-----w C:\Programmer\Warcraft III
2007-06-26 10:00:18 -------- d-----w C:\Programmer\Fælles filer\System
2007-06-25 23:33:16 -------- d-----w C:\DOCUME~1\HP_Ejer\APPLIC~1\uTorrent
2007-06-25 23:01:03 -------- d-----w C:\Programmer\RPGXP
2007-06-25 22:26:56 -------- d-----w C:\DOCUME~1\HP_Ejer\APPLIC~1\Azureus
2007-06-25 22:19:47 -------- d-----w C:\Programmer\GetRight
2007-06-25 22:02:23 -------- d-----w C:\Programmer\Symantec
2007-06-25 21:52:17 -------- d-----w C:\Programmer\Fælles filer\Real
2007-06-25 21:51:54 -------- d-----w C:\DOCUME~1\HP_Ejer\APPLIC~1\Real
2007-06-25 21:51:07 -------- d-----w C:\Programmer\Silkroad
2007-06-25 21:50:16 -------- d-----w C:\Programmer\Pcsx2
2007-06-25 21:35:01 -------- d-----w C:\Programmer\Fælles filer\Microsoft Shared
2007-06-25 21:29:24 -------- d--h--w C:\Programmer\InstallShield Installation Information
2007-06-25 21:26:58 -------- d-----w C:\Programmer\DivX
2007-05-30 17:20:15 -------- d-----w C:\Programmer\Diablo III
2007-05-30 17:19:59 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-05-27 13:15:57 16 ----a-w C:\WINDOWS\popcinfot.dat
2007-05-21 15:02:28 -------- d-----w C:\DOCUME~1\HP_Ejer\APPLIC~1\Skype
2007-05-16 15:14:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-04 16:34:41 -------- d-----w C:\Programmer\Windows Media Connect 2
2007-04-25 14:22:43 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:14:26 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-12 11:55:09 21,504 ----a-w C:\WINDOWS\system32\ahdbngwjthp.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 22:17]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"HPHUPD06"="c:\Programmer\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" []
"ISUSPM Startup"="C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 14:03]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" []
"nwiz"="nwiz.exe" [2004-09-29 21:23 C:\WINDOWS\system32\nwiz.exe]
"SiSPower"="SiSPower.dll" [2004-09-24 10:49 C:\WINDOWS\system32\SiSPower.dll]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 C:\WINDOWS\ALCXMNTR.EXE]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2006-07-29 19:34]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClockSync]
"C:\Programmer\ClockSync\Sync.exe" /q
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programmer\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Programmer\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Programmer\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
"C:\Programmer\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"SNDSrvc"=2 (0x2)
"iPodService"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-06-28 20:47:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-28 20:48:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-28 20:48
--- E O F ---
Fresh HJT log
Logfile of HijackThis v1.99.1
Scan saved at 20:54:44, on 28-06-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: HP-visning - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmer\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD06] c:\Programmer\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FLLESF~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://www.mangadownload.net
O15 - Trusted Zone:
http://www.myspace.com
O15 - Trusted Zone:
http://www.narutomania.com
O15 - Trusted Zone:
http://www.tegnebordet.dk
O15 - Trusted Zone:
http://www.thewhiteferret.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zon...kr.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe