Sorry I went away for a few days.
Ok ran combfix here's txt
ComboFix 09-05-05.03 - Garry 05/05/2009 22:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.283 [GMT -7:00]
Running from: c:\documents and settings\Garry\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Garry\Application Data\
0200000087d34525573C.manifest
c:\documents and settings\Garry\Application Data\
0200000087d34525573O.manifest
c:\documents and settings\Garry\Application Data\
0200000087d34525573P.manifest
c:\documents and settings\Garry\Application Data\
0200000087d34525573S.manifest
c:\documents and settings\Liddy\Application Data\
0200000087d34525573C.manifest
c:\documents and settings\Liddy\Application Data\
0200000087d34525573O.manifest
c:\documents and settings\Liddy\Application Data\
0200000087d34525573P.manifest
c:\documents and settings\Liddy\Application Data\
0200000087d34525573S.manifest
c:\documents and settings\Liddy\Application Data\FunWebProducts
c:\documents and settings\Liddy\Application Data\FunWebProducts\Data\Liddy\avatar.dat
c:\documents and settings\Liddy\Application Data\FunWebProducts\Data\Liddy\zbucks.dat
c:\documents and settings\Liddy\Application Data\FunWebProducts\Data\Liddy\zevents.dat
c:\documents and settings\siSTy\Application Data\
0200000087d34525573C.manifest
c:\documents and settings\siSTy\Application Data\
0200000087d34525573O.manifest
c:\documents and settings\siSTy\Application Data\
0200000087d34525573P.manifest
c:\documents and settings\siSTy\Application Data\
0200000087d34525573S.manifest
c:\documents and settings\siSTy\Application Data\FunWebProducts
c:\documents and settings\siSTy\Application Data\FunWebProducts\Data\siSTy\avatar.dat
c:\documents and settings\siSTy\Application Data\FunWebProducts\Data\siSTy\zbucks.dat
c:\documents and settings\siSTy\Application Data\FunWebProducts\Data\siSTy\zevents.dat
c:\windows\coctine.dll
c:\windows\oraxopakenupiy.dll
c:\windows\system32\Cache
c:\windows\system32\GroupPolicy000.dat
c:\windows\wmlib42c.dll
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.
2009-05-06 06:00 . 2009-05-06 06:00 -------- d-----w c:\documents and settings\LocalService\Application Data\McAfee
2009-05-01 14:19 . 2009-05-01 14:19 -------- d-----w c:\program files\Trend Micro
2009-05-01 12:04 . 2009-05-01 16:27 -------- d-----w c:\program files\Exterminate It!
2009-05-01 05:56 . 2009-05-01 10:05 -------- d-----w c:\documents and settings\Garry\Tracing
2009-05-01 04:51 . 2009-05-01 10:13 -------- d-----w c:\program files\Windows Live Safety CenterRebootActions
2009-05-01 04:43 . 2009-02-07 01:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-05-01 04:42 . 2009-05-01 04:42 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-01 04:41 . 2006-11-29 20:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-01 04:40 . 2009-05-01 04:40 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-01 04:38 . 2009-05-01 04:38 -------- d-----w c:\program files\Microsoft
2009-05-01 04:37 . 2009-05-01 04:37 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-01 04:36 . 2009-05-01 04:43 -------- d-----w c:\program files\Windows Live
2009-05-01 02:40 . 2009-05-01 02:40 -------- d-----w c:\windows\system32\XPSViewer
2009-05-01 02:40 . 2009-05-01 02:40 -------- d-----w c:\program files\MSBuild
2009-05-01 02:39 . 2009-05-01 02:39 -------- d-----w c:\program files\Reference Assemblies
2009-05-01 02:37 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-01 02:37 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-01 02:37 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-01 02:37 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-01 02:37 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-01 02:37 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-01 02:37 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-01 02:37 . 2009-05-01 02:39 -------- d-----w C:\3371d1fb6d0a7c560a58718e
2009-05-01 01:50 . 2009-05-01 10:13 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-30 21:05 . 2009-04-30 21:21 -------- d-----w c:\documents and settings\Liddy\Application Data\LimeWire
2009-04-30 20:34 . 2009-04-30 20:34 -------- d-----w c:\documents and settings\hoes\Application Data\Windows Search
2009-04-30 20:31 . 2009-04-30 20:31 -------- d-----w c:\documents and settings\hoes\Local Settings\Application Data\Identities
2009-04-30 20:18 . 2009-04-30 20:18 -------- d-----w c:\documents and settings\Administrator\Application Data\Apple Computer
2009-04-30 20:17 . 2009-04-30 20:17 13104 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 20:12 . 2009-04-30 20:12 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2009-04-30 19:26 . 2009-04-30 19:26 -------- d-----w c:\documents and settings\Administrator\Application Data\Windows Search
2009-04-30 19:13 . 2009-04-30 19:21 -------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2009-04-30 19:13 . 2009-04-30 21:32 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-30 18:55 . 2009-04-30 18:55 -------- d-sh--w c:\documents and settings\Administrator\PrivacIE
2009-04-30 18:48 . 2009-04-30 18:48 -------- d-----w c:\documents and settings\Administrator\Application Data\MySpace
2009-04-30 18:30 . 2006-02-28 12:00 8704 ----a-w c:\windows\system32\infoctrs.dll
2009-04-30 18:30 . 2006-02-28 12:00 56320 ----a-w c:\windows\system32\convlog.exe
2009-04-30 18:30 . 2006-02-28 12:00 6144 ----a-w c:\windows\system32\admxprox.dll
2009-04-30 18:30 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\simptcp.dll
2009-04-30 18:28 . 2009-04-30 18:28 -------- d-----w c:\windows\system32\msmq
2009-04-30 18:27 . 2009-04-30 18:32 -------- d-----w C:\Inetpub
2009-04-30 18:18 . 2009-04-30 18:18 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Identities
2009-04-30 07:23 . 2009-04-30 07:23 -------- d-----w c:\documents and settings\Liddy\Application Data\alot
2009-04-29 23:53 . 2009-04-29 23:53 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Yahoo
2009-04-29 22:41 . 2009-04-29 22:41 -------- d-----w c:\documents and settings\siSTy\Application Data\U3
2009-04-29 07:47 . 2009-04-29 07:47 -------- d-sh--w c:\windows\ftpcache
2009-04-29 07:34 . 2009-04-29 07:47 -------- d-----w c:\program files\ThisIsVegas
2009-04-28 19:11 . 2009-04-28 19:13 -------- d-----w c:\documents and settings\siSTy\Application Data\VTExtra
2009-04-28 19:08 . 2009-04-28 19:11 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\VTShared
2009-04-28 19:08 . 2009-04-28 19:10 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\GoldenCasino
2009-04-28 19:08 . 2009-04-28 19:08 -------- d-----w c:\documents and settings\siSTy\Application Data\InstallShield
2009-04-28 19:04 . 2009-04-29 07:19 -------- d-----w c:\documents and settings\All Users\Application Data\MGS
2009-04-28 19:04 . 2009-04-28 19:04 -------- d-----w c:\documents and settings\All Users\Application Data\Microgaming
2009-04-28 19:04 . 2009-04-28 19:04 -------- d-----w C:\MicroGaming
2009-04-27 22:30 . 2009-04-30 02:48 -------- d-----w c:\documents and settings\siSTy\Application Data\alot
2009-04-24 06:14 . 2009-04-24 06:14 -------- d-sh--w c:\documents and settings\hoes\PrivacIE
2009-04-24 06:14 . 2009-04-24 06:14 -------- d-----w c:\documents and settings\hoes\Application Data\Yahoo!
2009-04-24 06:14 . 2009-04-24 06:14 127 ----a-w c:\documents and settings\hoes\Local Settings\Application Data\fusioncache.dat
2009-04-24 06:13 . 2009-04-24 06:13 13104 ----a-w c:\documents and settings\hoes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 06:13 . 2009-04-24 06:13 -------- d-----w c:\documents and settings\hoes\Application Data\McAfee
2009-04-24 06:13 . 2009-04-30 06:51 -------- d-----w c:\documents and settings\hoes\Local Settings\Application Data\ApplicationHistory
2009-04-24 02:09 . 2009-04-27 02:10 -------- d-----w c:\documents and settings\All Users\Application Data\FaceOnBody
2009-04-24 02:09 . 2009-04-27 02:10 -------- d-----w c:\program files\FaceOnBody
2009-04-23 06:35 . 2009-04-23 06:35 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\{6286D04A-9110-4BD7-A62E-A78FBB29DC38}
2009-04-22 06:35 . 2009-04-22 06:35 -------- d-----w c:\documents and settings\Garry\Local Settings\Application Data\{95F5F18D-D209-4F1D-887A-2AF430F2DD0F}
2009-04-19 22:19 . 2009-04-19 22:19 -------- d-----w c:\documents and settings\Garry\Application Data\Windows Search
2009-04-18 13:00 . 2009-04-18 13:04 -------- dc-h--w c:\windows\ie8
2009-04-17 05:39 . 2009-04-17 05:39 128 ----a-w c:\documents and settings\Liddy\Local Settings\Application Data\fusioncache.dat
2009-04-16 23:55 . 2009-04-16 23:55 81920 ----a-w c:\windows\ALCFDRTM.EXE
2009-04-16 23:15 . 2009-04-16 23:15 -------- d-----w c:\documents and settings\siSTy\Application Data\Unity
2009-04-16 23:10 . 2009-04-16 23:10 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Unity
2009-04-16 23:10 . 2009-04-16 23:10 -------- d-----w c:\program files\Unity
2009-04-16 22:21 . 2009-04-16 22:21 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-16 06:01 . 2009-04-16 06:01 -------- d-----w c:\documents and settings\Liddy\Application Data\McAfee
2009-04-16 06:00 . 2009-04-30 17:53 -------- d-----w c:\documents and settings\Liddy\Local Settings\Application Data\ApplicationHistory
2009-04-15 17:02 . 2009-04-15 17:02 128 ----a-w c:\documents and settings\siSTy\Local Settings\Application Data\fusioncache.dat
2009-04-15 14:18 . 2009-04-15 14:18 128 ----a-w c:\documents and settings\Garry\Local Settings\Application Data\fusioncache.dat
2009-04-15 14:18 . 2009-05-06 06:04 -------- d-----w c:\documents and settings\Garry\Local Settings\Application Data\ApplicationHistory
2009-04-15 13:31 . 2009-04-15 14:19 -------- d-----w c:\documents and settings\Garry\Application Data\McAfee
2009-04-15 08:04 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:04 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:04 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 08:04 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:04 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:04 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:04 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:04 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:04 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:03 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 08:03 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 02:02 . 2009-04-15 02:02 -------- d-sh--w c:\documents and settings\Garry\PrivacIE
2009-04-14 19:24 . 2009-04-14 19:24 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-14 18:25 . 2006-03-03 15:07 143360 ----a-w c:\windows\system32\dunzip32.dll
2009-04-14 18:19 . 2007-12-02 19:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-04-14 18:19 . 2007-11-22 13:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-04-14 18:19 . 2007-11-22 13:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-04-14 18:19 . 2007-07-13 13:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-04-14 18:18 . 2009-04-14 18:18 -------- d-----w c:\program files\McAfee.com
2009-04-14 18:18 . 2009-04-14 18:19 -------- d-----w c:\program files\Common Files\McAfee
2009-04-14 18:18 . 2009-04-16 23:28 -------- d-----w c:\program files\McAfee
2009-04-14 08:21 . 2009-04-15 17:02 -------- d-----w c:\documents and settings\siSTy\Application Data\McAfee
2009-04-14 01:59 . 2009-04-21 22:53 -------- d-----w c:\documents and settings\Liddy\Local Settings\Application Data\Apple Computer
2009-04-13 02:44 . 2009-04-13 02:44 -------- d-----w c:\documents and settings\siSTy\Application Data\Windows Search
2009-04-12 22:41 . 2009-04-12 22:41 -------- d-sh--w c:\documents and settings\siSTy\PrivacIE
2009-04-12 21:11 . 2009-04-19 19:27 -------- d-----w c:\documents and settings\Garry\Local Settings\Application Data\Apple Computer
2009-04-12 20:43 . 2009-04-27 06:36 -------- d-----w c:\documents and settings\siSTy\Application Data\Apple Computer
2009-04-12 20:42 . 2009-03-19 23:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-12 20:42 . 2008-04-17 19:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-12 20:42 . 2009-04-12 20:42 -------- d-----w c:\program files\iPod
2009-04-12 20:42 . 2009-04-12 20:42 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-12 20:42 . 2009-04-12 20:42 -------- d-----w c:\program files\iTunes
2009-04-12 20:41 . 2009-04-12 20:41 -------- d-----w c:\program files\Bonjour
2009-04-12 20:41 . 2009-04-12 20:41 -------- d-----w c:\program files\QuickTime
2009-04-12 20:41 . 2009-04-12 20:42 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-12 20:40 . 2009-04-12 20:40 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Apple
2009-04-12 20:40 . 2009-04-12 20:40 -------- d-----w c:\program files\Apple Software Update
2009-04-12 20:40 . 2009-04-12 20:42 -------- d-----w c:\program files\Common Files\Apple
2009-04-12 20:40 . 2009-04-12 20:40 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-04-12 20:39 . 2009-04-18 11:17 -------- d-----w c:\documents and settings\siSTy\Local Settings\Application Data\Apple Computer
2009-04-12 18:36 . 2009-04-12 18:36 -------- d-sh--w c:\documents and settings\Liddy\PrivacIE
2009-04-12 04:45 . 2009-04-12 04:45 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-12 04:44 . 2009-04-12 04:44 -------- d-sh--w c:\documents and settings\Garry\IETldCache
2009-04-12 00:56 . 2009-04-12 00:56 -------- d-sh--w c:\documents and settings\siSTy\IETldCache
2009-04-12 00:07 . 2009-04-12 00:07 -------- d-sh--w c:\documents and settings\Liddy\IETldCache
2009-04-11 05:30 . 2009-04-18 13:05 -------- d-----w c:\windows\ie8updates
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 05:55 . 2009-03-30 00:41 13688 ----a-w c:\documents and settings\Garry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-30 20:44 . 2006-02-28 12:00 144384 ----a-w c:\windows\azaqehexopakenup.dll
2009-04-30 08:49 . 2009-03-30 23:14 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-30 08:48 . 2009-04-04 07:49 -------- d-----w c:\program files\Oberon Media
2009-04-29 21:01 . 2009-03-30 11:31 -------- d-----w c:\program files\LimeWire
2009-04-28 19:08 . 2009-03-29 18:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 21:25 . 2009-04-05 21:25 615 ----a-w c:\windows\system32\Z84xvpU.vbs
2009-04-05 06:18 . 2009-03-29 18:11 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-05 01:14 . 2009-04-05 01:14 615 ----a-w c:\windows\system32\CB4fzCu.vbs
2009-04-04 07:49 . 2009-04-04 07:49 -------- d-----w c:\program files\Common Files\Oberon Media
2009-04-04 07:49 . 2009-04-04 07:49 -------- d-----w c:\program files\Chill
2009-04-02 05:32 . 2009-04-02 05:31 -------- d-----w c:\program files\Yahoo!
2009-03-30 23:24 . 2009-03-30 11:31 -------- d-----w c:\program files\Java
2009-03-30 03:57 . 2009-03-30 03:57 -------- d-----w c:\program files\support.com
2009-03-30 03:56 . 2009-03-30 03:56 -------- d-----w c:\program files\Common Files\SupportSoft
2009-03-30 03:48 . 2009-03-29 20:05 -------- d-----w c:\program files\Network Associates
2009-03-29 20:05 . 2009-03-29 20:05 -------- d-----w c:\program files\Common Files\Cisco Systems
2009-03-29 19:55 . 2009-03-29 19:55 0 ----a-w c:\windows\nsreg.dat
2009-03-29 19:52 . 2009-03-29 19:52 -------- d-----w c:\program files\CyberLink
2009-03-29 19:52 . 2009-03-29 18:21 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-29 18:31 . 2009-03-29 18:31 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-03-29 18:31 . 2009-03-29 18:31 -------- d-----w c:\program files\SystemRequirementsLab
2009-03-29 18:21 . 2009-03-29 18:21 -------- d-----w c:\program files\Realtek
2009-03-29 18:21 . 2009-03-29 18:21 315392 ----a-w c:\windows\HideWin.exe
2009-03-29 18:20 . 2009-03-29 18:20 -------- d-----w c:\program files\Intel
2009-03-29 18:20 . 2009-03-29 18:20 4608 ----a-w c:\windows\system32\PCIUtil.sys
2009-03-29 18:13 . 2009-03-29 18:13 -------- d-----w c:\program files\microsoft frontpage
2009-03-29 18:12 . 2006-02-28 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-03-29 18:09 . 2009-03-29 18:09 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-09 12:19 . 2009-03-30 11:31 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2006-02-28 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2006-02-28 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2006-02-28 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2006-02-28 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2006-02-28 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2006-02-28 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2006-02-28 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2006-02-28 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2006-02-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-12 09:00 . 2009-03-29 18:40 36352 ------w C:\WGASetup.exe
2009-02-09 12:10 . 2006-02-28 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2006-02-28 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2006-02-28 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2006-02-28 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2006-02-28 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 02:03 . 2009-02-07 02:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-07 01:52 . 2009-02-07 01:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2006-02-28 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2006-02-28 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2006-02-28 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 4838952]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"Kxowudoray"="c:\windows\azaqehexopakenup.dll" [2009-04-30 144384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Garry^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Garry\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/30/2009 9:43 PM 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [3/29/2009 11:22 AM 547744]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-14 20:32]
2009-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-14 20:32]
2009-05-06 c:\windows\Tasks\User_Feed_Synchronization-{B315AF5C-FD06-425B-B081-FED34C0F3250}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
2009-05-06 c:\windows\Tasks\User_Feed_Synchronization-{C4EEECEF-397D-47BC-9622-B070F920CECF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-A00F3CE6D - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmlIE: &Search -
http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Garry\Application Data\Mozilla\Firefox\Profiles\nxur4pjx.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.sweetim.com/search.asp?src=2&q=FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - prefs.js: keyword.URL -
hxxp://www.mywebsearch.com/jsp/cfg_redi ... searchfor=FF - plugin: c:\documents and settings\Garry\Application Data\Mozilla\Firefox\Profiles\nxur4pjx.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-05 23:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2060)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\searchindexer.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-05-06 23:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-06 06:09
Pre-Run: 22,502,514,688 bytes free
Post-Run: 22,493,204,480 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
366 --- E O F --- 2009-05-01 11:15