Hey Chuck, lol, I wasn't trying to say you were like doing something wrong or whatever. I was just trying to give you as much information as I could. So I just did your last step and here it is.
ComboFix 09-05-24.01 - Chris Jablonski 05/24/2009 15:51.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.777 [GMT -4:00]
Running from: d:\documents and settings\Chris Jablonski\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Chris Jablonski\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
d:\documents and settings\Chris Jablonski\My Documents\LimeWire\Saved\he had it coming lil kim.mp3
d:\documents and settings\Chris Jablonski\My Documents\LimeWire\Saved\unperidictable ludacris ft.mp3
d:\windows\system32\b4fm.dll
d:\windows\system32\ConTest.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\Chris Jablonski\My Documents\LimeWire\Saved\he had it coming lil kim.mp3
d:\documents and settings\Chris Jablonski\My Documents\LimeWire\Saved\unperidictable ludacris ft.mp3
d:\windows\system32\b4fm.dll
d:\windows\system32\ConTest.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.
2009-05-23 22:31 . 2009-05-23 22:31 -------- d-----w d:\program files\Common Files\DivX Shared
2009-05-22 22:36 . 2008-06-19 21:24 28544 ----a-w d:\windows\system32\drivers\pavboot.sys
2009-05-22 22:35 . 2009-05-22 22:35 -------- d-----w d:\program files\Panda Security
2009-05-16 10:22 . 2009-05-16 10:22 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\Malwarebytes
2009-05-12 20:49 . 2009-05-12 20:49 -------- d-----w D:\rsit
2009-05-11 02:29 . 2009-04-06 19:32 15504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-05-11 02:29 . 2009-04-06 19:32 38496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-05-11 02:29 . 2009-05-11 02:29 -------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-05-11 02:29 . 2009-05-11 02:29 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-09 23:39 . 2009-05-09 23:41 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\GetRightToGo
2009-05-01 05:03 . 2009-05-01 05:03 201 ----a-w d:\windows\nsreg.dat
2009-04-29 20:55 . 2006-03-03 15:07 143360 ----a-w d:\windows\system32\dunzip32.dll
2009-04-29 20:54 . 2006-07-14 04:10 37800 ----a-w d:\windows\system32\drivers\mfesmfk.sys
2009-04-29 20:54 . 2006-07-14 04:09 31560 ----a-w d:\windows\system32\drivers\mferkdk.sys
2009-04-29 20:54 . 2006-07-14 04:09 33896 ----a-w d:\windows\system32\drivers\mfebopk.sys
2009-04-29 20:54 . 2006-07-14 04:09 161768 ----a-w d:\windows\system32\drivers\mfehidk.sys
2009-04-29 20:54 . 2006-07-08 19:46 84744 ----a-w d:\windows\system32\drivers\mfeavfk.sys
2009-04-29 20:53 . 2006-08-01 17:59 104536 ----a-w d:\windows\system32\drivers\Mpfp.sys
2009-04-29 20:53 . 2009-04-29 20:53 -------- d-----w d:\program files\McAfee.com
2009-04-29 20:53 . 2009-04-29 20:55 -------- d-----w d:\program files\Common Files\McAfee
2009-04-29 20:53 . 2009-04-29 21:08 -------- d-----w d:\program files\McAfee
2009-04-29 20:52 . 2009-04-29 20:56 -------- d-----w d:\documents and settings\All Users\Application Data\McAfee
2009-04-29 02:26 . 2009-04-29 02:26 102800 ----a-w d:\windows\system32\drivers\tmcomm.sys
2009-04-28 11:36 . 2009-04-28 11:36 -------- d-----w d:\program files\Trend Micro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 07:23 . 2008-07-18 04:50 -------- d-----w d:\program files\Warcraft III
2009-05-23 23:10 . 2008-12-09 13:51 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\uTorrent
2009-05-23 22:32 . 2008-09-30 08:59 -------- d-----w d:\program files\DivX
2009-05-19 23:58 . 2008-07-18 01:46 -------- d-----w d:\program files\World of Warcraft
2009-05-10 18:44 . 2008-07-18 05:35 -------- d-----w d:\program files\LimeWire
2009-05-10 18:42 . 2008-07-18 20:17 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\LimeWire
2009-04-29 01:53 . 2009-04-13 07:46 -------- d-----w d:\program files\Common Files\Symantec Shared
2009-04-29 01:53 . 2009-04-13 07:46 -------- d-----w d:\documents and settings\All Users\Application Data\Symantec
2009-04-26 12:13 . 2008-07-18 01:55 -------- d-----w d:\program files\Common Files\Blizzard Entertainment
2009-04-22 07:39 . 2009-04-22 07:26 -------- d-----w d:\program files\Garena
2009-04-16 07:01 . 2009-04-16 07:00 -------- d-----w d:\program files\Defraggler
2009-04-16 06:56 . 2008-07-18 05:58 -------- d-----w d:\program files\CCleaner
2009-04-13 07:37 . 2009-04-06 21:15 -------- d-----w d:\documents and settings\All Users\Application Data\avg8
2009-04-07 00:29 . 2008-09-08 02:40 -------- d-----w d:\documents and settings\All Users\Application Data\Viewpoint
2009-04-07 00:28 . 2009-04-07 00:17 -------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2009-03-28 20:16 . 2008-11-17 01:39 -------- d-----w d:\program files\DotA Gaming Network
2009-03-26 20:26 . 2009-03-26 20:26 -------- d-----w d:\documents and settings\Chris Jablonski\Application Data\Media Player Classic
2009-03-26 20:11 . 2008-07-18 15:09 -------- d--h--w d:\program files\InstallShield Installation Information
2009-03-20 03:36 . 2008-07-18 04:56 78123 ----a-w d:\windows\War3Unin.dat
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w d:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w d:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w d:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w d:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w d:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w d:\windows\system32\DivX.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of d:\program files\Essentials Codec Pack ----
((((((((((((((((((((((((((((( SnapShot@2009-05-15_19.43.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-05-15 19:43 40394 d:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-05-24 04:17 40394 d:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-05-24 04:17 312172 d:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-05-15 19:43 312172 d:\windows\system32\perfh009.dat
+ 2009-04-17 12:59 . 2009-04-17 12:59 128256 d:\windows\Downloaded Program Files\as2stubie.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^TrayMin600.exe.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin600.exe.lnk
backup=d:\windows\pss\TrayMin600.exe.lnkCommon Startup
[HKLM\~\startupfolder\D:^Documents and Settings^Chris Jablonski^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk]
path=d:\documents and settings\Chris Jablonski\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk
backup=d:\windows\pss\My_AutoWarkey_Script.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"rpcapd"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"MioNet"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avg8emc"=2 (0x2)
"avg8wd"=2 (0x2)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"comHost"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"MSK80Service"=2 (0x2)
"MPS9"=2 (0x2)
"MpfService"=2 (0x2)
"mcusrmgr"=2 (0x2)
"mctskshd.exe"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"mcpromgr"=2 (0x2)
"McODS"=2 (0x2)
"McNASvc"=2 (0x2)
"mcmispupdmgr"=2 (0x2)
"McLogManagerService"=2 (0x2)
"McAfee HackerWatch Service"=2 (0x2)
"Emproxy"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Download Manager\\DLM.exe"=
"d:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"d:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"d:\\Program Files\\AIM6\\aim6.exe"=
"d:\\Program Files\\Warcraft III\\pickup.listchecker.exe"=
"d:\\WINDOWS\\system32\\wupdmgr.exe"=
"d:\\Program Files\\World of Warcraft\\BNUpdate.exe"=
"d:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe"=
"d:\\Program Files\\World of Warcraft\\Updates\\WoW-3.0.1-to-3.0.2-Update\\Updater.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-BurningCrusade-enUS-Slim-Installer\\Installer.exe"=
"d:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"d:\\Program Files\\Common Files\\Blizzard Entertainment\\World of Warcraft Installer\\Installer.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.8.9506-to-3.0.9.9551-enUS-downloader.exe"=
"d:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"d:\\Program Files\\Garena\\Garena.exe"=
"d:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"d:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"1700:TCP"= 1700:TCP:*:Disabled:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:*:Disabled:MioNet Remote Drive Verification
"6111:TCP"= 6111:TCP:wc3
"6110:TCP"= 6110:TCP:wc3
"6114:TCP"= 6114:TCP:wc3
"3274:TCP"= 3274:TCP:wow
"8086:TCP"= 8086:TCP:wow
"8087:TCP"= 8087:TCP:wow
"9081:TCP"= 9081:TCP:wow
"9090:TCP"= 9090:TCP:wow
"9097:TCP"= 9097:TCP:wow
"9100:TCP"= 9100:TCP:wow
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [5/22/2009 6:36 PM 28544]
R3 HSFHWATI;HSFHWATI;d:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 6:06 PM 231424]
R3 phc600;USB PC Camera (phc600);d:\windows\system32\drivers\phc600.sys [11/19/2008 1:43 AM 440064]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\Viewpoint\Common\ViewpointService.exe" --> d:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder
2009-05-15 d:\windows\Tasks\McDefragTask.job
- d:\windows\system32\defrag.exe [2004-08-04 00:12]
2009-05-01 d:\windows\Tasks\McQcTask.job
- d:\program files\mcafee\mqc\QcConsol.exe [2009-04-29 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.watch-movies-links.net/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - d:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-24 15:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-796845957-2111687655-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(728)
d:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-24 15:54
ComboFix-quarantined-files.txt 2009-05-24 19:54
ComboFix2.txt 2009-05-22 22:21
ComboFix3.txt 2009-05-22 22:07
ComboFix4.txt 2009-05-15 19:44
Pre-Run: 37,948,407,808 bytes free
Post-Run: 38,367,072,256 bytes free
Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
238 --- E O F --- 2008-11-18 21:25