That worked!
ComboFix 11-03-16.03 - Des 17/03/2011 22:16:02.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.751.529 [GMT 13:00]
Running from: c:\documents and settings\Des\Desktop\ComboFix.exe
Command switches used :: /nombr
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\alot
c:\windows\system32\ban_list.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 03:50 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-03-17 03:47 . 2011-03-17 03:47 -------- d-----w- c:\program files\Windows Media Connect 2
2011-03-17 03:43 . 2011-03-17 03:45 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-03-17 03:43 . 2011-03-17 03:43 -------- d-----w- c:\windows\system32\LogFiles
2011-03-16 12:15 . 2011-03-16 12:15 -------- d-----w- c:\program files\Common Files\Java
2011-03-16 11:26 . 2011-03-16 11:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-16 11:26 . 2011-03-16 11:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-16 11:25 . 2011-03-16 11:25 -------- d-----w- c:\program files\Java
2011-03-16 11:25 . 2011-03-16 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-03-16 09:39 . 2011-03-16 09:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-15 07:54 . 2011-03-15 07:54 -------- d-----w- c:\program files\Tizer™ Rootkit Razor
2011-03-15 05:34 . 2011-03-15 05:35 -------- d-----w- C:\rsit
2011-03-15 05:34 . 2011-03-15 05:35 -------- d-----w- c:\program files\trend micro
2011-03-15 02:43 . 2011-03-15 02:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-03-12 10:01 . 2011-03-12 10:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-03-11 09:48 . 2011-03-11 09:48 -------- d-----w- c:\documents and settings\Des\Application Data\Malwarebytes
2011-03-11 09:48 . 2010-12-20 05:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-11 09:48 . 2011-03-11 09:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-11 09:48 . 2011-03-11 09:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-11 09:48 . 2010-12-20 05:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-11 01:44 . 2011-03-11 01:44 -------- d-sh--w- c:\documents and settings\Des\IECompatCache
2011-03-11 01:13 . 2011-03-11 01:13 -------- d-----w- c:\program files\CCleaner
2011-02-24 03:43 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-02-24 03:43 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2011-02-24 03:42 . 2008-04-14 00:12 20992 ----a-w- c:\windows\system32\dshowext.ax
2011-02-24 03:42 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-02-24 03:42 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2002-11-26 21:15 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-09 13:53 . 2002-11-26 21:15 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2004-04-10 06:52 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-04-10 06:52 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-04-10 06:44 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-04-10 06:43 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-04-10 06:44 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-04-10 06:43 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-23 07:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-04-10 06:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-04-10 06:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-04-10 06:43 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-06-22 01:45 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 68856]
"Google Update"="c:\documents and settings\Des\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-22 133104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2004-02-25 258048]
"000StTHK"="000StTHK.exe" [2001-06-24 24576]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-01-26 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-26 118784]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"TFNF5"="TFNF5.exe" [2003-12-02 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 135168]
"TPSMain"="TPSMain.exe" [2004-03-03 278528]
"TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2004-03-25 126976]
"TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2003-10-07 77824]
"TFncKy"="TFncKy.exe" [BU]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-26 118843]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2003-01-22 126976]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-01-02 172032]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 88363]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-14 380416]
"PowerMenu"="c:\windows\system32\powermenu.exe" [2002-12-20 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-21 241664]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-09 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-4-10 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R1 1UnHooker;1UnHooker;c:\windows\system32\drivers\1UnHooker.sys [2/03/2010 10:15 p.m. 22016]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [10/04/2004 8:27 p.m. 5760]
R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [10/04/2004 8:27 p.m. 126976]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [10/04/2004 12:50 p.m. 46108]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\D.tmp --> c:\windows\system32\D.tmp [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-25 08:18]
.
2011-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-126565334-1247997129-966148686-1005Core.job
- c:\documents and settings\Des\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:48]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-126565334-1247997129-966148686-1005UA.job
- c:\documents and settings\Des\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 09:48]
.
2011-03-17 c:\windows\Tasks\User_Feed_Synchronization-{9C081B87-39FC-43C6-A190-CE03A86C15BB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-03-17 22:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-17 22:28:29
ComboFix-quarantined-files.txt 2011-03-17 09:28
.
Pre-Run: 23,557,246,976 bytes free
Post-Run: 23,519,084,544 bytes free
.
- - End Of File - - E1911D45779CA0551DED4D5199418DFB