I updated Malwarebytes and running it now again....i will send sortly when complete.
ComboFix 10-01-19.03 - Carol Arthur 01/19/2010 21:39:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.531 [GMT -5:00]
Running from: c:\documents and settings\Carol Arthur\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1314201555-3785290187-2462946864-1006
.
((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 02:34 . 2010-01-20 02:37 -------- d-----w- c:\windows\LastGood
2010-01-20 01:46 . 2010-01-20 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-20 01:32 . 2010-01-20 01:32 -------- d-----w- c:\documents and settings\Carol Arthur\Application Data\Malwarebytes
2010-01-20 01:32 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 01:32 . 2010-01-20 02:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 01:32 . 2010-01-20 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 01:32 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 01:18 . 2010-01-20 01:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-20 01:18 . 2010-01-20 01:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-18 23:22 . 2010-01-20 02:06 -------- d-----w- c:\documents and settings\Carol Arthur\Local Settings\Application Data\gdpatt
2010-01-17 00:31 . 2010-01-17 00:31 -------- d-----w- c:\documents and settings\Carol Arthur\Local Settings\Application Data\Yahoo!
2010-01-01 17:15 . 2010-01-01 17:15 -------- d-----w- c:\documents and settings\Carol Arthur\Local Settings\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 02:37 . 2008-11-18 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-01-20 02:37 . 2008-11-18 02:18 -------- d-----w- c:\program files\Trend Micro
2010-01-19 23:25 . 2009-02-22 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-17 14:38 . 2009-11-11 16:08 79488 ----a-w- c:\documents and settings\Carol Arthur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-01 17:42 . 2008-08-22 22:12 -------- d-----w- c:\program files\Google
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"nwiz"="nwiz.exe" [2008-02-25 1626112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
S2 gupdate1c99539eeef22f6;Google Update Service (gupdate1c99539eeef22f6);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 5:07 PM 133104]
--- Other Services/Drivers In Memory ---
*Deregistered* - tmactmon
*Deregistered* - tmcomm
*Deregistered* - tmevtmgr
*Deregistered* - tmpreflt
*Deregistered* - tmxpflt
*Deregistered* - vsapint
.
Contents of the 'Scheduled Tasks' folder
2010-01-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 01:23]
2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 22:07]
2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-LaunchApp - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 21:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2008)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-01-19 21:43:14
ComboFix-quarantined-files.txt 2010-01-20 02:43
Pre-Run: 61,807,767,552 bytes free
Post-Run: 61,897,961,472 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - E9ACE68FE4174F5BDBEE950D05E9FA97