I cant get onto the internet to download microsoft recovery console, so I went ahead and did the scan anyway.
Here are the combofix results:-
ComboFix 11-08-16.05 - Gareth 2 17/08/2011 12:02:32.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1590 [GMT 1:00]
Running from: E:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2051-08-02 00:10 . 2051-08-02 00:10 -------- d-----w- c:\program files\Microsoft Reader
2051-08-02 00:08 . 2051-08-02 00:08 -------- d-----w- c:\program files\Common Files\OverDrive Shared
2051-08-02 00:07 . 2051-08-02 00:07 -------- d-----w- c:\documents and settings\All Users\Application Data\iMesh
2051-08-02 00:06 . 2051-08-02 00:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\{DE0AF019-D61B-423F-9C3B-D49ECD51D8A1}
2051-08-02 00:02 . 2051-08-02 00:02 -------- d-----w- c:\program files\MySQL
2051-08-02 00:02 . 2051-08-02 00:02 -------- d-----w- c:\program files\Microsoft ActiveSync
2051-08-02 00:00 . 2051-08-02 00:02 -------- d-----w- c:\program files\Microsoft SQL Server
2051-08-02 00:00 . 2051-08-02 00:00 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-08-17 10:49 . 2011-08-17 10:50 -------- d-----w- c:\documents and settings\Administrator
2011-08-17 09:29 . 2011-08-17 09:29 -------- d-----w- c:\program files\Trend Micro
2011-08-16 17:13 . 2011-08-16 17:13 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B6AC72F-371F-4675-8EBC-B393DC152E50}\MpKsl25c11be3.sys
2011-08-13 17:47 . 2011-08-13 17:47 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B6AC72F-371F-4675-8EBC-B393DC152E50}\MpKsl0c9959cb.sys
2011-08-13 17:45 . 2011-08-13 17:45 -------- d-----w- C:\found.000
2011-08-13 17:34 . 2011-08-13 17:34 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B6AC72F-371F-4675-8EBC-B393DC152E50}\MpKslce4a1626.sys
2011-08-13 17:32 . 2011-08-13 17:32 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B6AC72F-371F-4675-8EBC-B393DC152E50}\MpKsl8ed0158a.sys
2011-08-13 16:46 . 2011-07-13 03:39 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B6AC72F-371F-4675-8EBC-B393DC152E50}\mpengine.dll
2011-08-09 09:36 . 2011-08-16 20:53 -------- d-----w- c:\documents and settings\Gareth 2
2011-08-09 09:19 . 2011-08-09 09:19 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-05 13:33 . 2011-08-05 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-08-05 13:33 . 2011-08-09 09:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-05 13:33 . 2011-08-05 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-07-27 20:11 . 2051-08-02 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-07-27 20:11 . 2051-08-02 00:00 -------- d-----w- c:\program files\Security Task Manager
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-05 12:17 . 2009-06-14 14:05 90112 ----a-w- c:\windows\DUMP4584.tmp
2011-07-13 03:39 . 2011-05-14 22:29 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-18 19:25 . 2011-06-07 12:02 2026304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-06-17 18:53 . 2011-06-16 02:24 586176 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2011-06-16 07:28 . 2011-06-07 12:02 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2011-06-02 14:02 . 2005-10-06 00:06 1858944 ----a-w- c:\windows\system32\win32k(2).sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-04-16 16:08 172032 -c--a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4800 Series]
2005-02-02 04:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIADE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus Office BX320FW(Network)]
2009-09-14 07:00 200704 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIGIE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FuncKey]
2006-07-27 14:06 122880 -c--a-w- c:\program files\Hotkey 1.0.4\FuncKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 12:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2006-07-11 01:33 176128 ----a-w- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 12:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-05-09 12:33 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-10 20:52 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2006-08-03 13:53 53248 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=2 (0x2)
"xmlprov"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RasAuto"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"BITS"=3 (0x3)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"BthServ"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
.
S1 MpKsl0c9959cb;MpKsl0c9959cb;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B6AC72F-371F-4675-8EBC-B393DC152E50}\MpKsl0c9959cb.sys [13/08/2011 18:47 28752]
S1 MpKsl1b7e8dd0;MpKsl1b7e8dd0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl1b7e8dd0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl1b7e8dd0.sys [?]
S1 MpKsl28969d54;MpKsl28969d54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E41E0A-F5BE-44BE-8833-C532417CB736}\MpKsl28969d54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E41E0A-F5BE-44BE-8833-C532417CB736}\MpKsl28969d54.sys [?]
S1 MpKsl2bea2fc8;MpKsl2bea2fc8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A4E1387-8055-4D23-B661-7264E855A9C0}\MpKsl2bea2fc8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A4E1387-8055-4D23-B661-7264E855A9C0}\MpKsl2bea2fc8.sys [?]
S1 MpKsl3170ad88;MpKsl3170ad88;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F31A240E-FBA8-4DEB-8AB3-7AA35F38C0C7}\MpKsl3170ad88.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F31A240E-FBA8-4DEB-8AB3-7AA35F38C0C7}\MpKsl3170ad88.sys [?]
S1 MpKsl42ac3af1;MpKsl42ac3af1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl42ac3af1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl42ac3af1.sys [?]
S1 MpKsl49099c9f;MpKsl49099c9f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E41E0A-F5BE-44BE-8833-C532417CB736}\MpKsl49099c9f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E41E0A-F5BE-44BE-8833-C532417CB736}\MpKsl49099c9f.sys [?]
S1 MpKsl88d9f859;MpKsl88d9f859;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl88d9f859.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl88d9f859.sys [?]
S1 MpKsl8e6d9c34;MpKsl8e6d9c34;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl8e6d9c34.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl8e6d9c34.sys [?]
S1 MpKsl8ed0158a;MpKsl8ed0158a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B6AC72F-371F-4675-8EBC-B393DC152E50}\MpKsl8ed0158a.sys [13/08/2011 18:32 28752]
S1 MpKsl922c3c74;MpKsl922c3c74;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl922c3c74.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl922c3c74.sys [?]
S1 MpKsl98941da7;MpKsl98941da7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl98941da7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0294B480-F853-473E-B04A-1A23E6F87A87}\MpKsl98941da7.sys [?]
S1 MpKsl9c7df659;MpKsl9c7df659;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F31A240E-FBA8-4DEB-8AB3-7AA35F38C0C7}\MpKsl9c7df659.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F31A240E-FBA8-4DEB-8AB3-7AA35F38C0C7}\MpKsl9c7df659.sys [?]
S1 MpKsla14d02ba;MpKsla14d02ba;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E41E0A-F5BE-44BE-8833-C532417CB736}\MpKsla14d02ba.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E41E0A-F5BE-44BE-8833-C532417CB736}\MpKsla14d02ba.sys [?]
S1 MpKslc8bb23b1;MpKslc8bb23b1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F31A240E-FBA8-4DEB-8AB3-7AA35F38C0C7}\MpKslc8bb23b1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F31A240E-FBA8-4DEB-8AB3-7AA35F38C0C7}\MpKslc8bb23b1.sys [?]
S1 MpKslce4a1626;MpKslce4a1626;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5B6AC72F-371F-4675-8EBC-B393DC152E50}\MpKslce4a1626.sys [13/08/2011 18:34 28752]
S1 MpKsle4860c9d;MpKsle4860c9d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E41E0A-F5BE-44BE-8833-C532417CB736}\MpKsle4860c9d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{70E41E0A-F5BE-44BE-8833-C532417CB736}\MpKsle4860c9d.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [09/05/2011 13:32 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [09/05/2011 13:32 136176]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-19 12:33]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 12:32]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-09 12:32]
.
2011-08-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 11:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-08-17 12:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2616)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-08-17 12:09:03
ComboFix-quarantined-files.txt 2011-08-17 11:09
ComboFix2.txt 2011-08-17 09:50
.
Pre-Run: 31,665,119,232 bytes free
Post-Run: 31,652,577,280 bytes free
.
- - End Of File - - 2F85649248CD648A311608681C586329