Sorry it took so long. Something happened to my network.
ComboFix:
ComboFix 09-02-21.01 - Christy 2009-02-22 15:11:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.152 [GMT -6:00]
Running from: c:\documents and settings\Christy\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.
2009-02-22 13:36 . 2009-02-22 13:36
d-------- C:\_OTMoveIt
2009-02-16 12:51 . 2009-02-16 12:51 d-------- c:\documents and settings\Christy\Application Data\Malwarebytes
2009-02-16 12:50 . 2009-02-16 12:50 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-08 12:08 . 2009-02-08 12:08 d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-08 11:58 . 2009-02-08 11:58 d-------- c:\program files\Common Files\Macrovision Shared
2009-02-08 11:41 . 2009-02-08 11:41 129,784 --------- c:\windows\system32\pxafs.dll
2009-02-08 11:41 . 2009-02-08 11:41 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-02-08 11:41 . 2009-02-08 11:41 116,472 --------- c:\windows\system32\pxcpyi64.exe
2009-02-08 11:41 . 2009-02-08 11:41 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-02-08 11:41 . 2009-02-08 11:41 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-02-07 11:38 . 2009-02-07 11:38 d-------- c:\windows\.file_store_32
2009-02-03 20:38 . 2007-12-04 17:10 16,640 -ra------ c:\windows\system32\drivers\PalmUSBD.sys
2009-02-03 20:35 . 2009-02-03 20:35 d-------- c:\documents and settings\Christy\Application Data\Arcsoft
2009-02-03 20:19 . 2009-02-03 20:19 d-------- c:\documents and settings\Christy\Application Data\HotSync
2009-02-03 20:19 . 2009-02-03 20:19 d-------- c:\documents and settings\All Users\Application Data\HotSync
2009-02-03 20:12 . 2009-02-03 20:33 d-------- c:\program files\Palm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-02-21 16:35 --------- d-----w c:\documents and settings\Christy\Application Data\Download Manager
2009-02-17 00:09 --------- d-----w c:\program files\No-IP
2009-02-08 17:59 --------- d-----w c:\program files\Common Files\Adobe
2009-02-08 17:41 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-02-07 17:40 34 ----a-w c:\documents and settings\Christy\jagex_runescape_preferences.dat
2009-01-11 01:26 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-11 01:25 --------- d-----w c:\program files\Java
2008-12-24 21:04 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-12-23 23:40 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-25 17:09 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008102520081026\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-02-22_14.42.00.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-22 21:02:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SDTray"="c:\program files\Spyware Doctor\SDTrayApp.exe" [2007-06-12 1053264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
Wireless-G Notebook Adapter.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2008-04-03 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 163840]
R2 sdAuxService;Spyware Doctor Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [2007-08-16 708688]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a27f6b10-7510-11dc-bbed-00c09f73e861}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
FF - ProfilePath - c:\documents and settings\Christy\Application Data\Mozilla\Firefox\Profiles\v1hq5pxy.default\
FF - prefs.js: browser.startup.homepage - hxxp://nonstopgamers.smfforfree.com
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 15:16:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1472)
c:\program files\Funk Software\Funk Client\odLogin.dll
.
Completion time: 2009-02-22 15:19:24
ComboFix-quarantined-files.txt 2009-02-22 21:18:56
ComboFix2.txt 2009-02-22 20:44:04
Pre-Run: 18,894,684,160 bytes free
Post-Run: 18,882,805,760 bytes free
113 --- E O F --- 2009-01-11 01:37:41