Virus.Win32.gpcode.ak Virus Removal Help Needed!

Hi,

My computer have infected by this virus, and able to get back to normal by running Combo-fix.
I would like to know if this is cleaned. thank you. below is the log file. Thanks in advance!

ComboFix 10-02-11.04 - apariona 02/12/2010 11:25:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1430 [GMT -8:00]
Running from: c:\documents and settings\apariona.OKIDOKISIGNS\Desktop\Combo-Fix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\4782050\ywiseext.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\5685224\ywiseext.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\avcodec-52.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\avformat-52.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\avutil-50.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\chrome.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\gears.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\icudt42.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\am.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ar.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\bg.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\bn.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ca.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\cs.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\da.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\de.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\el.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\en-GB.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\en-US.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\es-419.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\es.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\et.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\fi.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\fil.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\fr.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\gu.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\he.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\hi.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\hr.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\hu.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\id.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\it.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ja.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\kn.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ko.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\lt.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\lv.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ml.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\mr.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\nb.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\nl.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\or.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\pl.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\pt-BR.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\pt-PT.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ro.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ru.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\sk.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\sl.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\sr.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\sv.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\sw.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ta.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\te.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\th.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\tr.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\uk.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\vi.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\zh-CN.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\zh-TW.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\rlz.dll
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\chrome.exe
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\chrome_9757\source\Chrome-bin\wow_helper.exe
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\CR_303.tmp\setup.exe
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\CR_67.tmp\setup.exe
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\SEA17A\StuffIt 11.0.2.55\SMSetup.exe
c:\documents and settings\All Users\Application Data\_VOIDkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\_VOIDmainqt.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\fouojk
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\fouojk\dxfxsftav.exe
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\4782050\ywiseext.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\5685224\ywiseext.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\avcodec-52.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\avformat-52.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\avutil-50.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\chrome.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\gears.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\icudt42.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\am.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ar.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\bg.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\bn.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ca.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\cs.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\da.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\de.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\el.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\en-GB.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\en-US.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\es-419.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\es.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\et.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\fi.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\fil.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\fr.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\gu.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\he.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\hi.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\hr.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\hu.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\id.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\it.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ja.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\kn.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ko.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\lt.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\lv.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ml.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\mr.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\nb.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\nl.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\or.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\pl.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\pt-BR.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\pt-PT.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ro.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ru.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\sk.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\sl.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\sr.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\sv.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\sw.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\ta.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\te.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\th.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\tr.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\uk.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\vi.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\zh-CN.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\Locales\zh-TW.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\4.0.249.89\rlz.dll
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\chrome.exe
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\chrome_9757\source\Chrome-bin\wow_helper.exe
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\CR_303.tmp\setup.exe
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\CR_67.tmp\setup.exe
c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Temp\SEA17A\StuffIt 11.0.2.55\SMSetup.exe
c:\windows\system32\_VOIDbesjjmecgn.dll
c:\windows\system32\_VOIDbnrdvwamto.dll
c:\windows\system32\_VOIDkfhhlteiln.dll
c:\windows\system32\_VOIDqtudjbygaq.dat
c:\windows\system32\_VOIDshsyst.dll
c:\windows\system32\_VOIDxenvywlnyq.dll
c:\windows\system32\Cache
c:\windows\system32\drivers\_VOIDnrphmvfwyn.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service__VOIDd.sys
-------\Legacy__VOIDd.sys


((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 19:25 . 2010-02-12 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-12 19:10 . 2010-02-12 19:10 -------- d-----w- C:\found.000
2010-02-12 18:45 . 2010-02-12 18:55 -------- d-----w- C:\Combo-Fix
2010-02-11 03:35 . 2010-02-11 03:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-11 03:28 . 2010-02-11 03:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-11 03:28 . 2010-02-11 03:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-11 03:11 . 2010-02-11 03:11 -------- d-sh--w- c:\documents and settings\Dserver.OKIDOKISIGNS\PrivacIE
2010-02-10 23:53 . 2010-02-10 23:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-10 02:09 . 2010-02-10 02:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-20 22:53 . 2010-01-20 22:53 -------- d-----w- c:\program files\VideoLightBox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 23:53 . 2009-08-25 21:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-10 23:22 . 2009-11-09 21:41 79488 ----a-w- c:\documents and settings\apariona.OKIDOKISIGNS\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-10 02:08 . 2010-02-10 02:08 8 ----a-w- c:\documents and settings\All Users\Application Data\mswintmp.dat
2010-02-04 21:45 . 2009-08-28 23:44 -------- d-----w- c:\documents and settings\apariona.OKIDOKISIGNS\Application Data\U3
2010-01-23 01:13 . 2009-08-18 02:16 855864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-22 11:18 . 2009-08-18 02:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 11:02 . 2009-08-25 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-13 01:15 . 2009-10-02 23:08 -------- d-----w- c:\program files\Opera
2009-12-21 19:14 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-15 00:23 . 2009-12-15 00:23 -------- d-----w- c:\program files\Google
2009-11-21 15:51 . 2008-04-25 16:16 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-15 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-30 624248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Suitcase 11.0.lnk - c:\windows\Installer\{4E920E20-CB94-45D3-9520-929FA61983D2}\_01D57C9244869186542E24.exe [2009-12-9 9062]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-1935655697-842925246-3627\scripts\Logon\0\0]
"script"=c:\winnt\SYSVOL\sysvol\okidokisigns.com\scripts\okiscript.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-1935655697-842925246-4631\scripts\Logon\0\0]
"script"=c:\winnt\SYSVOL\sysvol\okidokisigns.com\scripts\okiscript.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-1935655697-842925246-6133\scripts\Logon\0\0]
"script"=c:\winnt\SYSVOL\sysvol\okidokisigns.com\scripts\okiscript.bat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [8/27/2009 9:39 AM 5248]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/24/2009 1:13 PM 54752]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [8/17/2009 6:16 PM 8960]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [8/17/2009 6:18 PM 115560]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/17/2009 9:07 PM 110080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/14/2009 4:23 PM 135664]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [8/17/2009 6:16 PM 11264]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [8/17/2009 6:16 PM 16640]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [8/27/2009 9:39 AM 160640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/27/2009 9:38 AM 715248]
.
Contents of the 'Scheduled Tasks' folder

2010-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 00:23]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 00:23]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1935655697-842925246-6133Core.job
- c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-18 00:23]

2010-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1935655697-842925246-6133UA.job
- c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-18 00:23]

2010-02-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\apariona.OKIDOKISIGNS\Application Data\Mozilla\Firefox\Profiles\6i3275dy.default\
FF - component: c:\documents and settings\apariona.OKIDOKISIGNS\Application Data\Mozilla\Firefox\Profiles\6i3275dy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-pgbmclki - c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\fouojk\dxfxsftav.exe
HKLM-Run-pgbmclki - c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\fouojk\dxfxsftav.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 11:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{5444F778-4202-4E90-A449-1D9B42054AC7}
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{5444F778-4202-4E90-A449-1D9B42054AC7}\{6ABFAFFF-7142-4E30-9C97-FAA20E671F32}
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{9A3D325E-E6C2-4034-892C-42FA90B82E4C}
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{9A3D325E-E6C2-4034-892C-42FA90B82E4C}\{6ABFAFFF-7142-4E30-9C97-FAA20E671F32}
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{A18A9F80-D237-S8BB-A3D9-61ADCBE22764}
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{A18A9F80-D237-S8BB-A3D9-61ADCBE22764}\ASD_2.1.5_US.exe 26235908 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{A18A9F80-D237-S8BB-A3D9-61ADCBE22764}\ASD_2.1.7_US.exe 26368149 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{AA3D6EE1-9B78-4B07-8935-18D70949F98B}
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{C45846C2-0A81-47DA-B2F7-DDB61E060C1C}
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{C45846C2-0A81-47DA-B2F7-DDB61E060C1C}\{6ABFAFFF-7142-4E30-9C97-FAA20E671F32}
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_bg.dll 29168 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_bn.dll 27632 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_ca.dll 28656 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_cs.dll 27632 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_da.dll 27632 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_de.dll 29168 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_el.dll 29680 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_en-GB.dll 26608 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_en.dll 26608 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_es-419.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_es.dll 29680 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_et.dll 27632 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_fa.dll 26096 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_fi.dll 27632 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_fil.dll 29168 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_fr.dll 29168 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_hi.dll 27632 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_hr.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_hu.dll 28656 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_id.dll 27120 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_is.dll 27120 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_it.dll 28656 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_iw.dll 25072 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890Fcatchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_kn.dll 27120 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_ko.dll 23024 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_lt.dll 27120 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_lv.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_ml.dll 30192 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_mr.dll 27120 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_ms.dll 27632 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_nl.dll 28656 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\GoogleCrashHandler.exe 136176 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\GoogleUpdate.exe 135664 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\GoogleUpdateHelper.msi 26624 bytes
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdate.dll 681968 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\GoopdateBho.dll 138736 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_ar.dll 25584 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_gu.dll 27632 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_no.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_or.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_pl.dll 28656 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_pt-BR.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_pt-PT.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_ro.dll 28656 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_ru.dll 27120 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_sk.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_sl.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_sr.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_sv.dll 27120 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_ta.dll 28656 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_te.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_th.dll 26608 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_tr.dll 28144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_uk.dll 27632 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_ur.dll 27632 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_vi.dll 27120 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_zh-CN.dll 20976 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\goopdateres_zh-TW.dll 20976 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{E341E58A-67F8-444B-9FF9-80ADA8A890FB}\npGoogleOneClick8.dll 220144 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\catchme.dll 53248 bytes executable
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\{00E5C764-9525-44C3-8404-712AD06AE12A}Titan.ico 41561 bytes
c:\docume~1\APARIO~1.OKI\LOCALS~1\Temp\~nsu.tmp

scan completed successfully
hȋdden files: 74

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\program files\Extensis\Extensis Suitcase 11\Bonjour\mdnsNSP.dll
.
Completion time: 2010-02-12 11:33:49
ComboFix-quarantined-files.txt 2010-02-12 19:33

Pre-Run: 112,734,162,944 bytes free
Post-Run: 115,230,646,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4C75A82ED105C79406CDE4654848A748

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   Folder::
   C:\found.000
   
   DDS::
   uInternet Settings,ProxyServer = http=127.0.0.1:5555
   uInternet Settings,ProxyOverride =
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.
   

Thanks for the prompt response!


ComboFix 10-02-11.04 - apariona 02/12/2010 12:58:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1453 [GMT -8:00]
Running from: c:\documents and settings\apariona.OKIDOKISIGNS\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\apariona.OKIDOKISIGNS\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
c:\found.000\dir0000.chk\0001000E.wid
c:\found.000\dir0000.chk\00010011.ci
c:\found.000\dir0000.chk\00010011.dir
c:\found.000\dir0000.chk\00010011.wid
c:\found.000\dir0000.chk\00010014.ci
c:\found.000\dir0000.chk\00010014.dir
c:\found.000\dir0000.chk\00010014.wid

.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.

2010-02-12 19:25 . 2010-02-12 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-02-12 18:45 . 2010-02-12 18:55 -------- d-----w- C:\Combo-Fix
2010-02-11 03:35 . 2010-02-11 03:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-11 03:28 . 2010-02-11 03:28 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-11 03:28 . 2010-02-11 03:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-11 03:11 . 2010-02-11 03:11 -------- d-sh--w- c:\documents and settings\Dserver.OKIDOKISIGNS\PrivacIE
2010-02-10 23:53 . 2010-02-10 23:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-10 02:09 . 2010-02-10 02:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-20 22:53 . 2010-01-20 22:53 -------- d-----w- c:\program files\VideoLightBox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 23:53 . 2009-08-25 21:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-10 23:22 . 2009-11-09 21:41 79488 ----a-w- c:\documents and settings\apariona.OKIDOKISIGNS\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-10 02:08 . 2010-02-10 02:08 8 ----a-w- c:\documents and settings\All Users\Application Data\mswintmp.dat
2010-02-04 21:45 . 2009-08-28 23:44 -------- d-----w- c:\documents and settings\apariona.OKIDOKISIGNS\Application Data\U3
2010-01-23 01:13 . 2009-08-18 02:16 855864 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-22 11:18 . 2009-08-18 02:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 11:02 . 2009-08-25 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-13 01:15 . 2009-10-02 23:08 -------- d-----w- c:\program files\Opera
2009-12-21 19:14 . 2008-04-25 16:16 916480 ------w- c:\windows\system32\wininet.dll
2009-12-15 00:23 . 2009-12-15 00:23 -------- d-----w- c:\program files\Google
2009-11-21 15:51 . 2008-04-25 16:16 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-12_19.32.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-12 20:47 . 2010-02-12 20:47 16384 c:\windows\Temp\Perflib_Perfdata_7c0.dat
+ 2009-08-27 18:07 . 2010-02-12 20:47 224538 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Google Update"="c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-15 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-30 624248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Suitcase 11.0.lnk - c:\windows\Installer\{4E920E20-CB94-45D3-9520-929FA61983D2}\_01D57C9244869186542E24.exe [2009-12-9 9062]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-1935655697-842925246-3627\Scripts\Logon\0\0]
"Script"=c:\winnt\SYSVOL\sysvol\okidokisigns.com\scripts\okiscript.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-1935655697-842925246-4631\Scripts\Logon\0\0]
"Script"=c:\winnt\SYSVOL\sysvol\okidokisigns.com\scripts\okiscript.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1644491937-1935655697-842925246-6133\Scripts\Logon\0\0]
"Script"=c:\winnt\SYSVOL\sysvol\okidokisigns.com\scripts\okiscript.bat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [8/27/2009 9:39 AM 5248]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9/24/2009 1:13 PM 54752]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [8/17/2009 6:18 PM 115560]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/17/2009 9:07 PM 110080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/14/2009 4:23 PM 135664]
S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [8/17/2009 6:16 PM 8960]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [8/17/2009 6:16 PM 11264]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [8/17/2009 6:16 PM 16640]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [8/27/2009 9:39 AM 160640]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/27/2009 9:38 AM 715248]
.
Contents of the 'Scheduled Tasks' folder

2010-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 00:23]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-15 00:23]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1935655697-842925246-6133Core.job
- c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-18 00:23]

2010-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1935655697-842925246-6133UA.job
- c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-18 00:23]

2010-02-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07]
.
.
------- Supplementary Scan -------
.
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\apariona.OKIDOKISIGNS\Application Data\Mozilla\Firefox\Profiles\6i3275dy.default\
FF - component: c:\documents and settings\apariona.OKIDOKISIGNS\Application Data\Mozilla\Firefox\Profiles\6i3275dy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\apariona.OKIDOKISIGNS\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 13:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(816)
c:\program files\Extensis\Extensis Suitcase 11\Bonjour\mdnsNSP.dll
.
Completion time: 2010-02-12 13:03:24
ComboFix-quarantined-files.txt 2010-02-12 21:03

Pre-Run: 115,306,606,592 bytes free
Post-Run: 115,323,154,432 bytes free

- - End Of File - - 606E851BD91C87234C951961F0D5810C

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

Ok. It is running normal now, just the McAfee Anti-virus software can not be enabled.

Thanks a lot!!!!!

It is ok now after I run a repair mode of the McAfee Anti-Virus. Thanks.