Acer Aspire One locking up (Resolved)

[jpfof7]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-07 13:11:44
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Pezzini\LOCALS~1\Temp\uxxcraob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA01778A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA017738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA01774C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA0177CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA017710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA017724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA01779E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA017776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA017762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA0177F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA0177E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA0177B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \Driver\ACPI \Device\0000008e 85D3A878
Device \Driver\ACPI \Device\0000008f 85D3A878

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\ACPI \Device\00000070 85D3A878
Device \Driver\ACPI \Device\00000073 85D3A878
Device \Driver\ACPI \Device\00000080 85D3A878
Device \Driver\ACPI \Device\00000074 85D3A878
Device \Driver\ACPI \Device\00000081 85D3A878
Device \Driver\ACPI \Device\00000075 85D3A878
Device \Driver\ACPI \Device\00000076 85D3A878
Device \Driver\ACPI \Device\00000077 85D3A878
Device \Driver\ACPI \Device\00000091 85D3A878
Device \Driver\ACPI \Device\00000078 85D3A878
Device \Driver\ACPI \Device\00000085 85D3A878

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\ACPI \Device\0000006a 85D3A878
Device \Driver\ACPI \Device\0000006b 85D3A878
Device \Driver\ACPI \Device\0000006c 85D3A878
Device \Driver\ACPI \Device\0000006d 85D3A878
Device \Driver\ACPI \Device\0000006e 85D3A878
Device \Driver\ACPI \Device\0000007d 85D3A878
Device \Driver\ACPI \Device\0000007e 85D3A878
Device \Driver\ACPI \Device\0000008b 85D3A878
Device \Driver\ACPI \Device\0000008c 85D3A878
Device \Driver\ACPI \Device\0000008d 85D3A878

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

[katana]

There is no sign of any infection there ?

Let's have a last couple of scans to make sure.


----------------------------------------------------------------------------------------
Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
• If requested, please reboot
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Step 2


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

• You must download it to and run it from your Desktop
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply
• Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• MalwareBytes Log
• Combofix Log

[jpfof7]

Thanks for the help.

I will run the Malbytes and Combofix scans. Want to make sure I don't need to do anything about Defogger just yet?

[katana]

Want to make sure I don't need to do anything about Defogger just yet?

Not yet, we will run that again later.

[jpfof7]

Malwarebytes' Anti-Malware 1.44
Database version: 3834
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/7/2010 5:43:43 PM
mbam-log-2010-03-07 (17-43-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 161283
Time elapsed: 18 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[jpfof7]

ComboFix 10-03-07.02 - Pezzini 03/07/2010 18:36:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.545 [GMT -8:00]
Running from: c:\documents and settings\Pezzini\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\autorun.ini

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Created from 2010-02-08 to 2010-03-08 )))))))))))))))))))))))))))))))
.

2010-03-07 23:24 . 2010-03-07 23:24 -------- d-----w- c:\documents and settings\Pezzini\Application Data\Malwarebytes
2010-03-07 23:24 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 23:24 . 2010-03-07 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-07 23:24 . 2010-03-07 23:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 23:24 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-07 19:19 . 2010-03-07 19:19 -------- d-sh--w- c:\documents and settings\Pezzini\IECompatCache
2010-03-05 05:24 . 2010-03-05 05:24 -------- d-----w- C:\rsit
2010-03-05 05:24 . 2010-03-05 05:24 -------- d-----w- c:\program files\trend micro
2010-02-27 18:04 . 2010-02-27 18:08 -------- d-----w- c:\windows\system32\autorun
2010-02-26 17:15 . 2010-02-26 17:15 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-02-26 04:05 . 2010-02-26 04:05 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 21:27 . 2009-07-15 21:08 -------- d-----w- c:\program files\Java
2010-03-07 21:25 . 2010-03-07 21:25 152576 ----a-w- c:\documents and settings\Pezzini\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-07 21:25 . 2010-03-07 21:25 79488 ----a-w- c:\documents and settings\Pezzini\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-07 19:45 . 2009-08-09 16:04 -------- d-----w- c:\program files\McAfee
2010-03-07 19:19 . 2010-03-07 19:18 20829680 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-07 19:18 . 2010-03-07 19:18 8405312 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-07 19:18 . 2010-03-07 19:18 149000 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-07 19:17 . 2010-03-07 19:17 10309448 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-07 19:16 . 2010-03-07 19:16 283280 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-07 19:16 . 2010-03-07 19:16 181768 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-07 19:16 . 2010-03-07 19:16 79368 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-07 19:16 . 2010-03-07 19:16 64000 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-07 19:16 . 2010-03-07 19:16 52288 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-07 19:16 . 2010-03-07 19:16 50688 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-07 19:16 . 2010-03-07 19:16 49152 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-07 19:16 . 2010-03-07 19:16 118784 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-05 04:38 . 2010-03-05 04:38 439816 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\setup3.10\setup.exe
2010-03-05 04:38 . 2010-03-05 04:38 439816 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\temp\~Upg0\setup.exe
2010-03-05 04:38 . 2010-03-05 04:38 118784 ----a-w- c:\documents and settings\Pezzini\Application Data\Real\Update\temp\~Upg0\install.dll
2010-02-27 18:45 . 2008-08-15 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-27 17:29 . 2009-03-02 22:15 7246 ----a-w- c:\documents and settings\Pezzini\Application Data\wklnhst.dat
2010-02-26 16:38 . 2009-02-18 22:38 -------- d-----w- c:\program files\Google
2010-02-26 05:42 . 2009-06-13 20:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-26 05:36 . 2009-08-21 21:01 -------- d-----w- c:\documents and settings\Pezzini\Application Data\U3
2010-02-12 17:24 . 2010-01-01 06:51 69 ----a-w- c:\documents and settings\Pezzini\jagex_runescape_preferences2.dat
2010-02-12 17:24 . 2009-07-15 21:14 41 ----a-w- c:\documents and settings\Pezzini\jagex_runescape_preferences.dat
2010-01-22 15:02 . 2009-08-26 02:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 16:50 . 2009-03-13 16:42 60592 ----a-w- c:\documents and settings\Pezzini\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-18 17:55 . 2009-03-20 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-31 16:50 . 2008-04-15 03:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2007-08-14 01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2008-04-15 03:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-15 03:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2008-04-15 03:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-15 03:00 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"M3000Mnt"="M3000Rmv.dll " [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-18 24064]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-24 198160]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/9/2009 8:08 AM 93320]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [5/5/2008 8:01 AM 151936]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/18/2009 2:38 PM 24064]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/18/2009 2:43 PM 96856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3/7/2010 3:24 PM 38224]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{1A45FF0C-DF59-4B11-B7C0576459748470}
.
Contents of the 'Scheduled Tasks' folder

2010-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-08-09 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-09 19:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-09 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-07 18:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x860AF678]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf776bf28
\Driver\ACPI -> 0x860af678
\Driver\atapi -> atapi.sys @ 0xf75fe852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1
NDIS: Atheros AR5007EG Wireless Network Adapter -> SendCompleteHandler -> 0x84174330
PacketIndicateHandler -> NDIS.sys @ 0xf74d2a21
SendHandler -> NDIS.sys @ 0xf74c6d44
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A18AC1
malicious code @ sector 0x012A18AC4 !
PE file found in sector at 0x012A18ADA !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1764)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\docume~1\Pezzini\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-07 18:58:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-08 02:57

Pre-Run: 137,222,217,728 bytes free
Post-Run: 138,469,056,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 77A45D532558201A18F44F1B60D727C2

[katana]

Download GMER's MBR.exe to your desktop.
Double click on the MBR.exe file to run it. A log will be produced, MBR.log.
Please open this log in Notepad and post its contents in your next reply.