Please check these results for Malware

Yay that worked, thanks! Okay here is the log:

ComboFix 10-11-05.05 - Romy (Bunnymommy) 06/11/2010 18:18:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.359 [GMT 0:00]
Running from: C:\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 )))))))))))))))))))))))))))))))
.

2010-10-26 11:45 . 2010-10-26 11:45 -------- d-----w- c:\program files\ERUNT
2010-10-19 18:55 . 2010-10-19 18:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-10-19 18:55 . 2010-10-19 18:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple
2010-10-19 15:50 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-19 15:50 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-19 15:50 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-19 15:50 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-19 15:46 . 2010-10-19 15:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-10-19 15:44 . 2010-10-19 15:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer
2010-10-19 15:44 . 2010-10-19 15:44 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple Computer
2010-10-18 20:04 . 2010-10-20 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-18 20:04 . 2010-10-20 18:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-18 19:43 . 2010-10-18 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-10-13 12:04 . 2010-10-13 12:04 -------- d-----w- c:\documents and settings\Romy (Bunnymommy)\Local Settings\Application Data\Symantec
2010-10-13 12:04 . 2010-10-13 12:04 -------- d-----w- c:\program files\Symantec
2010-10-13 12:04 . 2010-10-13 12:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-13 12:04 . 2010-10-13 12:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-13 12:04 . 2010-10-05 17:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-10-13 12:03 . 2010-10-13 12:03 -------- d-----w- c:\program files\Norton 360
2010-10-13 11:25 . 2010-10-13 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-10-13 11:25 . 2010-10-13 11:25 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-13 11:25 . 2010-10-13 11:25 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-13 11:25 . 2010-10-13 11:25 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-13 11:25 . 2010-10-13 11:27 -------- d-----w- c:\program files\NVIDIA Corporation
2010-10-07 21:08 . 2010-10-07 21:08 -------- d-----w- c:\documents and settings\Romy (Bunnymommy)\Local Settings\Application Data\Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-05 15:24 . 2010-10-05 15:23 67603282 ----a-w- C:\regbkp.reg
2010-09-28 15:27 . 2010-09-28 15:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-28 15:27 . 2010-09-28 15:27 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-23 22:31 . 2010-09-23 22:32 109568 ------w- c:\windows\system32\pxinsi64.exe
2010-09-23 22:31 . 2010-09-23 22:32 108544 ------w- c:\windows\system32\pxcpyi64.exe
2010-09-23 22:31 . 2005-10-26 20:12 20640 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-09-21 01:30 . 2010-09-21 01:30 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2010-09-18 11:23 . 2004-09-10 13:57 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-09-10 13:57 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-10 13:57 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-09-10 13:57 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:58 . 2004-09-10 13:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-09-10 13:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-09-10 13:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-09-10 13:56 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-09-10 13:57 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-09-10 13:57 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-09-10 13:57 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-09-10 13:57 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-09-21 23:10 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-09-10 13:56 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-09-10 13:57 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-09-10 13:57 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\documents and settings\Romy (Bunnymommy)\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-21 23:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EULA]
2006-10-26 13:36 18944 ----a-w- c:\apps\PB_TB\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-21 03:11 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 13:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 15:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 15:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-18 13:27 16207872 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-09-21 23:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"nvsvc"=2 (0x2)
"NSL"=2 (0x2)
"MDM"=2 (0x2)
"McComponentHostService"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"GoogleDesktopManager-051210-111108"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [05/10/2010 12:57 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [05/10/2010 12:57 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101029.001\BHDrvx86.sys [02/11/2010 19:25 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [05/10/2010 12:57 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [05/10/2010 12:57 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [05/10/2010 12:57 126392]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [21/09/2010 04:33 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/10/2010 18:36 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101104.004\IDSXpx86.sys [19/10/2010 20:36 341880]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\ROMY(B~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\ROMY(B~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/09/2010 01:42 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-06 c:\windows\Tasks\User_Feed_Synchronization-{DAE7EBDB-22BF-4277-99B5-843AFA703031}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
MSConfigStartUp-ISTray - c:\program files\PC Tools Security\pctsGui.exe
MSConfigStartUp-MSKDetectorExe - c:\program files\McAfee\SpamKiller\MSKDetct.exe
MSConfigStartUp-VRQ Uploader - c:\program files\NortonVRQ\Engine\5.0.3.4\VRQUploadFiles.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 18:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-11-06 18:28:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-06 18:28

Pre-Run: 181,300,920,320 bytes free
Post-Run: 181,154,906,112 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /bootlog

- - End Of File - - 04DCE090211382025BEFD9876FF3A9D8
 
Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u22.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • J2SE Runtime Environment 5.0 Update 2

    Java(TM) 6 Update 21

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.



Step # 2: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Step # 3 Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


In your next post/reply, I need to see the following:

1. MalwareBytes' Log
2. A fresh DDS Log
 
Here is the mbam log. The weird thing is that there are two previous logs but I don't remember ever using this before!!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5067

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/11/2010 19:52:30
mbam-log-2010-11-07 (19-52-30).txt

Scan type: Quick scan
Objects scanned: 151444
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

__________________________________________________


I have tried to run DDS twice now and both time I end up with the blue screen error

0x0000008E (0x80000004, 0x805BEA08, 0xB7F09844, 0x00000000)

Do you know what this means? I will try DDS again
 
Okay worked okay that time. Here is the DDS


DDS (Ver_10-10-21.02) - NTFSx86
Run by Romy (Bunnymommy) at 20:13:58.21 on 07/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.402 [GMT 0:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Romy (Bunnymommy)\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\romy(b~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-5 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-5 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101029.001\BHDrvx86.sys [2010-11-2 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-5 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-5 116784]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-10-5 126392]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.1.8\ccSvcHst.exe [2010-9-21 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-14 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101104.004\IDSXpx86.sys [2010-10-19 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101105.003\naveng.sys [2010-11-6 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101105.003\navex15.sys [2010-11-6 1371184]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\romy(b~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\romy(b~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-9-21 30192]

=============== Created Last 30 ================

2010-11-07 19:43:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-07 19:43:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-07 19:43:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-07 19:33:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 18:16:28 -------- d-sha-r- C:\cmdcons
2010-11-05 23:49:53 3903800 ----a-r- C:\ComboFix.exe
2010-11-03 19:07:40 98816 ----a-w- c:\windows\sed.exe
2010-11-03 19:07:40 88576 ----a-w- c:\windows\MBR.exe
2010-11-03 19:07:40 256512 ----a-w- c:\windows\PEV.exe
2010-11-03 19:07:40 161792 ----a-w- c:\windows\SWREG.exe
2010-10-19 15:50:55 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-19 15:50:55 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-19 15:50:55 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-19 15:50:49 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-18 20:04:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-18 20:04:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-18 19:43:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2010-10-13 12:04:39 -------- d-----w- c:\docume~1\romy(b~1\locals~1\applic~1\Symantec
2010-10-13 12:04:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-13 12:04:03 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-13 12:04:03 -------- d-----w- c:\program files\Symantec
2010-10-13 12:04:03 -------- d-----w- c:\program files\common files\Symantec Shared
2010-10-13 12:03:29 -------- d-----w- c:\program files\Norton 360
2010-10-13 11:25:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-10-13 11:25:49 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-13 11:25:40 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-13 11:25:40 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-13 11:25:21 -------- d-----w- c:\program files\NVIDIA Corporation

==================== Find3M ====================

2010-11-07 19:33:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-05 15:24:07 67603282 ----a-w- C:\regbkp.reg
2010-09-23 22:31:36 109568 ------w- c:\windows\system32\pxinsi64.exe
2010-09-23 22:31:36 108544 ------w- c:\windows\system32\pxcpyi64.exe
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 20:14:47.03 ===============
 
Here is the mbam log. The weird thing is that there are two previous logs but I don't remember ever using this before!!
Click to expand...

Are you the only one that uses this computer? Its possible that someone else using the computer downloaded and ran MalwareBytes' in the past and later uninstalled it.


I have tried to run DDS twice now and both time I end up with the blue screen error

0x0000008E (0x80000004, 0x805BEA08, 0xB7F09844, 0x00000000)
Click to expand...

Don't know why you got that blue screen when trying to run DDS and why you didn't get it when you ran DDS successfully. Did you get any blue screens from running any other programs/tools I had you download and run?



Your version of Adobe Reader is out of date. Open up Adobe Reader and click Help then Check for Updates. Once Adobe Reader is done checking for updates have it download and install Adobe Reader 9.4.0.


Step # 1: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.


In your next post/reply, I need to see the following:

1. Kaspersky Log
2. How is your computer doing, any problems?
 
Yes I am the only one that uses and has physical access to this machine. The odd thing is the dates are over the past few days or so. Could one of the other programs used it?
 
No other program I had you run uses MalwareBytes' or any part of MalwareBytes' except MalwareBytes' itself.

Go ahead and post the other two MalwareBytes' logs that you mentioned: "The weird thing is that there are two previous logs but I don't remember ever using this before!!"

Also post the Kaspersky Log once you've finished with Kaspersky online scanner, if you haven't done it yet. Plus let me know how the computer is doing. :)
 
Okay was downloading the Kaspersky scanner and database thing which was taking ages when my computer closed down again with a blue screen error. i started up again but now every time I try to start the Kapersky download it comes up with this error:

"The program could not be started.The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.
[ERROR: java.lang.NullPointerException]"
 
Here are the other two previous Malwarebytes logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4713

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29/09/2010 02:20:09
mbam-log-2010-09-29 (02-20-09).txt

Scan type: Quick scan
Objects scanned: 147633
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_________________________________________________

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4713

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/10/2010 18:50:35
mbam-log-2010-10-02 (18-50-35).txt

Scan type: Quick scan
Objects scanned: 146448
Time elapsed: 22 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Regarding the two MBAM Logs you posted, the first one was from September 29th and the 2nd one was from October 2nd. Your first post in this thread is from October 26th.

Did you buy this computer new or did you get it used/secondhand? Did you have this computer before September 29th of this year? If you did buy it used, more likely than not the previous owner(s) downloaded and used MalwareBytes' and then later uninstalled it and the logs from their previous runs stayed behind.


Okay was downloading the Kaspersky scanner and database thing which was taking ages when my computer closed down again with a blue screen error. i started up again but now every time I try to start the Kapersky download it comes up with this error:

"The program could not be started.The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.
[ERROR: java.lang.NullPointerException]"
Click to expand...

Since Kaspersky isn't working for you, let's try another online scanner in its place:

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetExport.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
    esetListThreats.png
  11. Make sure that Remove found threats is unchecked
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
 
Hia sorry for delay coming back to you. I really appreciate all your help.

My computer was running really slow and things were popping up on screen that I hadn't wanted. It then crashed and I just started up again. I got an error message from Microsoft saying that I have the malware Spooldr.sys. This is the message:

"Remove possible malware from your computer
Your computer experienced a problem that was caused by spooldr.sys.

This product might be malware.

What is malware?

Malicious software, also known as malware, is designed to deliberately harm your computer or collect information about you (including personally identifiable or other sensitive information). For example, viruses, worms, and Trojan horses are malicious software.

We recommend that you use the free Windows Live OneCare safety scanner to check your computer for malware. The Windows Live OneCare safety scanner will help you decide whether to remove spooldr.sys.

Go to the following website, and then click Full Service Scan:

Windows Live OneCare safety scanner"

I'm a bit nervous now about downloading this safety scanner in case its not real Microsoft. This is the web address of the link:

http://onecare.live.com/site/en-gb/...ttp://onecare.live.com/site/en-gb/default.htm
 
I'm a bit nervous now about downloading this safety scanner in case its not real Microsoft.
Click to expand...

Windows Live Onecare Scanner is safe and it is from Microsoft. Instead of using it let's go ahead and use the tools we already have on the computer and see what they tell us. :)

I'd like to get fresh runs and logs with the most recent versions of ComboFix and DDS.


Do everything in Normal Mode.

First, delete ComboFix.exe off of your computer and download the latest version from one of the links below:

Link 1
Link 2


Save it to your Desktop and try running it. If ComboFix won't run from the Desktop, then go ahead and move it to C:\ like you did last time and run it from there.


After ComboFix is done, I'd like for you to delete DDS.scr off of your computer and download the latest version of DDS from one of the links below:

here or here or here

Once the download of DDS is complete, run it.

In your next post/reply, I need to see the following:

1. ComboFix Log
2. Both the DDS and Attach.txt Logs
 
Okay here is the combofix log. The first time I ran it I got an error box saying "PEV.cfxxe encountered a problem and had to close" it didn't seem to bother cf at first but then my machine crashed. Second time I ran it, it was fine.

ComboFix 10-11-12.01 - Romy (Bunnymommy) 12/11/2010 20:18:22.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.633 [GMT 0:00]
Running from: C:\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-10-12 to 2010-11-12 )))))))))))))))))))))))))))))))
.

2010-11-08 20:27 . 2010-11-08 20:27 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-11-07 19:43 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-07 19:43 . 2010-11-07 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-07 19:43 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-07 19:33 . 2010-11-07 19:33 -------- d-----w- c:\program files\Common Files\Java
2010-11-07 19:33 . 2010-11-07 19:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-26 11:45 . 2010-10-26 11:45 -------- d-----w- c:\program files\ERUNT
2010-10-19 18:55 . 2010-10-19 18:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-10-19 18:55 . 2010-10-19 18:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple
2010-10-19 15:50 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-19 15:50 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-19 15:50 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-19 15:50 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-19 15:46 . 2010-10-19 15:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-10-19 15:44 . 2010-10-19 15:44 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Apple Computer
2010-10-19 15:44 . 2010-10-19 15:44 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple Computer
2010-10-18 20:04 . 2010-10-20 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-18 20:04 . 2010-10-20 18:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-18 19:43 . 2010-10-18 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-07 19:33 . 2010-09-28 15:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-13 12:04 . 2010-10-13 12:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-13 12:04 . 2010-10-13 12:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-05 15:24 . 2010-10-05 15:23 67603282 ----a-w- C:\regbkp.reg
2010-09-23 22:31 . 2010-09-23 22:32 109568 ------w- c:\windows\system32\pxinsi64.exe
2010-09-23 22:31 . 2010-09-23 22:32 108544 ------w- c:\windows\system32\pxcpyi64.exe
2010-09-23 22:31 . 2005-10-26 20:12 20640 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-09-21 01:30 . 2010-09-21 01:30 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2010-09-18 11:23 . 2004-09-10 13:57 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-09-10 13:57 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-10 13:57 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2004-09-10 13:57 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:58 . 2004-09-10 13:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-09-10 13:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-09-10 13:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2004-09-10 13:56 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-09-10 13:57 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-09-10 13:57 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-09-10 13:57 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-09-10 13:57 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-09-21 23:10 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-09-10 13:56 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-09-10 13:57 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-09-10 13:57 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-06_18.26.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-12 20:16 . 2010-11-12 20:16 16384 c:\windows\Temp\Perflib_Perfdata_6d0.dat
+ 2010-11-12 20:15 . 2010-11-12 20:15 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
- 2010-09-21 01:47 . 2010-11-06 18:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-21 01:47 . 2010-11-12 20:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-21 01:47 . 2010-11-06 18:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-21 01:47 . 2010-11-12 20:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-09-21 01:47 . 2010-11-06 18:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-09-21 01:47 . 2010-11-12 20:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-09-21 01:41 . 2010-10-19 15:52 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2010-09-21 01:41 . 2010-11-10 01:53 45056 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2010-09-21 01:41 . 2010-11-10 01:53 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2010-09-21 01:41 . 2010-10-19 15:52 22528 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2010-09-21 01:41 . 2010-10-19 15:52 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2010-09-21 01:41 . 2010-11-10 01:53 16384 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2010-09-21 01:41 . 2010-11-10 01:53 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2010-09-21 01:41 . 2010-10-19 15:52 34304 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2010-09-21 01:41 . 2010-11-10 01:53 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2010-09-21 01:41 . 2010-10-19 15:52 3584 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2010-09-21 01:41 . 2010-10-19 15:52 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2010-09-21 01:41 . 2010-11-10 01:53 8192 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2010-09-21 01:41 . 2010-11-10 01:53 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2010-09-21 01:41 . 2010-10-19 15:52 2560 c:\windows\Installer\{911B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2010-11-07 19:17 . 2010-11-07 19:17 8192 c:\windows\ERDNT\AutoBackup\07-11-2010\Users\00000002\UsrClass.dat
+ 2010-11-07 19:33 . 2010-11-07 19:33 153376 c:\windows\system32\javaws.exe
- 2010-09-28 15:27 . 2010-09-28 15:27 153376 c:\windows\system32\javaws.exe
- 2010-09-28 15:27 . 2010-09-28 15:27 145184 c:\windows\system32\javaw.exe
+ 2010-11-07 19:33 . 2010-11-07 19:33 145184 c:\windows\system32\javaw.exe
- 2010-09-28 15:27 . 2010-09-28 15:27 145184 c:\windows\system32\java.exe
+ 2010-11-07 19:33 . 2010-11-07 19:33 145184 c:\windows\system32\java.exe
+ 2010-11-07 19:33 . 2010-11-07 19:33 180224 c:\windows\Installer\25a25.msi
+ 2010-11-07 19:33 . 2010-11-07 19:33 677376 c:\windows\Installer\25a20.msi
+ 2010-11-12 20:15 . 2010-11-12 20:15 180224 c:\windows\ERDNT\AutoBackup\12-11-2010\Users\00000002\UsrClass.dat
+ 2010-11-12 20:15 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\12-11-2010\ERDNT.EXE
+ 2010-11-11 20:58 . 2010-11-11 20:58 180224 c:\windows\ERDNT\AutoBackup\11-11-2010\Users\00000002\UsrClass.dat
+ 2010-11-11 20:58 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\11-11-2010\ERDNT.EXE
+ 2010-11-10 01:16 . 2010-11-10 01:16 180224 c:\windows\ERDNT\AutoBackup\10-11-2010\Users\00000002\UsrClass.dat
+ 2010-11-10 01:16 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\10-11-2010\ERDNT.EXE
+ 2010-11-09 20:50 . 2010-11-09 20:50 180224 c:\windows\ERDNT\AutoBackup\09-11-2010\Users\00000002\UsrClass.dat
+ 2010-11-09 20:50 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\09-11-2010\ERDNT.EXE
+ 2010-11-08 19:55 . 2010-11-08 19:55 180224 c:\windows\ERDNT\AutoBackup\08-11-2010\Users\00000002\UsrClass.dat
+ 2010-11-08 19:55 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\08-11-2010\ERDNT.EXE
+ 2010-11-07 19:17 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\07-11-2010\ERDNT.EXE
+ 2006-02-14 08:20 . 2008-03-20 18:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2010-10-04 16:00 . 2010-10-04 16:00 7973888 c:\windows\Installer\24b257.msp
+ 2010-11-08 20:28 . 2010-11-08 20:28 3940864 c:\windows\Installer\1e502b.msi
+ 2010-11-12 20:15 . 2010-11-12 20:15 5570560 c:\windows\ERDNT\AutoBackup\12-11-2010\Users\00000001\NTUSER.DAT
+ 2010-11-11 20:58 . 2010-11-11 20:58 5570560 c:\windows\ERDNT\AutoBackup\11-11-2010\Users\00000001\NTUSER.DAT
+ 2010-11-10 01:16 . 2010-11-10 01:16 5570560 c:\windows\ERDNT\AutoBackup\10-11-2010\Users\00000001\NTUSER.DAT
+ 2010-11-09 20:50 . 2010-11-09 20:50 5570560 c:\windows\ERDNT\AutoBackup\09-11-2010\Users\00000001\NTUSER.DAT
+ 2010-11-08 19:55 . 2010-11-08 19:55 5570560 c:\windows\ERDNT\AutoBackup\08-11-2010\Users\00000001\NTUSER.DAT
+ 2010-11-07 19:17 . 2010-11-07 19:17 5304320 c:\windows\ERDNT\AutoBackup\07-11-2010\Users\00000001\NTUSER.DAT
+ 2010-09-21 23:40 . 2010-11-10 01:50 35758536 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\documents and settings\Romy (Bunnymommy)\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-21 23:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EULA]
2006-10-26 13:36 18944 ----a-w- c:\apps\PB_TB\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-21 03:11 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 13:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 15:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 15:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-05-18 13:27 16207872 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 11:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-09-21 23:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UleadBurningHelper"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"nvsvc"=2 (0x2)
"NSL"=2 (0x2)
"MDM"=2 (0x2)
"McComponentHostService"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"GoogleDesktopManager-051210-111108"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [05/10/2010 12:57 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [05/10/2010 12:57 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [04/11/2010 00:07 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [05/10/2010 12:57 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [05/10/2010 12:57 116784]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccsvchst.exe [05/10/2010 12:57 126392]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [21/09/2010 04:33 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [14/10/2010 18:36 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101111.001\IDSXpx86.sys [19/10/2010 20:36 341880]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\ROMY(B~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\ROMY(B~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/09/2010 01:42 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-12 c:\windows\Tasks\User_Feed_Synchronization-{DAE7EBDB-22BF-4277-99B5-843AFA703031}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 20:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-11-12 20:24:47
ComboFix-quarantined-files.txt 2010-11-12 20:24

Pre-Run: 180,419,411,968 bytes free
Post-Run: 180,405,452,800 bytes free

- - End Of File - - D60B68ED6C62906E66C600A562DB839A
 
Here is the dds

DDS (Ver_10-10-21.02) - NTFSx86
Run by Romy (Bunnymommy) at 20:30:45.82 on 12/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.359 [GMT 0:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Romy (Bunnymommy)\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\romy(b~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-5 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-5 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101104.001\BHDrvx86.sys [2010-11-4 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-5 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-5 116784]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-10-5 126392]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.1.8\ccSvcHst.exe [2010-9-21 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-14 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101111.001\IDSXpx86.sys [2010-10-19 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101111.002\naveng.sys [2010-11-11 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101111.002\navex15.sys [2010-11-11 1371184]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\romy(b~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\romy(b~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-9-21 30192]

=============== Created Last 30 ================

2010-11-12 20:01:43 3908597 ----a-r- C:\ComboFix.exe
2010-11-07 19:43:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-07 19:43:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-07 19:43:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-07 19:33:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 18:16:28 -------- d-sha-r- C:\cmdcons
2010-11-03 19:07:40 98816 ----a-w- c:\windows\sed.exe
2010-11-03 19:07:40 89088 ----a-w- c:\windows\MBR.exe
2010-11-03 19:07:40 256512 ----a-w- c:\windows\PEV.exe
2010-11-03 19:07:40 161792 ----a-w- c:\windows\SWREG.exe
2010-10-19 15:50:55 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-19 15:50:55 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-19 15:50:55 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-19 15:50:49 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-18 20:04:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-18 20:04:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-18 19:43:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure

==================== Find3M ====================

2010-11-07 19:33:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-13 12:04:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-13 11:25:49 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-13 11:25:49 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-13 11:25:40 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-05 15:24:07 67603282 ----a-w- C:\regbkp.reg
2010-09-23 22:31:36 109568 ------w- c:\windows\system32\pxinsi64.exe
2010-09-23 22:31:36 108544 ------w- c:\windows\system32\pxcpyi64.exe
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 20:31:23.31 ===============
 
It looks like you're still using an old version of DDS (Ver_10-10-21.02), the latest version is 10-11-10.01.

Delete DDS.scr and download the latest version from here and run DDS again and post just the main DDS Log.


Also, I'd like for you to post the contents of ComboFix-quarantined-files.txt, you can find it the C:\Qoobox folder.
 
here is the cfq

2010-11-06 18:27:42 . 2010-11-06 18:27:42 652 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-VRQ Uploader.reg.dat
2010-11-06 18:27:41 . 2010-11-06 18:27:41 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-MSKDetectorExe.reg.dat
2010-11-06 18:27:41 . 2010-11-06 18:27:41 620 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-ISTray.reg.dat
2010-11-06 18:27:30 . 2010-11-06 18:27:30 173 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2010-11-06 18:20:25 . 2010-11-12 20:21:34 5,885 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-11-03 19:07:28 . 2010-11-12 20:17:37 1,071 ----a-w- C:\Qoobox\Quarantine\catchme.log
2004-06-09 13:26:16 . 2004-06-09 13:26:16 5,120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\THUMBS.DB.vir
 
DDS (Ver_10-11-10.01) - NTFSx86
Run by Romy (Bunnymommy) at 20:57:27.62 on 12/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.180 [GMT 0:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Documents and Settings\Romy (Bunnymommy)\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.3.0.5\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.3.0.5\coIEPlg.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\romy(b~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-5 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-5 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20101104.001\BHDrvx86.sys [2010-11-4 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-5 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-5 116784]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.3.0.5\ccsvchst.exe [2010-10-5 126392]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.1.8\ccSvcHst.exe [2010-9-21 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-10-14 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20101111.001\IDSXpx86.sys [2010-10-19 341880]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101111.002\naveng.sys [2010-11-11 86064]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\virusdefs\20101111.002\navex15.sys [2010-11-11 1371184]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\romy(b~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\romy(b~1\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-9-21 30192]

=============== Created Last 30 ================

2010-11-12 20:01:43 3908597 ----a-r- C:\ComboFix.exe
2010-11-07 19:43:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-07 19:43:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-07 19:43:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-07 19:33:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 18:16:28 -------- d-sha-r- C:\cmdcons
2010-11-03 19:07:40 98816 ----a-w- c:\windows\sed.exe
2010-11-03 19:07:40 89088 ----a-w- c:\windows\MBR.exe
2010-11-03 19:07:40 256512 ----a-w- c:\windows\PEV.exe
2010-11-03 19:07:40 161792 ----a-w- c:\windows\SWREG.exe
2010-10-19 15:50:55 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-19 15:50:55 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-19 15:50:55 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-19 15:50:49 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-18 20:04:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-18 20:04:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-18 19:43:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure

==================== Find3M ====================

2010-11-07 19:33:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-13 12:04:03 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-10-13 11:25:49 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-13 11:25:49 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-13 11:25:40 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-05 15:24:07 67603282 ----a-w- C:\regbkp.reg
2010-09-23 22:31:36 109568 ------w- c:\windows\system32\pxinsi64.exe
2010-09-23 22:31:36 108544 ------w- c:\windows\system32\pxcpyi64.exe
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 20:58:08.65 ===============
 
You must log in or register to reply here.
Back
Top