HeadlessChief
New member
ComboFix 10-09-24.03 - Brooke and Nick 09/24/2010 16:51:56.15.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.685 [GMT -4:00]
Running from: c:\documents and settings\Brooke and Nick\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\look.bat
.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-19 00:31 . 2010-09-19 00:31 0 ----a-w- c:\documents and settings\Brooke and Nick\settings.dat
2010-09-17 17:43 . 2010-06-07 20:16 220024 ----a-w- c:\windows\sigcheck.exe
2010-09-17 16:23 . 2010-09-17 13:18 -------- d-----w- c:\windows\maxdrive
2010-09-15 15:17 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-15 15:16 . 2010-09-15 15:16 -------- d-----w- c:\program files\Panda Security
2010-09-10 12:00 . 2010-09-10 12:00 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-10 11:57 . 2010-09-10 11:57 -------- d-----w- c:\program files\iPod
2010-09-10 11:57 . 2010-09-10 11:59 -------- d-----w- c:\program files\iTunes
2010-09-10 11:49 . 2010-09-10 11:49 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-05 15:44 . 2010-09-05 15:44 -------- d-----w- c:\program files\Common Files\Java
2010-09-05 15:43 . 2010-09-05 15:43 503808 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\msvcp71.dll
2010-09-05 15:43 . 2010-09-05 15:43 61440 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2061f8d4-n\decora-sse.dll
2010-09-05 15:43 . 2010-09-05 15:43 499712 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\jmc.dll
2010-09-05 15:43 . 2010-09-05 15:43 348160 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\msvcr71.dll
2010-09-05 15:43 . 2010-09-05 15:43 12800 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2061f8d4-n\decora-d3d.dll
2010-09-05 15:43 . 2010-09-05 15:43 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\program files\ERUNT
2010-08-29 16:32 . 2010-08-29 16:32 -------- d-----w- c:\program files\Safer Networking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 12:06 . 2009-06-22 14:06 1 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-14 22:51 . 2009-04-24 14:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-10 12:01 . 2010-05-07 00:48 -------- d-----w- c:\program files\Safari
2010-09-10 11:57 . 2007-08-17 01:13 -------- d-----w- c:\program files\Common Files\Apple
2010-09-10 11:53 . 2007-05-12 17:03 -------- d-----w- c:\program files\QuickTime
2010-09-07 19:51 . 2009-02-27 18:45 72384 ----a-w- c:\documents and settings\Brooke and Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-05 15:37 . 2010-08-16 01:32 -------- d-----r- c:\program files\Skype
2010-09-05 15:30 . 2009-02-26 01:59 -------- d-----w- c:\program files\Java
2010-09-02 02:51 . 2010-08-16 01:33 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Skype
2010-09-02 02:50 . 2010-08-16 01:35 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\skypePM
2010-08-29 17:33 . 2009-05-19 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-29 16:03 . 2007-05-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-29 16:03 . 2009-02-27 16:11 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Microsoft Games
2010-08-29 16:03 . 2009-02-27 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
2010-08-24 04:46 . 2009-10-03 03:15 -------- d-----w- c:\program files\Paint Shop Pro 7
2010-08-21 01:09 . 2010-08-21 01:09 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Image Zone Express
2010-08-21 01:07 . 2010-08-21 01:01 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Photo! Web Album
2010-08-21 01:00 . 2009-04-12 19:03 -------- d-----w- c:\program files\Web Photo Album
2010-08-17 19:40 . 2010-06-11 23:42 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Malwarebytes
2010-08-17 19:40 . 2010-08-17 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 19:40 . 2010-06-11 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 01:32 . 2010-08-16 01:32 -------- d-----w- c:\program files\Common Files\Skype
2010-08-16 01:32 . 2010-08-16 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-15 16:57 . 2010-08-15 16:57 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-10 15:09 . 2010-08-10 15:09 568832 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-10 15:09 . 2010-08-10 15:09 686080 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-10 15:09 . 2010-08-10 15:09 655872 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-10 15:09 . 2010-08-10 15:09 583168 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-10 15:09 . 2010-08-10 15:09 224768 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-08-02 23:16 . 2010-06-16 01:37 132220 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-07-26 01:05 . 2010-06-15 13:57 20232 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe_rc.dll
2010-07-26 01:05 . 2010-06-15 13:57 243976 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\unicows.dll
2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 14:22 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-03 03:33 . 2007-01-09 00:18 72384 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-10 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 17:20 . 2010-06-28 17:20 72384 ----a-w- c:\documents and settings\New User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\documents and settings\Brooke and Nick\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-04-03 03:07 389120 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
2006-10-28 01:34 65536 ----a-w- c:\program files\Photo Toolkit\IvBar\phototoolkitmem.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 17:56 1406024 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2008-06-10 17:56 1442888 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 03:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Desktop\\Copied stuff from F drive\\Backup Data Disc 2\\Magic\\Manalink.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/15/2010 11:17 AM 28552]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 10:50 AM 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]
2009-02-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 17:56]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://firefox/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
Trusted Zone: safer-networking.org\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 17:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-24 17:10:08
ComboFix-quarantined-files.txt 2010-09-24 21:09
Pre-Run: 11,808,075,776 bytes free
Post-Run: 12,150,239,232 bytes free
- - End Of File - - 50CFE0AEA8693D3F3A21E3AE48596F22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.685 [GMT -4:00]
Running from: c:\documents and settings\Brooke and Nick\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\look.bat
.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-19 00:31 . 2010-09-19 00:31 0 ----a-w- c:\documents and settings\Brooke and Nick\settings.dat
2010-09-17 17:43 . 2010-06-07 20:16 220024 ----a-w- c:\windows\sigcheck.exe
2010-09-17 16:23 . 2010-09-17 13:18 -------- d-----w- c:\windows\maxdrive
2010-09-15 15:17 . 2009-06-30 13:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-15 15:16 . 2010-09-15 15:16 -------- d-----w- c:\program files\Panda Security
2010-09-10 12:00 . 2010-09-10 12:00 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-10 11:57 . 2010-09-10 11:57 -------- d-----w- c:\program files\iPod
2010-09-10 11:57 . 2010-09-10 11:59 -------- d-----w- c:\program files\iTunes
2010-09-10 11:49 . 2010-09-10 11:49 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-05 15:44 . 2010-09-05 15:44 -------- d-----w- c:\program files\Common Files\Java
2010-09-05 15:43 . 2010-09-05 15:43 503808 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\msvcp71.dll
2010-09-05 15:43 . 2010-09-05 15:43 61440 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2061f8d4-n\decora-sse.dll
2010-09-05 15:43 . 2010-09-05 15:43 499712 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\jmc.dll
2010-09-05 15:43 . 2010-09-05 15:43 348160 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\msvcr71.dll
2010-09-05 15:43 . 2010-09-05 15:43 12800 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2061f8d4-n\decora-d3d.dll
2010-09-05 15:43 . 2010-09-05 15:43 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\program files\ERUNT
2010-08-29 16:32 . 2010-08-29 16:32 -------- d-----w- c:\program files\Safer Networking
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 12:06 . 2009-06-22 14:06 1 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-14 22:51 . 2009-04-24 14:46 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-10 12:01 . 2010-05-07 00:48 -------- d-----w- c:\program files\Safari
2010-09-10 11:57 . 2007-08-17 01:13 -------- d-----w- c:\program files\Common Files\Apple
2010-09-10 11:53 . 2007-05-12 17:03 -------- d-----w- c:\program files\QuickTime
2010-09-07 19:51 . 2009-02-27 18:45 72384 ----a-w- c:\documents and settings\Brooke and Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-05 15:37 . 2010-08-16 01:32 -------- d-----r- c:\program files\Skype
2010-09-05 15:30 . 2009-02-26 01:59 -------- d-----w- c:\program files\Java
2010-09-02 02:51 . 2010-08-16 01:33 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Skype
2010-09-02 02:50 . 2010-08-16 01:35 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\skypePM
2010-08-29 17:33 . 2009-05-19 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-29 16:03 . 2007-05-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-29 16:03 . 2009-02-27 16:11 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Microsoft Games
2010-08-29 16:03 . 2009-02-27 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
2010-08-24 04:46 . 2009-10-03 03:15 -------- d-----w- c:\program files\Paint Shop Pro 7
2010-08-21 01:09 . 2010-08-21 01:09 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Image Zone Express
2010-08-21 01:07 . 2010-08-21 01:01 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Photo! Web Album
2010-08-21 01:00 . 2009-04-12 19:03 -------- d-----w- c:\program files\Web Photo Album
2010-08-17 19:40 . 2010-06-11 23:42 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Malwarebytes
2010-08-17 19:40 . 2010-08-17 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 19:40 . 2010-06-11 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-17 13:17 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 01:32 . 2010-08-16 01:32 -------- d-----w- c:\program files\Common Files\Skype
2010-08-16 01:32 . 2010-08-16 01:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-15 16:57 . 2010-08-15 16:57 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-10 15:09 . 2010-08-10 15:09 568832 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-10 15:09 . 2010-08-10 15:09 686080 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-10 15:09 . 2010-08-10 15:09 655872 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-10 15:09 . 2010-08-10 15:09 583168 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-10 15:09 . 2010-08-10 15:09 224768 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-08-02 23:16 . 2010-06-16 01:37 132220 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-07-26 01:05 . 2010-06-15 13:57 20232 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe_rc.dll
2010-07-26 01:05 . 2010-06-15 13:57 243976 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\unicows.dll
2010-07-22 15:49 . 2004-08-10 11:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-15 14:22 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-03 03:33 . 2007-01-09 00:18 72384 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-10 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 17:20 . 2010-06-28 17:20 72384 ----a-w- c:\documents and settings\New User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\documents and settings\Brooke and Nick\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-04-03 03:07 389120 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
2006-10-28 01:34 65536 ----a-w- c:\program files\Photo Toolkit\IvBar\phototoolkitmem.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 17:56 1406024 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 12:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2008-06-10 17:56 1442888 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 03:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Desktop\\Copied stuff from F drive\\Backup Data Disc 2\\Magic\\Manalink.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/15/2010 11:17 AM 28552]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 10:50 AM 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]
2009-02-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 17:56]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://firefox/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
Trusted Zone: safer-networking.org\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 17:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-09-24 17:10:08
ComboFix-quarantined-files.txt 2010-09-24 21:09
Pre-Run: 11,808,075,776 bytes free
Post-Run: 12,150,239,232 bytes free
- - End Of File - - 50CFE0AEA8693D3F3A21E3AE48596F22
: