Potential Rootkit/internet quarrantine

HeadlessChief

New member
Hello! We have a Windows XP SP3 Media Center edition PC that has a nasty virus on it - we have tried to kill it several different times, with limited success.

We have run ComboFix today as we received more evidence of a rootkit - we got an email from a yahoo account that I haven't used in years that was sent to several folks in my address book that was contaminated and contained links to random sites.

A few weeks ago we were quarantined from our ISP (Brighthouse) because they claimed that we had a rootkit virus. We followed their steps to remove/kill the malware, and thought we were out of the woods, but it seems as though we are not.

Any help you can offer is fantastic. We backed up the registry with ERUNT and have a DDS log, posted below.

Thank you! :bigthumb:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Brooke and Nick at 13:30:12.13 on Sun 08/29/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.553 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brooke and Nick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://firefox/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\brooke~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: safer-networking.org\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183257388593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brooke~1\applic~1\mozilla\firefox\profiles\vj8qx2x8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\brooke and nick\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\brooke and nick\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\brooke and nick\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-26 133104]
S4 MSWU-38adf938;MSWU-38adf938;c:\windows\system32\38adf938.exe --> c:\windows\system32\38adf938.exe [?]
S4 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe --> c:\windows\system32\f36decbb.exe [?]

=============== Created Last 30 ================

2010-08-29 16:32:59 0 d-----w- c:\program files\Safer Networking
2010-08-21 01:01:20 0 d-----w- c:\docume~1\brooke~1\applic~1\Photo! Web Album
2010-08-17 19:40:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 19:40:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 19:40:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 01:35:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-16 01:32:06 0 d-----r- c:\program files\Skype
2010-08-15 16:54:47 0 d-----w- c:\program files\iPod
2010-08-12 00:01:30 186 ----a-w- c:\windows\system32\MRT.INI
2010-08-12 00:01:30 0 d-----w- c:\windows\system32\MpEngineStore
2010-08-01 19:13:42 117760 -c--a-w- c:\windows\system32\dllcache\e100b325.sys
2010-08-01 19:13:42 117760 ----a-w- c:\windows\system32\drivers\e100b325.sys

==================== Find3M ====================

2010-08-02 23:16:26 132220 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-06-01 14:14:37 12 ----a-w- c:\docume~1\brooke~1\applic~1\czyiwa.dat
2009-02-26 18:56:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022620090227\index.dat

============= FINISH: 13:30:56.41 ===============
 
Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply

Thanks peku006
 
OTL logfile created on: 9/1/2010 11:17:15 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Brooke and Nick\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 662.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 15.92 Gb Free Space | 21.38% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 57.25 Gb Total Space | 32.01 Gb Free Space | 55.92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BROOKE
Current User Name: Brooke and Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Brooke and Nick\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Brooke and Nick\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MSWU-f36decbb) -- C:\WINDOWS\System32\f36decbb.exe File not found
SRV - (MSWU-38adf938) -- C:\WINDOWS\System32\38adf938.exe File not found
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (astcc) -- C:\WINDOWS\system32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (SBRE) -- C:\WINDOWS\System32\drivers\SBREdrv.sys File not found
DRV - (catchme) -- C:\DOCUME~1\BROOKE~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (GoProto) -- C:\WINDOWS\system32\drivers\goprot51.sys (Gteko Ltd.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-842925246-606747145-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842925246-606747145-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://search.search-star.net/?sid=10101038100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-star.net/?sid=10101038100&s="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 16:23:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 14:38:31 | 000,000,000 | ---D | M]

[2009/02/27 10:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brooke and Nick\Application Data\Mozilla\Extensions
[2010/08/31 12:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions
[2010/04/26 21:45:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/18 19:45:24 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/29 11:11:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/15 21:32:39 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007/06/21 18:38:54 | 000,079,432 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2007/06/21 18:38:56 | 000,071,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2007/06/21 18:39:18 | 000,034,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\logging.dll
[2007/06/21 18:39:34 | 000,325,200 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/06/21 18:40:02 | 000,030,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/08/29 12:49:21 | 000,416,183 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14390 more lines...
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-842925246-606747145-682003330-1006\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\Brooke and Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-606747145-682003330-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-842925246-606747145-682003330-1006\..Trusted Domains: safer-networking.org ([www] https in Trusted sites)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1183257388593 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/01 22:54:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/21 15:58:35 | 000,000,049 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/01 10:48:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brooke and Nick\Desktop\OTL.exe
[2010/08/29 13:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/29 12:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/08/29 11:57:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/20 21:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brooke and Nick\Application Data\Image Zone Express
[2010/08/20 21:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brooke and Nick\Application Data\Photo! Web Album
[2010/08/17 15:40:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/17 15:40:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/17 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/15 21:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brooke and Nick\Application Data\skypePM
[2010/08/15 21:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brooke and Nick\Application Data\Skype
[2010/08/15 21:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/15 21:32:06 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/15 21:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/08/15 12:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/11 21:43:27 | 012,049,864 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Brooke and Nick\Desktop\windows-kb890830-v3.10.exe
[2010/08/11 20:01:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/08/03 19:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/08/02 19:36:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/01 10:48:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brooke and Nick\Desktop\OTL.exe
[2010/09/01 10:30:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-606747145-682003330-1006UA.job
[2010/09/01 10:24:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/01 10:16:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/01 10:16:02 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/01 10:15:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/01 10:15:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/01 10:15:32 | 1072,775,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/01 02:50:15 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Brooke and Nick\NTUSER.DAT
[2010/09/01 02:50:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Brooke and Nick\ntuser.ini
[2010/08/31 20:04:59 | 008,035,668 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\Desktop\Halo Reach Target Poster 08312010.pdf
[2010/08/31 17:30:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-606747145-682003330-1006Core.job
[2010/08/31 09:09:00 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/30 16:34:55 | 002,214,304 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\Desktop\Writers_Ultimate_Resource_Guide.pdf
[2010/08/30 15:33:49 | 000,011,624 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\My Documents\boudior Bio.odt
[2010/08/29 13:30:01 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\Desktop\dds.scr
[2010/08/29 13:24:24 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/29 13:24:09 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\Desktop\ERUNT.lnk
[2010/08/29 12:49:21 | 000,416,183 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/29 12:39:07 | 000,000,422 | RHS- | M] () -- C:\boot.ini
[2010/08/29 11:45:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/29 11:30:41 | 003,830,790 | R--- | M] () -- C:\Documents and Settings\Brooke and Nick\Desktop\ComboFix.exe
[2010/08/27 13:56:42 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/26 14:43:21 | 000,416,183 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100829-124921.backup
[2010/08/26 14:41:18 | 000,416,183 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100826-144321.backup
[2010/08/26 14:38:32 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/20 23:18:09 | 000,416,119 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100826-144118.backup
[2010/08/18 00:47:47 | 004,847,880 | -H-- | M] () -- C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\IconCache.db
[2010/08/17 15:40:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/17 13:29:40 | 000,011,890 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\My Documents\letter for payment.odt
[2010/08/17 11:24:21 | 000,415,912 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100820-231809.backup
[2010/08/15 21:35:59 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/15 13:37:01 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/15 13:36:30 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk
[2010/08/15 13:00:49 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/15 13:00:49 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/15 12:45:44 | 000,000,629 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/08/13 08:36:46 | 000,415,912 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100817-112421.backup
[2010/08/11 21:47:40 | 012,049,864 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Brooke and Nick\Desktop\windows-kb890830-v3.10.exe
[2010/08/11 21:16:01 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 20:07:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/11 20:06:31 | 000,501,230 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 20:06:31 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 20:06:31 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 20:01:30 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/11 16:02:26 | 000,415,912 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100813-083646.backup
[2010/08/10 10:51:10 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Magic the Gathering.lnk
[2010/08/09 18:28:43 | 000,415,172 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100811-160226.backup
[2010/08/03 20:09:33 | 000,414,870 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100809-182843.backup
[2010/08/03 17:32:54 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 10:48:06 | 000,414,870 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100803-200933.backup
[2010/08/02 19:16:26 | 000,132,220 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 20:03:42 | 008,035,668 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\Desktop\Halo Reach Target Poster 08312010.pdf
[2010/08/30 16:34:59 | 002,214,304 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\Desktop\Writers_Ultimate_Resource_Guide.pdf
[2010/08/30 15:33:48 | 000,011,624 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\My Documents\boudior Bio.odt
[2010/08/29 13:30:02 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\Desktop\dds.scr
[2010/08/29 13:24:24 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/29 13:24:09 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\Desktop\ERUNT.lnk
[2010/08/26 14:38:31 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/17 15:40:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/17 13:13:41 | 000,011,890 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\My Documents\letter for payment.odt
[2010/08/15 21:35:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/15 21:32:12 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/15 13:00:49 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/15 12:56:37 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/11 20:01:30 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/08/03 19:41:23 | 1072,775,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/03 11:01:37 | 003,830,790 | R--- | C] () -- C:\Documents and Settings\Brooke and Nick\Desktop\ComboFix.exe
[2010/06/01 10:14:35 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\Application Data\czyiwa.dat
[2010/05/29 08:50:40 | 000,000,238 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/10 02:11:15 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2009/08/01 22:00:59 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2009/06/19 22:13:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/22 23:23:12 | 000,000,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/04/04 10:01:29 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2009/04/04 10:00:39 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/04/02 19:01:42 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/13 13:01:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\Application Data\AVSMediaPlayer.m3u
[2009/03/13 12:56:46 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/13 12:56:46 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/13 12:38:47 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\fusioncache.dat
[2008/04/29 14:42:24 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/11/10 20:13:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/10/21 13:09:18 | 000,001,372 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/01 20:34:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/05 18:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
< End of report >

OTL Extras logfile created on: 9/1/2010 11:17:15 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Brooke and Nick\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 662.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 15.92 Gb Free Space | 21.38% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 57.25 Gb Total Space | 32.01 Gb Free Space | 55.92% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BROOKE
Current User Name: Brooke and Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Games\Zoo Tycoon 2\zt.exe:*:Disabled:Zoo Tycoon 2 Executable -- File not found
"E:\Desktop\Copied stuff from F drive\Backup Data Disc 2\Magic\Manalink.exe" = E:\Desktop\Copied stuff from F drive\Backup Data Disc 2\Magic\Manalink.exe:*:Disabled:manalink -- (MicroProse Software, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{11051835-560C-9E8F-C9B5-C376F4A46580}" = Catalyst Control Center Graphics Previews Common
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{16D354E4-63D4-B300-AFBC-8D22A94CE6D6}" = ccc-utility
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C2CD847-D196-079D-E004-C1D82B57E3A7}" = Catalyst Control Center Graphics Full Existing
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{335B1821-D274-4EFD-9EFE-3C0FD38EBE65}" = BN eReader
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37E9E443-FA8E-095F-CF2A-90A18B0B206B}" = CCC Help English
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{448A1BF6-B110-5C4B-2220-30F5ECE6DD83}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4F3C8CEE-89D6-891E-D728-80A8CF0DCB32}" = ccc-core-preinstall
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{654870E9-EF38-D3B3-328C-ABA367163D15}" = Catalyst Control Center Graphics Full New
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{751910E3-ECF1-44D0-BF3F-2936A4424514}" = ImageMixer3
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD8CCC0-3C5C-DF21-DAC3-D5834E803F1E}" = Catalyst Control Center Graphics Light
"{8F6A89F1-F04A-6FD8-1802-D7D5BAE382E1}" = ccc-core-static
"{8F7A4D82-B168-4F89-99C2-B9873EC877AF}" = HP Image Zone Express
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B3B20D3D-92F9-5EBA-B557-CECA02984F05}" = Catalyst Control Center HydraVision Full
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 ESD
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0601E2E-8FB3-1C63-F72D-54EB2F908767}" = Skins
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"ACDSee" = ACDSee
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"EADM" = EA Download Manager
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.5 (1010)
"ERUNT_is1" = ERUNT 1.1j
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoToolkit_is1" = Photo Toolkit 1.7
"Picasa 3" = Picasa 3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2010 8:24:05 AM | Computer Name = BROOKE | Source = Google Update | ID = 20
Description =

Error - 8/12/2010 8:30:05 AM | Computer Name = BROOKE | Source = Google Update | ID = 20
Description =

Error - 8/15/2010 12:58:35 PM | Computer Name = BROOKE | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/15/2010 12:58:35 PM | Computer Name = BROOKE | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/15/2010 12:58:35 PM | Computer Name = BROOKE | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/15/2010 12:58:35 PM | Computer Name = BROOKE | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/15/2010 12:58:35 PM | Computer Name = BROOKE | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/26/2010 8:17:29 PM | Computer Name = BROOKE | Source = Bonjour Service | ID = 100
Description = 264: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/29/2010 11:35:33 AM | Computer Name = BROOKE | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x00082899.

Error - 8/29/2010 11:43:52 AM | Computer Name = BROOKE | Source = Application Error | ID = 1000
Description = Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe,
version 0.0.0.0, fault address 0x0008d560.

[ System Events ]
Error - 8/30/2010 2:50:39 PM | Computer Name = BROOKE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/30/2010 2:50:41 PM | Computer Name = BROOKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 8/31/2010 8:50:03 AM | Computer Name = BROOKE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/31/2010 8:50:04 AM | Computer Name = BROOKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 8/31/2010 12:10:51 PM | Computer Name = BROOKE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/31/2010 12:11:27 PM | Computer Name = BROOKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 8/31/2010 2:40:35 PM | Computer Name = BROOKE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/31/2010 2:40:35 PM | Computer Name = BROOKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 9/1/2010 10:15:52 AM | Computer Name = BROOKE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 9/1/2010 10:15:53 AM | Computer Name = BROOKE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-01 14:01:20
Windows 5.1.2600 Service Pack 3
Running: w4v3o0ts.exe; Driver: C:\DOCUME~1\BROOKE~1\LOCALS~1\Temp\uwtdqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9B71000, 0x1BDE76, 0xE8000020]

---- EOF - GMER 1.0.15 ----


Thank you for your help :)
 
Hi HeadlessChief

TFC (Temp File Cleaner)
  • Please download TFC to your desktop
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

re-run combofix please.........

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006
 
I'm not sure if this matters, or if it helps, but at Stage 3 of ComboFix a warning popped up saying, Pev.cfxx has encountered an error & needs to close. I sent the crash report to Microsoft.
Also for the first time ever after running Combofix & getting the report, my computer went idle. My desktop was blank. I let it sit for a few minutes. When it looked as though it wasn't coming back, I re-booted & everything seemed back to normal.

ComboFix 10-09-01.04 - Brooke and Nick 09/02/2010 8:44.11.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.684 [GMT -4:00]
Running from: c:\documents and settings\Brooke and Nick\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\program files\ERUNT
2010-08-29 16:32 . 2010-08-29 16:32 -------- d-----w- c:\program files\Safer Networking
2010-08-21 01:09 . 2010-08-21 01:09 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Image Zone Express
2010-08-21 01:01 . 2010-08-21 01:07 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Photo! Web Album
2010-08-17 19:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 19:40 . 2010-08-17 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 19:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 01:35 . 2010-08-16 01:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-16 01:35 . 2010-09-02 02:50 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\skypePM
2010-08-16 01:33 . 2010-09-02 02:51 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Skype
2010-08-16 01:32 . 2010-08-16 01:32 -------- d-----w- c:\program files\Common Files\Skype
2010-08-16 01:32 . 2010-08-16 01:32 -------- d-----r- c:\program files\Skype
2010-08-16 01:31 . 2010-08-16 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-15 16:57 . 2010-08-15 16:57 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-15 16:54 . 2010-08-15 16:54 -------- d-----w- c:\program files\iPod
2010-08-15 16:45 . 2010-08-15 16:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-12 00:01 . 2010-08-12 00:01 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-10 15:09 . 2010-08-10 15:09 568832 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-10 15:09 . 2010-08-10 15:09 686080 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-10 15:09 . 2010-08-10 15:09 655872 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-10 15:09 . 2010-08-10 15:09 583168 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-10 15:09 . 2010-08-10 15:09 224768 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcm90.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 11:05 . 2009-06-22 14:06 1 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-29 17:33 . 2009-05-19 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-29 16:03 . 2007-05-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-29 16:03 . 2009-02-27 16:11 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Microsoft Games
2010-08-29 16:03 . 2009-02-27 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
2010-08-24 04:46 . 2009-10-03 03:15 -------- d-----w- c:\program files\Paint Shop Pro 7
2010-08-21 01:00 . 2009-04-12 19:03 -------- d-----w- c:\program files\Web Photo Album
2010-08-17 19:40 . 2010-06-11 23:42 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Malwarebytes
2010-08-17 19:40 . 2010-06-11 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-15 17:00 . 2010-05-07 00:48 -------- d-----w- c:\program files\Safari
2010-08-15 16:56 . 2010-07-04 20:29 -------- d-----w- c:\program files\iTunes
2010-08-15 16:54 . 2007-08-17 01:13 -------- d-----w- c:\program files\Common Files\Apple
2010-08-02 23:16 . 2010-06-16 01:37 132220 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-07-26 01:20 . 2010-07-26 01:17 -------- d-----w- c:\program files\CA
2010-07-26 01:12 . 2010-07-26 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-07-26 01:05 . 2010-06-15 13:57 20232 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe_rc.dll
2010-07-26 01:05 . 2010-06-15 13:57 243976 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\unicows.dll
2010-07-25 16:23 . 2007-01-02 03:05 -------- d-----w- c:\program files\GemMaster
2010-07-23 19:59 . 2009-02-27 18:45 72384 ----a-w- c:\documents and settings\Brooke and Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-23 17:13 . 2009-06-22 14:00 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-23 02:09 . 2010-07-23 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-23 01:40 . 2010-07-23 01:40 120 ----a-w- c:\windows\Bfulez.dat
2010-07-23 01:40 . 2010-07-23 01:40 0 ----a-w- c:\windows\Eyuzuw.bin
2010-07-04 20:18 . 2007-05-12 17:03 -------- d-----w- c:\program files\QuickTime
2010-07-04 20:08 . 2010-07-04 20:07 -------- d-----w- c:\program files\Bonjour
2010-07-03 03:33 . 2007-01-09 00:18 72384 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-10 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 17:20 . 2010-06-28 17:20 72384 ----a-w- c:\documents and settings\New User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-24 12:15 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-10 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-10 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 13:57 . 2010-06-15 13:57 615688 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe.exe
2010-06-15 13:57 . 2010-06-15 13:57 353544 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
2010-06-15 13:57 . 2010-06-15 13:57 632072 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\msvcr80.dll
2010-06-15 01:19 . 2010-06-15 01:19 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 14:31 . 2007-01-02 02:51 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-08-29_15.45.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-02 12:38 . 2010-09-02 12:38 16384 c:\windows\temp\Perflib_Perfdata_76c.dat
+ 2010-09-02 10:59 . 2010-09-02 10:59 249856 c:\windows\ERDNT\AutoBackup\9-2-2010\Users\00000002\UsrClass.dat
+ 2010-09-02 10:59 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-2-2010\ERDNT.EXE
+ 2010-09-01 14:16 . 2010-09-01 14:16 249856 c:\windows\ERDNT\AutoBackup\9-1-2010\Users\00000002\UsrClass.dat
+ 2010-09-01 14:16 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-1-2010\ERDNT.EXE
+ 2010-08-31 12:50 . 2010-08-31 12:50 249856 c:\windows\ERDNT\AutoBackup\8-31-2010\Users\00000002\UsrClass.dat
+ 2010-08-31 12:50 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-31-2010\ERDNT.EXE
+ 2010-08-30 15:02 . 2010-08-30 15:03 249856 c:\windows\ERDNT\AutoBackup\8-30-2010\Users\00000002\UsrClass.dat
+ 2010-08-30 15:03 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-30-2010\ERDNT.EXE
+ 2010-08-29 17:37 . 2010-08-29 17:37 249856 c:\windows\ERDNT\AutoBackup\8-29-2010\Users\00000002\UsrClass.dat
+ 2010-08-29 17:37 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\8-29-2010\ERDNT.EXE
+ 2010-08-29 17:24 . 2010-08-29 17:24 249856 c:\windows\ERDNT\8-29-2010\Users\00000002\UsrClass.dat
+ 2010-08-29 17:24 . 2005-10-20 16:02 163328 c:\windows\ERDNT\8-29-2010\ERDNT.EXE
+ 2010-09-02 10:59 . 2010-09-02 10:59 9416704 c:\windows\ERDNT\AutoBackup\9-2-2010\Users\00000001\NTUSER.DAT
+ 2010-09-01 14:16 . 2010-09-01 14:16 9416704 c:\windows\ERDNT\AutoBackup\9-1-2010\Users\00000001\NTUSER.DAT
+ 2010-08-31 12:50 . 2010-08-31 12:50 9416704 c:\windows\ERDNT\AutoBackup\8-31-2010\Users\00000001\NTUSER.DAT
+ 2010-08-30 15:02 . 2010-08-30 15:02 9416704 c:\windows\ERDNT\AutoBackup\8-30-2010\Users\00000001\NTUSER.DAT
+ 2010-08-29 17:37 . 2010-08-29 17:37 9416704 c:\windows\ERDNT\AutoBackup\8-29-2010\Users\00000001\NTUSER.DAT
+ 2010-08-29 17:24 . 2010-08-29 17:24 9416704 c:\windows\ERDNT\8-29-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

c:\documents and settings\Brooke and Nick\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-04-03 03:07 389120 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-22 12:07 133104 ----atw- c:\documents and settings\Brooke and Nick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
2006-10-28 01:34 65536 ----a-w- c:\program files\Photo Toolkit\IvBar\phototoolkitmem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 17:56 1406024 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2008-06-10 17:56 1442888 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 03:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 19:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSWU-f36decbb"=2 (0x2)
"MSWU-38adf938"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Desktop\\Copied stuff from F drive\\Backup Data Disc 2\\Magic\\Manalink.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 10:50 AM 133104]
S4 MSWU-38adf938;MSWU-38adf938;c:\windows\system32\38adf938.exe --> c:\windows\system32\38adf938.exe [?]
S4 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe --> c:\windows\system32\f36decbb.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-606747145-682003330-1006Core.job
- c:\documents and settings\Brooke and Nick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 12:07]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-606747145-682003330-1006UA.job
- c:\documents and settings\Brooke and Nick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-22 12:07]

2009-02-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 17:56]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://firefox/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
Trusted Zone: safer-networking.org\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 08:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3984)
c:\windows\system32\WININET.dll
c:\docume~1\BROOKE~1\LOCALS~1\Temp\catchme.dll
.
Completion time: 2010-09-02 08:55:32
ComboFix-quarantined-files.txt 2010-09-02 12:55
ComboFix2.txt 2010-08-29 15:50
ComboFix3.txt 2010-08-03 15:20
ComboFix4.txt 2010-08-02 23:36
ComboFix5.txt 2010-09-02 12:41

Pre-Run: 17,281,626,112 bytes free
Post-Run: 17,275,142,144 bytes free

- - End Of File - - 9F25CD167E401A7A802FDDA2F756F2CA
 
Hi HeadlessChief

please post the contents of c:\Qoobox\ComboFix-quarantined-files.txt.
 
2010-08-29 15:48:45 . 2010-08-29 15:48:45 1,388 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.reg.dat
2010-07-23 02:31:06 . 2010-07-23 02:31:06 626 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-$NtUninstallMTF1011$.reg.dat
2010-07-23 02:30:23 . 2010-07-23 02:30:23 147 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Wbobeseduz.reg.dat
2010-07-23 02:30:22 . 2010-07-23 02:30:23 200 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-vqwqybva.reg.dat
2010-07-23 02:30:22 . 2010-07-23 02:30:22 123 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-MChk.reg.dat
2010-07-23 02:30:22 . 2010-07-23 02:30:22 117 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-sta.reg.dat
2010-07-23 02:30:21 . 2010-07-23 02:30:21 199 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-vqwqybva.reg.dat
2010-07-23 02:30:20 . 2010-07-23 02:30:21 221 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-patchsetup70700.exe.reg.dat
2010-07-23 02:30:20 . 2010-07-23 02:30:20 144 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Slekocij.reg.dat
2010-07-23 02:09:04 . 2010-07-23 02:09:04 2,410 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NetLogin.reg.dat
2010-07-23 02:09:04 . 2010-07-23 02:09:04 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NETLOGIN.reg.dat
2010-07-23 01:40:38 . 2010-07-23 01:40:38 5,954 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Local Settings\Application Data\{945BB068-01E9-4F7B-A946-7380DBA26D37}\chrome\content\overlay.xul.vir
2010-07-23 01:40:38 . 2010-07-23 01:40:38 2,140 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Local Settings\Application Data\{945BB068-01E9-4F7B-A946-7380DBA26D37}\chrome\content\_cfg.js.vir
2010-07-23 01:40:38 . 2010-07-23 01:40:38 764 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Local Settings\Application Data\{945BB068-01E9-4F7B-A946-7380DBA26D37}\install.rdf.vir
2010-07-23 01:40:38 . 2010-07-23 01:40:38 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Local Settings\Application Data\{945BB068-01E9-4F7B-A946-7380DBA26D37}\chrome.manifest.vir
2010-07-23 01:38:55 . 2010-07-23 01:38:55 1,219 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk.vir
2010-07-23 01:38:54 . 2010-07-23 01:38:55 1,253 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Start Menu\Programs\Startup\Antimalware Doctor.lnk.vir
2010-07-23 01:38:54 . 2010-07-23 01:38:54 2,287 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk.vir
2010-07-23 01:38:54 . 2010-07-23 01:38:54 1,253 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk.vir
2010-07-23 01:38:53 . 2010-07-23 01:38:53 1,241 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Start Menu\Antimalware Doctor.lnk.vir
2010-07-23 01:38:53 . 2010-07-23 01:38:53 1,241 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Desktop\Antimalware Doctor.lnk.vir
2010-07-23 01:38:50 . 2010-07-23 01:39:04 150 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallMTF1011$\zrpt.xml.vir
2010-07-23 01:38:50 . 2010-07-23 01:38:50 64,235 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe.vir
2010-07-23 01:38:35 . 2010-07-23 01:38:35 28,842 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Application Data\AB0D030D038FD8DE7AAAB5A7168A8006\enemies-names.txt.vir
2010-07-23 01:38:35 . 2010-07-23 01:38:35 26,204 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Brooke and Nick\Application Data\AB0D030D038FD8DE7AAAB5A7168A8006\local.ini.vir
2010-07-22 11:17:34 . 2010-07-22 11:17:34 2,076 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir
2010-07-15 23:04:48 . 2010-07-15 23:04:48 612 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-avgnt.reg.dat
2010-06-11 23:34:25 . 2010-06-11 23:34:25 590 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-M5T8QL3YW3.reg.dat
2010-06-11 23:16:05 . 2010-06-11 23:16:05 1,020 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_ffwqqt.reg.dat
2010-06-11 23:15:17 . 2010-09-02 12:50:01 6,705 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-06-11 23:06:24 . 2010-09-02 12:40:57 1,479 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-05-28 22:03:01 . 2010-05-28 22:03:01 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\VolumeMSPrLam.dll.vir
2009-07-15 02:56:10 . 2009-07-15 02:56:10 416,206 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Temp\eReader_Install\eReader.ico.vir
 
Hi HeadlessChief

Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Please reply with

Malwarebytes' Anti-Malware Log

Thanks peku006
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4532

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

9/2/2010 4:04:06 PM
mbam-log-2010-09-02 (16-04-06).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 255359
Time elapsed: 1 hour(s), 34 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Hi HeadlessChief

do not see anything suspicious.........

TFC (Temp File Cleaner)

  • Please download TFC to your desktop
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on:
    EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
    EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:
    EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
    EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Thanks peku006
 
Ran all of those - here is the ESET log file...

C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe.vir Win32/Adware.Lifze.O application
E:\Desktop\Copied stuff from F drive\Backup Data Disc 1\Writings\New Folder\Install_AIM.exe

Those were the only two things that it found. There was not a log file in the directory you specified - I didn't see somewhere to export the log file.

Thank you for all of your help!
 
Hi HeadlessChief

looks good........

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Thanks peku006
 
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 13
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````
 
Hi HeadlessChief

Your Java is out of date.

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 21 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 21 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u21 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

How's the computer running now?

Thanks peku006
 
Java is now updated. Thank you. :crowned:

I'm not sure how to answer your question about how the computer is running now. Besides being a little slow every once in a while, we didn't know there was still a problem until we got the spam/virus E-mail from ourselves. The virus has been able to hide from Malwarebytes for a long time. So, I'm not sure if the computer is clean.
 
Hi HeadlessChief

Download and run OTS

  • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.
    • NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

Thanks peku006
 
I wasn't sure if you wanted it posted...:flowers:
Code:
OTS logfile created on: 9/5/2010 1:14:08 PM - Run 1
OTS by OldTimer - Version 3.1.36.0     Folder = C:\Documents and Settings\Brooke and Nick\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,023.00 Mb Total Physical Memory | 670.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 14.06 Gb Free Space | 18.88% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 57.25 Gb Total Space | 31.40 Gb Free Space | 54.85% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BROOKE
Current User Name: Brooke and Nick
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\OTS.exe -> [2010/09/05 13:12:24 | 000,641,024 | ---- | M] (OldTimer Tools)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.)
astsrv.exe -> C:\WINDOWS\system32\ASTSRV.EXE -> [2009/06/15 12:54:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
hpzipm12.exe -> C:\WINDOWS\system32\HPZipm12.exe -> [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP)
devldr32.exe -> C:\WINDOWS\system32\devldr32.exe -> [2001/08/17 18:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\OTS.exe -> [2010/09/05 13:12:24 | 000,641,024 | ---- | M] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(MSWU-f36decbb) MSWU-f36decbb [Disabled | Stopped] -> C:\WINDOWS\System32\f36decbb.exe -> File not found
(MSWU-38adf938) MSWU-38adf938 [Disabled | Stopped] -> C:\WINDOWS\System32\38adf938.exe -> File not found
(getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> File not found
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.)
(astcc) AST Service [Auto | Running] -> C:\WINDOWS\system32\ASTSRV.EXE -> [2009/06/15 12:54:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZipm12.exe -> [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP)
 
[Driver Services - Safe List]
(SBRE) SBRE [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\SBREdrv.sys -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\BROOKE~1\LOCALS~1\Temp\catchme.sys -> File not found
(NuidFltr) NUID filter driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nuidfltr.sys -> [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2009/02/04 03:27:21 | 003,488,768 | ---- | M] (ATI Technologies Inc.)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation)
(GoProto) GoProto Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\goprot51.sys -> [2007/04/15 18:20:18 | 000,029,184 | ---- | M] (Gteko Ltd.)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MODEMCSA.sys -> [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation)
(sfman) Creative SoundFont Manager Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\sfmanm.sys -> [2001/08/17 08:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.)
(emu10k1) Creative Interface Manager Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ctlfacem.sys -> [2001/08/17 08:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.)
(emu10k) Creative SB Live! (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\emu10k1m.sys -> [2001/08/17 08:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.)
(ctljystk) Creative SBLive! Gameport [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ctljystk.sys -> [2001/08/17 08:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\] > -> -> 
HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\: Main\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\: SearchURL\\"" -> http://www.google.com/search?q=%s -> 
HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\: "ProxyOverride" -> <local> -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Brooke and Nick\Application Data\Mozilla\FireFox\Profiles\vj8qx2x8.default\prefs.js -> 
browser.search.order.1 -> "Google" ->
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage -> "http://google.com/" ->
extensions.enabledItems -> {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 ->
extensions.enabledItems -> 6 ->
extensions.enabledItems -> 2 ->
extensions.enabledItems -> 41 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> moveplayer@movenetworks.com:7 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 ->
keyword.URL -> "http://search.search-star.net/?sid=10101038100&s=" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Brooke and Nick\Application Data\Mozilla\FireFox\Profiles\vj8qx2x8.default\user.js -> 
browser.search.selectedEngine -> "Google" ->
browser.search.order.1 -> "Google" ->
keyword.URL -> "http://search.search-star.net/?sid=10101038100&s=" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/07/28 16:23:54 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/09/05 11:43:31 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Brooke and Nick\Application Data\Mozilla\Extensions -> [2009/02/27 10:27:36 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions -> [2010/09/05 11:44:38 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Documents and Settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/04/26 21:45:05 | 000,000,000 | ---D | M]
Adobe DLM (powered by getPlus(R))   -> C:\Documents and Settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2009/08/18 19:45:24 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/09/05 11:44:38 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -> [2010/09/05 11:43:33 | 000,000,000 | ---D | M]
< HOSTS File > ([2010/08/29 12:49:21 | 000,416,183 | R--- | M] - 14416 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\] > -> HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe] -> [2010/07/13 15:10:30 | 000,047,904 | ---- | M] (Apple Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Brooke and Nick Startup Folder > -> C:\Documents and Settings\Brooke and Nick\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Brooke and Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 000,038,912 | ---- | M] ()
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Jen Startup Folder > -> C:\Documents and Settings\Jen\Start Menu\Programs\Startup -> 
< New User Startup Folder > -> C:\Documents and Settings\New User\Start Menu\Programs\Startup -> 
< Paul Startup Folder > -> C:\Documents and Settings\Paul\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006] > -> HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 07:39:00 | 001,347,728 | ---- | M] (Microsoft)
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 06:03:28 | 000,001,293 | ---- | M] ()
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006] > -> HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"_NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006] > -> HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2010/06/02 22:41:44 | 003,600,384 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2010/06/02 22:41:44 | 003,600,384 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\] > -> HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\WINDOWS\System32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2010/06/02 22:41:44 | 003,600,384 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7401 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7401 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7401 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\] > -> HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7401 domain(s) found. -> 
www_safer-networking.org [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\] > -> HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-842925246-606747145-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{406B5949-7190-4245-91A9-30A17DE16AD0} [HKLM] -> http://photo.walgreens.com/WalgreensActivia.cab [Snapfish Activia] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab [Windows Live Safety Center Base Module] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5} [HKLM] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab [Symantec RuFSI Utility Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183257388593 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab [Java Plug-in 1.6.0_21] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 65.32.5.111 65.32.5.112 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{4B48B2D9-AB34-4C0D-9609-A7ECCBBE1277}\\DhcpNameServer -> 65.32.5.111 65.32.5.112   (Intel(R) PRO/100+ PCI Adapter) -> 
{DBC3AC70-79EE-4786-90B5-65133850EB66}\\DhcpNameServer -> 66.90.0.6 216.53.130.3   (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2009/02/04 00:43:29 | 000,155,648 | ---- | M] (ATI Technologies Inc.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Electronic Arts\EADM\Core.exe" -> C:\Program Files\Electronic Arts\EADM\Core.exe [C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager] -> [2009/09/03 17:17:14 | 003,342,336 | ---- | M] (Electronic Arts)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/07/21 15:53:00 | 010,358,568 | ---- | M] (Apple Inc.)
"C:\WINDOWS\system32\ftp.exe" -> C:\WINDOWS\System32\ftp.exe [C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program] -> [2008/04/13 20:12:20 | 000,042,496 | ---- | M] (Microsoft Corporation)
"E:\Desktop\Copied stuff from F drive\Backup Data Disc 2\Magic\Manalink.exe" -> E:\Desktop\Copied stuff from F drive\Backup Data Disc 2\Magic\Manalink.exe [E:\Desktop\Copied stuff from F drive\Backup Data Disc 2\Magic\Manalink.exe:*:Disabled:manalink] -> [2001/07/11 06:10:50 | 000,306,176 | ---- | M] (MicroProse Software, Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/01/01 22:54:38 | 000,000,000 | ---- | M] ()
D:\Autorun.exe [MZ | ] -> D:\Autorun.exe [ UDF ] -> [2009/10/16 06:51:33 | 000,054,544 | R--- | M] (Electronic Arts)
D:\Autorun.inf [[autorun] | open=Autorun.exe | icon=Sims3EP01.ico | ] -> D:\Autorun.inf [ UDF ] -> [2009/09/21 15:58:35 | 000,000,049 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\OTS.exe -> [2010/09/05 13:12:25 | 000,641,024 | ---- | C] (OldTimer Tools)
 Java -> C:\Program Files\Common Files\Java -> [2010/09/05 11:44:06 | 000,000,000 | ---D | C]
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2010/09/05 11:43:31 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/09/05 11:43:31 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/09/05 11:43:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2010/09/05 11:43:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/09/05 11:43:31 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.)
 Nick Work Stuff -> C:\Documents and Settings\Brooke and Nick\Desktop\Nick Work Stuff -> [2010/09/03 14:01:00 | 000,000,000 | ---D | C]
 TFC(2).exe -> C:\Documents and Settings\Brooke and Nick\Desktop\TFC(2).exe -> [2010/09/03 10:20:08 | 000,446,464 | ---- | C] (OldTimer Tools)
 RECYCLER -> C:\RECYCLER -> [2010/09/03 01:12:35 | 000,000,000 | -HSD | C]
 ComboFix -> C:\ComboFix -> [2010/09/02 08:40:55 | 000,000,000 | ---D | C]
 TFC.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\TFC.exe -> [2010/09/02 08:34:41 | 000,446,464 | ---- | C] (OldTimer Tools)
 OTL.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\OTL.exe -> [2010/09/01 10:48:47 | 000,574,976 | ---- | C] (OldTimer Tools)
 ERUNT -> C:\Program Files\ERUNT -> [2010/08/29 13:24:09 | 000,000,000 | ---D | C]
 Safer Networking -> C:\Program Files\Safer Networking -> [2010/08/29 12:32:59 | 000,000,000 | ---D | C]
 Image Zone Express -> C:\Documents and Settings\Brooke and Nick\Application Data\Image Zone Express -> [2010/08/20 21:09:05 | 000,000,000 | ---D | C]
 Photo! Web Album -> C:\Documents and Settings\Brooke and Nick\Application Data\Photo! Web Album -> [2010/08/20 21:01:20 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/08/17 15:40:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/08/17 15:40:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/08/17 15:40:11 | 000,000,000 | ---D | C]
 skypePM -> C:\Documents and Settings\Brooke and Nick\Application Data\skypePM -> [2010/08/15 21:35:58 | 000,000,000 | ---D | C]
 Skype -> C:\Documents and Settings\Brooke and Nick\Application Data\Skype -> [2010/08/15 21:33:00 | 000,000,000 | ---D | C]
 Skype -> C:\Program Files\Common Files\Skype -> [2010/08/15 21:32:11 | 000,000,000 | ---D | C]
 Skype -> C:\Program Files\Skype -> [2010/08/15 21:32:06 | 000,000,000 | R--D | C]
 Skype -> C:\Documents and Settings\All Users\Application Data\Skype -> [2010/08/15 21:31:58 | 000,000,000 | ---D | C]
 iPod -> C:\Program Files\iPod -> [2010/08/15 12:54:47 | 000,000,000 | ---D | C]
 windows-kb890830-v3.10.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\windows-kb890830-v3.10.exe -> [2010/08/11 21:43:27 | 012,049,864 | ---- | C] (Microsoft Corporation)
 MpEngineStore -> C:\WINDOWS\System32\MpEngineStore -> [2010/08/11 20:01:30 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\OTS.exe -> [2010/09/05 13:12:24 | 000,641,024 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/09/05 12:24:00 | 000,000,904 | ---- | M] ()
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2010/09/05 11:43:09 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/09/05 11:43:09 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/09/05 11:43:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2010/09/05 11:43:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/09/05 11:43:09 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.)
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/09/05 11:41:04 | 000,002,206 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/09/05 11:41:00 | 000,000,900 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/09/05 11:40:41 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/09/05 11:40:38 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/09/05 11:40:35 | 1072,775,168 | -HS- | M] ()
 NTUSER.DAT -> C:\Documents and Settings\Brooke and Nick\NTUSER.DAT -> [2010/09/05 11:39:42 | 009,437,184 | -H-- | M] ()
 ntuser.ini -> C:\Documents and Settings\Brooke and Nick\ntuser.ini -> [2010/09/05 11:39:42 | 000,000,278 | -HS- | M] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/09/04 23:25:37 | 000,002,137 | ---- | M] ()
 BrookeBook.pdf -> C:\Documents and Settings\Brooke and Nick\Desktop\BrookeBook.pdf -> [2010/09/04 10:35:58 | 003,580,936 | ---- | M] ()
 SecurityCheck.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\SecurityCheck.exe -> [2010/09/04 02:35:35 | 000,869,051 | ---- | M] ()
 esetsmartinstaller_enu.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\esetsmartinstaller_enu.exe -> [2010/09/03 10:38:04 | 002,672,312 | ---- | M] ()
 TFC(2).exe -> C:\Documents and Settings\Brooke and Nick\Desktop\TFC(2).exe -> [2010/09/03 10:20:05 | 000,446,464 | ---- | M] (OldTimer Tools)
 system.ini -> C:\WINDOWS\system.ini -> [2010/09/02 08:51:46 | 000,000,227 | ---- | M] ()
 ComboFix.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\ComboFix.exe -> [2010/09/02 08:40:20 | 003,830,422 | R--- | M] ()
 TFC.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\TFC.exe -> [2010/09/02 08:34:35 | 000,446,464 | ---- | M] (OldTimer Tools)
 Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2010/09/01 22:50:07 | 000,002,265 | ---- | M] ()
 w4v3o0ts.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\w4v3o0ts.exe -> [2010/09/01 11:28:11 | 000,293,376 | ---- | M] ()
 OTL.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\OTL.exe -> [2010/09/01 10:48:44 | 000,574,976 | ---- | M] (OldTimer Tools)
 Halo Reach Target Poster 08312010.pdf -> C:\Documents and Settings\Brooke and Nick\Desktop\Halo Reach Target Poster 08312010.pdf -> [2010/08/31 20:04:59 | 008,035,668 | ---- | M] ()
 Writers_Ultimate_Resource_Guide.pdf -> C:\Documents and Settings\Brooke and Nick\Desktop\Writers_Ultimate_Resource_Guide.pdf -> [2010/08/30 16:34:55 | 002,214,304 | ---- | M] ()
 boudior Bio.odt -> C:\Documents and Settings\Brooke and Nick\My Documents\boudior Bio.odt -> [2010/08/30 15:33:49 | 000,011,624 | ---- | M] ()
 dds.scr -> C:\Documents and Settings\Brooke and Nick\Desktop\dds.scr -> [2010/08/29 13:30:01 | 000,525,824 | ---- | M] ()
 ERUNT AutoBackup.lnk -> C:\Documents and Settings\Brooke and Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2010/08/29 13:24:24 | 000,000,767 | ---- | M] ()
 ERUNT.lnk -> C:\Documents and Settings\Brooke and Nick\Desktop\ERUNT.lnk -> [2010/08/29 13:24:09 | 000,000,592 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/08/29 12:49:21 | 000,416,183 | R--- | M] ()
 boot.ini -> C:\boot.ini -> [2010/08/29 12:39:07 | 000,000,422 | RHS- | M] ()
 hosts.20100829-124921.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100829-124921.backup -> [2010/08/26 14:43:21 | 000,416,183 | R--- | M] ()
 hosts.20100826-144321.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100826-144321.backup -> [2010/08/26 14:41:18 | 000,416,183 | R--- | M] ()
 Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/08/26 14:38:32 | 000,001,729 | ---- | M] ()
 hosts.20100826-144118.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100826-144118.backup -> [2010/08/20 23:18:09 | 000,416,119 | R--- | M] ()
 IconCache.db -> C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\IconCache.db -> [2010/08/18 00:47:47 | 004,847,880 | -H-- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/08/17 15:40:17 | 000,000,696 | ---- | M] ()
 letter for payment.odt -> C:\Documents and Settings\Brooke and Nick\My Documents\letter for payment.odt -> [2010/08/17 13:29:40 | 000,011,890 | ---- | M] ()
 hosts.20100820-231809.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100820-231809.backup -> [2010/08/17 11:24:21 | 000,415,912 | R--- | M] ()
 ezsidmv.dat -> C:\WINDOWS\System32\ezsidmv.dat -> [2010/08/15 21:35:59 | 000,000,056 | -H-- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Brooke and Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2010/08/15 13:37:01 | 000,000,819 | ---- | M] ()
 OpenOffice.org 3.2.lnk -> C:\Documents and Settings\Brooke and Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\OpenOffice.org 3.2.lnk -> [2010/08/15 13:36:30 | 000,000,867 | ---- | M] ()
 Safari.lnk -> C:\Documents and Settings\All Users\Desktop\Safari.lnk -> [2010/08/15 13:00:49 | 000,001,854 | ---- | M] ()
 Apple Safari.lnk -> C:\Documents and Settings\Brooke and Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk -> [2010/08/15 13:00:49 | 000,001,854 | ---- | M] ()
 mapisvc.inf -> C:\WINDOWS\System32\mapisvc.inf -> [2010/08/15 12:45:44 | 000,000,629 | ---- | M] ()
 hosts.20100817-112421.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100817-112421.backup -> [2010/08/13 08:36:46 | 000,415,912 | R--- | M] ()
 windows-kb890830-v3.10.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\windows-kb890830-v3.10.exe -> [2010/08/11 21:47:40 | 012,049,864 | ---- | M] (Microsoft Corporation)
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/08/11 21:16:01 | 000,278,944 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/08/11 20:07:58 | 000,001,374 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/08/11 20:06:31 | 000,501,230 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/08/11 20:06:31 | 000,441,124 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/08/11 20:06:31 | 000,071,060 | ---- | M] ()
 MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/08/11 20:01:30 | 000,000,186 | ---- | M] ()
 hosts.20100813-083646.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100813-083646.backup -> [2010/08/11 16:02:26 | 000,415,912 | R--- | M] ()
 Magic the Gathering.lnk -> C:\Documents and Settings\Brooke and Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Magic the Gathering.lnk -> [2010/08/10 10:51:10 | 000,000,829 | ---- | M] ()
 hosts.20100811-160226.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100811-160226.backup -> [2010/08/09 18:28:43 | 000,415,172 | R--- | M] ()
 
[Files - No Company Name]
 BrookeBook.pdf -> C:\Documents and Settings\Brooke and Nick\Desktop\BrookeBook.pdf -> [2010/09/04 10:36:14 | 003,580,936 | ---- | C] ()
 SecurityCheck.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\SecurityCheck.exe -> [2010/09/04 02:35:37 | 000,869,051 | ---- | C] ()
 esetsmartinstaller_enu.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\esetsmartinstaller_enu.exe -> [2010/09/03 10:38:10 | 002,672,312 | ---- | C] ()
 w4v3o0ts.exe -> C:\Documents and Settings\Brooke and Nick\Desktop\w4v3o0ts.exe -> [2010/09/01 11:28:57 | 000,293,376 | ---- | C] ()
 Halo Reach Target Poster 08312010.pdf -> C:\Documents and Settings\Brooke and Nick\Desktop\Halo Reach Target Poster 08312010.pdf -> [2010/08/31 20:03:42 | 008,035,668 | ---- | C] ()
 Writers_Ultimate_Resource_Guide.pdf -> C:\Documents and Settings\Brooke and Nick\Desktop\Writers_Ultimate_Resource_Guide.pdf -> [2010/08/30 16:34:59 | 002,214,304 | ---- | C] ()
 boudior Bio.odt -> C:\Documents and Settings\Brooke and Nick\My Documents\boudior Bio.odt -> [2010/08/30 15:33:48 | 000,011,624 | ---- | C] ()
 dds.scr -> C:\Documents and Settings\Brooke and Nick\Desktop\dds.scr -> [2010/08/29 13:30:02 | 000,525,824 | ---- | C] ()
 ERUNT AutoBackup.lnk -> C:\Documents and Settings\Brooke and Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2010/08/29 13:24:24 | 000,000,767 | ---- | C] ()
 ERUNT.lnk -> C:\Documents and Settings\Brooke and Nick\Desktop\ERUNT.lnk -> [2010/08/29 13:24:09 | 000,000,592 | ---- | C] ()
 Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/08/26 14:38:31 | 000,001,729 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/08/17 15:40:17 | 000,000,696 | ---- | C] ()
 letter for payment.odt -> C:\Documents and Settings\Brooke and Nick\My Documents\letter for payment.odt -> [2010/08/17 13:13:41 | 000,011,890 | ---- | C] ()
 ezsidmv.dat -> C:\WINDOWS\System32\ezsidmv.dat -> [2010/08/15 21:35:59 | 000,000,056 | -H-- | C] ()
 Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2010/08/15 21:32:12 | 000,002,265 | ---- | C] ()
 Safari.lnk -> C:\Documents and Settings\All Users\Desktop\Safari.lnk -> [2010/08/15 13:00:49 | 000,001,854 | ---- | C] ()
 iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2010/08/15 12:56:37 | 000,002,137 | ---- | C] ()
 MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2010/08/11 20:01:30 | 000,000,186 | ---- | C] ()
 czyiwa.dat -> C:\Documents and Settings\Brooke and Nick\Application Data\czyiwa.dat -> [2010/06/01 10:14:35 | 000,000,012 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2010/05/29 08:50:40 | 000,000,238 | ---- | C] ()
 .811261211181235583101118113995 -> C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995 -> [2010/01/10 02:11:15 | 000,000,026 | -H-- | C] ()
 mkghj.dll -> C:\WINDOWS\System32\mkghj.dll -> [2009/08/01 22:00:59 | 000,000,007 | ---- | C] ()
 WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2009/06/19 22:13:19 | 000,000,754 | ---- | C] ()
 hpzinstall.log -> C:\Documents and Settings\All Users\Application Data\hpzinstall.log -> [2009/05/22 23:23:12 | 000,000,387 | ---- | C] ()
 KPCMS.INI -> C:\WINDOWS\KPCMS.INI -> [2009/04/04 10:01:29 | 000,000,173 | ---- | C] ()
 MSVCRT10.DLL -> C:\WINDOWS\System32\MSVCRT10.DLL -> [2009/04/04 10:00:39 | 000,210,944 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/04/02 19:01:42 | 000,009,216 | ---- | C] ()
 AVSMediaPlayer.m3u -> C:\Documents and Settings\Brooke and Nick\Application Data\AVSMediaPlayer.m3u -> [2009/03/13 13:01:37 | 000,000,000 | ---- | C] ()
 xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/03/13 12:56:46 | 000,524,288 | ---- | C] ()
 xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/03/13 12:56:46 | 000,139,264 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\fusioncache.dat -> [2009/03/13 12:38:47 | 000,000,138 | ---- | C] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Brooke and Nick\Application Data\GDIPFONTCACHEV1.DAT -> [2009/02/27 19:17:14 | 000,064,664 | ---- | C] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/02/27 14:45:34 | 000,072,384 | ---- | C] ()
 IconCache.db -> C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\IconCache.db -> [2009/02/27 12:18:57 | 004,847,880 | -H-- | C] ()
 desktop.ini -> C:\Documents and Settings\Brooke and Nick\Application Data\desktop.ini -> [2009/02/27 10:23:37 | 000,000,062 | -HS- | C] ()
 ICCProfiles.dll -> C:\WINDOWS\System32\ICCProfiles.dll -> [2008/04/29 14:42:24 | 000,503,808 | ---- | C] ()
 iPlayer.INI -> C:\WINDOWS\iPlayer.INI -> [2007/11/10 20:13:39 | 000,000,000 | ---- | C] ()
 QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2007/10/21 13:09:18 | 000,001,372 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/01/01 20:34:06 | 000,000,376 | ---- | C] ()
 desktop.ini -> C:\Documents and Settings\All Users\Application Data\desktop.ini -> [2007/01/01 14:15:44 | 000,000,062 | -HS- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/06/29 14:58:52 | 000,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/06/29 14:53:56 | 000,026,489 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/18 15:39:28 | 000,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/18 15:39:28 | 000,026,040 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 18:01:54 | 000,235,008 | ---- | C] ()
 MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 14:46:58 | 000,065,536 | ---- | C] ()
< End of report >
 
Hi HeadlessChief

Of course, I wanted it.........:oops:

do you know what this program is ?
C:\Documents and Settings\Brooke and Nick\Desktop\w4v3o0ts.exe

Start OTS. Copy/Paste the information in the Code box below into the pane where it says Paste fix here and then click the Run Fix button.
Code:
[Win32 Services - Safe List]
YN -> (MSWU-f36decbb) MSWU-f36decbb [Disabled | Stopped] -> C:\WINDOWS\System32\f36decbb.exe
YN -> (MSWU-38adf938) MSWU-38adf938 [Disabled | Stopped] -> C:\WINDOWS\System32\38adf938.exe
[Files - No Company Name]
NY ->  mkghj.dll -> C:\WINDOWS\System32\mkghj.dll
NY ->  DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.
Post that information back here.
 
[Win32 Services - Safe List]
Service MSWU-f36decbb stopped successfully!
Service MSWU-38adf938 stopped successfully!
[Files - No Company Name]
C:\WINDOWS\System32\mkghj.dll moved successfully.
C:\Documents and Settings\Brooke and Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.36.0 fix logfile created on 09062010_113239

Thank you!
 
Back
Top