Potential Rootkit/internet quarrantine

[peku006]

Hi HeadlessChief

I'd like you to check a file for Viruses.

• Go to VirusTotal or Jotti's

C:\Documents and Settings\Brooke and Nick\Desktop\w4v3o0ts.exe

• Copy/Paste file into the white Upload a file box.
• Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
• After a while, a window will open, with details of what the scans found.
• Copy and Paste results in your next reply.

Thanks peku006

 

[HeadlessChief]

It didn't really pop up a report, but I copied everything on the page...:spider:

Antivirus Version Last Update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.06 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.06 -
Avast 4.8.1351.0 2010.09.06 -
Avast5 5.0.594.0 2010.09.06 -
AVG 9.0.0.851 2010.09.06 -
BitDefender 7.2 2010.09.06 -
CAT-QuickHeal 11.00 2010.09.06 -
ClamAV 0.96.2.0-git 2010.09.06 -
Comodo 5990 2010.09.06 -
DrWeb 5.0.2.03300 2010.09.06 -
Emsisoft 5.0.0.37 2010.09.06 -
eSafe 7.0.17.0 2010.09.05 Win32.TrojanHorse
eTrust-Vet 36.1.7839 2010.09.06 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.06 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.06 -
Ikarus T3.1.1.88.0 2010.09.06 -
Jiangmin 13.0.900 2010.09.06 -
K7AntiVirus 9.63.2453 2010.09.06 -
Kaspersky 7.0.0.125 2010.09.06 -
McAfee 5.400.0.1158 2010.09.06 -
McAfee-GW-Edition 2010.1B 2010.09.06 -
Microsoft 1.6103 2010.09.06 -
NOD32 5428 2010.09.06 -
Norman 6.05.11 2010.09.06 -
nProtect 2010-09-07.01 2010.09.06 -
Panda 10.0.2.7 2010.09.06 -
PCTools 7.0.3.5 2010.09.06 -
Prevx 3.0 2010.09.06 -
Rising 22.64.00.04 2010.09.06 -
Sophos 4.57.0 2010.09.06 -
Sunbelt 6839 2010.09.06 -
SUPERAntiSpyware 4.40.0.1006 2010.09.06 -
Symantec 20101.1.1.7 2010.09.06 -
TheHacker 6.5.2.1.365 2010.09.06 -
TrendMicro 9.120.0.1004 2010.09.06 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.06 -
VBA32 3.12.14.0 2010.09.06 -
ViRobot 2010.9.6.4028 2010.09.06 -
VirusBuster 12.64.20.0 2010.09.06 -
MD5 : f80f6e09e7f4bafe478ca0da6137e1e2
SHA1 : 719082766cf4f60c8bdaa2b2c9f6967ecbcf8722
SHA256: 682fd0d13d7caf4b17a1eb9bafa0a3c3598139bb3623d3f5fba3bfbd0a6d424a
ssdeep: 6144:Uwbg2xeuJgWM/S1tm/xCIoQPJVZCzw5bEPb3cV9iYpTkyTFHS2:Uw82IZWM61tUXRd9IPb
3cVZkyp/
File size : 293376 bytes
First seen: 2009-12-15 11:56:33
Last seen : 2010-09-06 17:49:11
TrID:
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: 1, 0, 15, 15281
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
packers (F-Prot): UPX
packers (Kaspersky): UPX, PE_Patch
PEInfo: PE structure information


[[ basic data ]]
entrypointaddress: 0xB3F40
timedatestamp....: 0x4B2763F0 (Tue Dec 15 10:24:48 2009)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
UPX0, 0x1000, 0x6D000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
UPX1, 0x6E000, 0x47000, 0x46200, 7.93, 7b777c30b7f75e5eb654691bb1616dcb
.rsrc, 0xB5000, 0x2000, 0x1400, 3.38, 710fb4291f153e98a3a03f3473b8bfd6

[[ 1 import(s) ]]
KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess

 

[peku006]

Hi HeadlessChief

• Please download Rootkit Unhooker Save it to your desktop.
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
• Wait till the scanner has finished and then click File, Save Report.
• Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here. Post fresh dds logs (dds.txt + attach.txt) too.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

Thanks peku006

 

[HeadlessChief]

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF1CC000 C:\WINDOWS\System32\ati3duag.dll 3887104 bytes (ATI Technologies Inc. , ati3duag.dll)
0xB9ABD000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 3817472 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF9C5000 C:\WINDOWS\System32\ativvaxx.dll 2646016 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9934000 C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB988C000 C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF065000 C:\WINDOWS\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF7F16000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0FE000 C:\WINDOWS\System32\atikvmag.dll 536576 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xA855F000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xA8628000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB970C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA870D000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA5EF9000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF181000 C:\WINDOWS\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9846000 C:\WINDOWS\system32\drivers\emu10k1m.sys 286720 bytes (Creative Technology Ltd., Creative SB Live! Adapter Driver)
0xA5FA0000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9A56000 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB9792000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF79AC000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA6199000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7D1E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA8698000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA86E5000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF78B6000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA8602000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9822000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB97EA000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9A33000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA86C3000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7C2B000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF78DC000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9A8C000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 118784 bytes (Intel Corporation, NDIS 5 driver)
0xF7DF9000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF789E000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8496000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7886000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7C02000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB97D3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA5D04000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB980E000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9AA9000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8766000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7C19000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF799B000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB97C2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA84AE000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xF7A7B000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA4F9000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA529000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A8B000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA5E31000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF796B000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7A3B000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA509000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A9B000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7A1B000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7846000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF7ABB000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7A5B000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF78FB000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA4E9000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7A0B000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7AAB000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF79FB000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF795B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF797B000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7A2B000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7856000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA539000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF798B000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF790B000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA559000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7A4B000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA519000 C:\WINDOWS\system32\drivers\sfmanm.sys 36864 bytes (Creative Technology Ltd., SoundFont(R) Manager)
0xF7876000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7ADB000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF7B73000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7BDB000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7B7B000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7AF3000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7AFB000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xF7ACB000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7BE3000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7B8B000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7B83000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7BB3000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7B03000 C:\WINDOWS\system32\DRIVERS\point32.sys 24576 bytes (Microsoft Corporation, Point32.sys)
0xF7B93000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7BCB000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7BBB000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7BD3000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AD3000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BA3000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BAB000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7B9B000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B33000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA7BF000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA6422000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA7F0000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7C5B000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB965C000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7D03000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA60B1000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7D07000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7E8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7CDF000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D7D000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D71000 C:\WINDOWS\system32\drivers\ctlfacem.sys 8192 bytes (Creative Technology Ltd., Creative SB Live! Interface Driver)
0xF7D51000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7D99000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D7B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D4F000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D4B000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D7F000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D5D000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D81000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D75000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D77000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D4D000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E2B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB9F4F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7E33000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
[1084]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1084]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1084]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1084]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1084]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1084]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[1084]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]

DDS (Ver_10-03-17.01) - NTFSx86
Run by Brooke and Nick at 15:18:17.39 on Mon 09/06/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.728 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Brooke and Nick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://firefox/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\brooke~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: safer-networking.org\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183257388593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brooke~1\applic~1\mozilla\firefox\profiles\vj8qx2x8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=
FF - plugin: c:\documents and settings\brooke and nick\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\brooke and nick\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\brooke and nick\application data\mozilla\firefox\profiles\vj8qx2x8.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-26 133104]
S4 MSWU-38adf938;MSWU-38adf938;c:\windows\system32\38adf938.exe --> c:\windows\system32\38adf938.exe [?]
S4 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe --> c:\windows\system32\f36decbb.exe [?]

=============== Created Last 30 ================

2010-09-06 15:32:39 0 d-----w- C:\_OTS
2010-09-05 15:43:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-05 15:43:31 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-02 12:40:55 0 d-----w- C:\ComboFix
2010-08-29 16:32:59 0 d-----w- c:\program files\Safer Networking
2010-08-21 01:01:20 0 d-----w- c:\docume~1\brooke~1\applic~1\Photo! Web Album
2010-08-17 19:40:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 19:40:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 19:40:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-16 01:35:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-16 01:32:06 0 d-----r- c:\program files\Skype
2010-08-15 16:54:47 0 d-----w- c:\program files\iPod
2010-08-12 00:01:30 186 ----a-w- c:\windows\system32\MRT.INI
2010-08-12 00:01:30 0 d-----w- c:\windows\system32\MpEngineStore

==================== Find3M ====================

2010-08-02 23:16:26 132220 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-02-26 18:56:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009022620090227\index.dat

============= FINISH: 15:18:54.20 ===============

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2007 9:58:52 PM
System Uptime: 9/6/2010 10:21:18 AM (5 hours ago)

Motherboard: Dell Computer Corporation | | Dimension 8200
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1993/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 14.084 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 57 GiB total, 31.399 GiB free.
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Unimodem Half-Duplex Audio Device
Device ID: MODEMWAVE\0\{65C2FF3D-A18F-4C9E-916D-D485CEEF7D18}
Manufacturer: Microsoft
Name: Unimodem Half-Duplex Audio Device
PNP Device ID: MODEMWAVE\0\{65C2FF3D-A18F-4C9E-916D-D485CEEF7D18}
Service: MODEMCSA

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Creative SBLive! Gameport
Device ID: PCI\VEN_1102&DEV_7002&SUBSYS_00201102&REV_0A\4&19FD8D60&0&49F0
Manufacturer: Creative
Name: Creative SBLive! Gameport
PNP Device ID: PCI\VEN_1102&DEV_7002&SUBSYS_00201102&REV_0A\4&19FD8D60&0&49F0
Service: gameenum

==== System Restore Points ===================

RP650: 8/3/2010 4:54:05 PM - Software Distribution Service 3.0
RP651: 8/9/2010 4:00:03 PM - System Checkpoint
RP652: 8/10/2010 9:12:59 PM - System Checkpoint
RP653: 8/11/2010 7:56:00 PM - Software Distribution Service 3.0
RP654: 8/12/2010 12:31:51 AM - Installed Microsoft Fix it 50102
RP655: 8/13/2010 9:05:42 PM - System Checkpoint
RP656: 8/14/2010 11:24:04 PM - System Checkpoint
RP657: 8/15/2010 11:37:44 PM - System Checkpoint
RP658: 8/17/2010 2:37:18 PM - System Checkpoint
RP659: 8/19/2010 9:58:25 AM - System Checkpoint
RP660: 8/20/2010 1:44:53 PM - System Checkpoint
RP661: 8/21/2010 2:00:28 PM - System Checkpoint
RP662: 8/22/2010 7:25:40 PM - System Checkpoint
RP663: 8/24/2010 11:06:38 AM - System Checkpoint
RP664: 8/25/2010 2:35:44 PM - System Checkpoint
RP665: 8/26/2010 4:56:23 PM - System Checkpoint
RP666: 8/28/2010 2:00:00 PM - System Checkpoint
RP667: 8/29/2010 12:02:24 PM - Removed Zoo Tycoon 2 - Extinct Animals
RP668: 8/30/2010 8:10:41 PM - System Checkpoint
RP669: 8/31/2010 10:54:25 PM - System Checkpoint
RP670: 9/1/2010 11:46:30 PM - System Checkpoint
RP671: 9/3/2010 2:39:30 PM - System Checkpoint
RP672: 9/4/2010 3:46:37 PM - System Checkpoint
RP673: 9/5/2010 11:30:03 AM - Removed Java(TM) 6 Update 13
RP674: 9/5/2010 11:36:10 AM - Removed Java(TM) 6 Update 18
RP675: 9/5/2010 11:37:38 AM - Removed Skype Toolbars
RP676: 9/5/2010 11:42:58 AM - Installed Java(TM) 6 Update 21
RP677: 9/6/2010 12:12:59 PM - System Checkpoint

==== Installed Programs ======================

ACDSee
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
BN eReader
Bonjour
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Citrix Presentation Server Client - Web Only
Critical Update for Windows Media Player 11 (KB959772)
Destinations
Director
EA Download Manager
ERUNT 1.1j
Fax
Final Draft
GIMP 2.6.8
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 4.7
HP Image Zone Express
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Update
HPSystemDiagnostics
ImageMixer3
InterActual Player
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Linksys EasyLink Advisor 1.5 (1010)
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.2
Paint Shop Pro 7 ESD
Photo Toolkit 1.7
Picasa 3
QFolder
QuickTime
Readme
Safari
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skins
Skype™ 4.2
Sonic Encoders
Spybot - Search & Destroy
System Requirements Lab
The Sims™ 3
The Sims™ 3 World Adventures
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

9/2/2010 8:38:09 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
9/2/2010 8:35:12 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
9/2/2010 8:35:12 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/2/2010 8:35:12 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
9/2/2010 8:35:12 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
9/2/2010 8:35:12 AM, error: Service Control Manager [7034] - The AST Service service terminated unexpectedly. It has done this 1 time(s).
9/2/2010 8:35:12 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/2/2010 6:56:23 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

==== End Of File ===========================

 

[peku006]

Hi HeadlessChief

We need to run MBRCheck

1. Please download MBRCheck from one of these locations:
   Link 1
   Link 2
   Link 3
2. Double click MBRCheck.exe to run
3. A report called MBRcheck will be on your desktop once the program is done
4. Please copy and paste that into your reply

In your next reply, please include the following:

• MBRCheck Log

Thanks peku006

 

[HeadlessChief]

Thank you for all your help, by the way. :angel:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000005d

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7D4B000 \WINDOWS\system32\KDCOM.DLL
0xF7C5B000 \WINDOWS\system32\BOOTVID.dll
0xF79AC000 ACPI.sys
0xF7D4D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF799B000 pci.sys
0xF79FB000 isapnp.sys
0xF7D4F000 intelide.sys
0xF7ACB000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A0B000 MountMgr.sys
0xF78DC000 ftdisk.sys
0xF7D51000 dmload.sys
0xF78B6000 dmio.sys
0xF7AD3000 PartMgr.sys
0xF7A1B000 VolSnap.sys
0xF789E000 atapi.sys
0xF7ADB000 cercsr6.sys
0xF7886000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7A2B000 disk.sys
0xF7A3B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7C2B000 fltmgr.sys
0xF7C19000 sr.sys
0xF7A4B000 PxHelp20.sys
0xF7C02000 KSecDD.sys
0xF7F16000 Ntfs.sys
0xF7D1E000 NDIS.sys
0xF7DF9000 Mup.sys
0xF7A5B000 agp440.sys
0xBA3AB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9AE3000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xB9ACF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9AB2000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xB9A7C000 \SystemRoot\system32\DRIVERS\HSFBS2S2.sys
0xB9A59000 \SystemRoot\system32\DRIVERS\ks.sys
0xB995A000 \SystemRoot\system32\DRIVERS\HSFDPSP2.sys
0xB98B2000 \SystemRoot\system32\DRIVERS\HSFCXTS2.sys
0xF7B7B000 \SystemRoot\System32\Drivers\Modem.SYS
0xB986C000 \SystemRoot\system32\drivers\emu10k1m.sys
0xB9848000 \SystemRoot\system32\drivers\portcls.sys
0xBA39B000 \SystemRoot\system32\drivers\drmk.sys
0xBA38B000 \SystemRoot\system32\drivers\sfmanm.sys
0xF7D6D000 \SystemRoot\system32\drivers\ctlfacem.sys
0xF7B83000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA37B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7B8B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA36B000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA7EC000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9834000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA35B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA34B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA33B000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7B93000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7B9B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9810000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7E1F000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7A7B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7E4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB97F9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7A8B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7A9B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7BA3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB97E8000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7AAB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7BAB000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7BB3000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB97B8000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7ABB000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7BBB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7D6F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB975A000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7BB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF798B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7D71000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF797B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7BC3000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7D73000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB9FA1000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D75000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7BD3000 \SystemRoot\System32\drivers\vga.sys
0xF7D77000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D79000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7BDB000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7BE3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9EA9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA87BE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8765000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA873D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA871B000 \SystemRoot\System32\drivers\afd.sys
0xF792B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA86F0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8680000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF791B000 \SystemRoot\System32\Drivers\Fips.SYS
0xA865A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF790B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7AF3000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7CDF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7876000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7AFB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7B03000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xF7866000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA85AD000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF7CE3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7B0B000 \SystemRoot\system32\DRIVERS\point32.sys
0xA84FC000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA84E4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7D97000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9659000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7B33000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7E5E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF065000 \SystemRoot\System32\ati2cqag.dll
0xBF0FE000 \SystemRoot\System32\atikvmag.dll
0xBF181000 \SystemRoot\System32\atiok3x2.dll
0xBF1CC000 \SystemRoot\System32\ati3duag.dll
0xBF9C5000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA6468000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA61FF000 \SystemRoot\system32\drivers\wdmaud.sys
0xF78FB000 \SystemRoot\system32\drivers\sysaudio.sys
0xA5EFC000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7D8B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA5DB7000 \SystemRoot\System32\Drivers\HTTP.sys
0xA5EE0000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA5C70000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
536 C:\WINDOWS\system32\smss.exe
600 csrss.exe
632 C:\WINDOWS\system32\winlogon.exe
676 C:\WINDOWS\system32\services.exe
688 C:\WINDOWS\system32\lsass.exe
848 C:\WINDOWS\system32\svchost.exe
928 svchost.exe
1020 C:\WINDOWS\system32\svchost.exe
1064 svchost.exe
1132 svchost.exe
1412 C:\WINDOWS\system32\spoolsv.exe
1704 C:\WINDOWS\explorer.exe
1860 svchost.exe
1896 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1908 C:\WINDOWS\system32\ASTSRV.EXE
1952 C:\Program Files\Bonjour\mDNSResponder.exe
1992 C:\WINDOWS\ehome\ehrecvr.exe
168 C:\WINDOWS\ehome\ehSched.exe
376 C:\Program Files\Java\jre6\bin\jqs.exe
452 C:\WINDOWS\system32\HPZipm12.exe
1184 C:\Program Files\iTunes\iTunesHelper.exe
1224 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1260 C:\WINDOWS\system32\ctfmon.exe
1248 svchost.exe
1292 C:\WINDOWS\system32\svchost.exe
1592 mcrdsvc.exe
2260 C:\WINDOWS\system32\devldr32.exe
2352 C:\WINDOWS\system32\dllhost.exe
2472 C:\Program Files\iPod\bin\iPodService.exe
2684 C:\WINDOWS\system32\wscntfy.exe
2844 alg.exe
1048 C:\Documents and Settings\Brooke and Nick\Desktop\SafernetworkHelper\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`01f60800 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-75CAA0, Rev: 16.06V16
PhysicalDrive1 Model Number: Maxtor4D060H3, Rev: DAH017K0

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
57 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[peku006]

Hi HeadlessChief

nothing unusual...........
we need to update combofix........
we start by removing the old version

Download OTC by Old Timer and save it to your Desktop.

• Double-click OTC.exe
• Click the CleanUp! button
• Select Yes when the Begin cleanup Process? Prompt appears
• If you are prompted to Reboot during the cleanup, select Yes
• The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

download a fresh copy from here

Please include the C:\ComboFix.txt in your next reply

Thanks peku006

 

[HeadlessChief]

ComboFix 10-09-06.04 - Brooke and Nick 09/07/2010 12:03:03.12.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.683 [GMT -4:00]
Running from: c:\documents and settings\Brooke and Nick\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.

2010-09-05 15:44 . 2010-09-05 15:44 -------- d-----w- c:\program files\Common Files\Java
2010-09-05 15:43 . 2010-09-05 15:43 503808 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\msvcp71.dll
2010-09-05 15:43 . 2010-09-05 15:43 61440 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2061f8d4-n\decora-sse.dll
2010-09-05 15:43 . 2010-09-05 15:43 499712 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\jmc.dll
2010-09-05 15:43 . 2010-09-05 15:43 348160 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\msvcr71.dll
2010-09-05 15:43 . 2010-09-05 15:43 12800 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2061f8d4-n\decora-d3d.dll
2010-09-05 15:43 . 2010-09-05 15:43 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\program files\ERUNT
2010-08-29 16:32 . 2010-08-29 16:32 -------- d-----w- c:\program files\Safer Networking
2010-08-21 01:09 . 2010-08-21 01:09 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Image Zone Express
2010-08-21 01:01 . 2010-08-21 01:07 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Photo! Web Album
2010-08-17 19:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 19:40 . 2010-08-17 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 19:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 01:35 . 2010-08-16 01:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-16 01:35 . 2010-09-02 02:50 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\skypePM
2010-08-16 01:33 . 2010-09-02 02:51 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Skype
2010-08-16 01:32 . 2010-08-16 01:32 -------- d-----w- c:\program files\Common Files\Skype
2010-08-16 01:32 . 2010-09-05 15:37 -------- d-----r- c:\program files\Skype
2010-08-16 01:31 . 2010-08-16 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-15 16:57 . 2010-08-15 16:57 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-15 16:54 . 2010-08-15 16:54 -------- d-----w- c:\program files\iPod
2010-08-15 16:45 . 2010-08-15 16:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-12 00:01 . 2010-08-12 00:01 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-10 15:09 . 2010-08-10 15:09 568832 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-10 15:09 . 2010-08-10 15:09 686080 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-10 15:09 . 2010-08-10 15:09 655872 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-10 15:09 . 2010-08-10 15:09 583168 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-10 15:09 . 2010-08-10 15:09 224768 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcm90.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 02:11 . 2009-06-22 14:06 1 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-05 15:30 . 2009-02-26 01:59 -------- d-----w- c:\program files\Java
2010-08-29 17:33 . 2009-05-19 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-29 16:03 . 2007-05-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-29 16:03 . 2009-02-27 16:11 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Microsoft Games
2010-08-29 16:03 . 2009-02-27 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
2010-08-24 04:46 . 2009-10-03 03:15 -------- d-----w- c:\program files\Paint Shop Pro 7
2010-08-21 01:00 . 2009-04-12 19:03 -------- d-----w- c:\program files\Web Photo Album
2010-08-17 19:40 . 2010-06-11 23:42 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Malwarebytes
2010-08-17 19:40 . 2010-06-11 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-15 17:00 . 2010-05-07 00:48 -------- d-----w- c:\program files\Safari
2010-08-15 16:56 . 2010-07-04 20:29 -------- d-----w- c:\program files\iTunes
2010-08-15 16:54 . 2007-08-17 01:13 -------- d-----w- c:\program files\Common Files\Apple
2010-08-02 23:16 . 2010-06-16 01:37 132220 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-07-26 01:20 . 2010-07-26 01:17 -------- d-----w- c:\program files\CA
2010-07-26 01:12 . 2010-07-26 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-07-26 01:05 . 2010-06-15 13:57 20232 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe_rc.dll
2010-07-26 01:05 . 2010-06-15 13:57 243976 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\unicows.dll
2010-07-25 16:23 . 2007-01-02 03:05 -------- d-----w- c:\program files\GemMaster
2010-07-23 19:59 . 2009-02-27 18:45 72384 ----a-w- c:\documents and settings\Brooke and Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-23 17:13 . 2009-06-22 14:00 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-23 02:09 . 2010-07-23 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-23 01:40 . 2010-07-23 01:40 120 ----a-w- c:\windows\Bfulez.dat
2010-07-23 01:40 . 2010-07-23 01:40 0 ----a-w- c:\windows\Eyuzuw.bin
2010-07-03 03:33 . 2007-01-09 00:18 72384 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-10 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 17:20 . 2010-06-28 17:20 72384 ----a-w- c:\documents and settings\New User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-24 12:15 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-10 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-10 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 13:57 . 2010-06-15 13:57 615688 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe.exe
2010-06-15 13:57 . 2010-06-15 13:57 353544 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
2010-06-15 13:57 . 2010-06-15 13:57 632072 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\msvcr80.dll
2010-06-15 01:19 . 2010-06-15 01:19 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 14:31 . 2007-01-02 02:51 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Brooke and Nick\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-04-03 03:07 389120 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
2006-10-28 01:34 65536 ----a-w- c:\program files\Photo Toolkit\IvBar\phototoolkitmem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 17:56 1406024 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2008-06-10 17:56 1442888 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 03:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSWU-f36decbb"=2 (0x2)
"MSWU-38adf938"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Desktop\\Copied stuff from F drive\\Backup Data Disc 2\\Magic\\Manalink.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 10:50 AM 133104]
S4 MSWU-38adf938;MSWU-38adf938;c:\windows\system32\38adf938.exe --> c:\windows\system32\38adf938.exe [?]
S4 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe --> c:\windows\system32\f36decbb.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]

2009-02-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 17:56]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://firefox/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
Trusted Zone: safer-networking.org\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Google Update - c:\documents and settings\Brooke and Nick\Local Settings\Application Data\Google\Update\GoogleUpdate.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 12:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1168)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-07 12:14:41
ComboFix-quarantined-files.txt 2010-09-07 16:14

Pre-Run: 15,040,024,576 bytes free
Post-Run: 15,260,172,288 bytes free

- - End Of File - - 965234F120DC0F1386DD330AA12CC092


At Step 3, I encountered the same warning about pev.cfxxe having to close, & reported it to Microsoft. So I took some of your earlier advice & ran Combofix in safemode. I got the same error, but didn't report it this time. It's log is below.

ComboFix 10-09-06.04 - Brooke and Nick 09/07/2010 12:22:17.13.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.690 [GMT -4:00]
Running from: c:\documents and settings\Brooke and Nick\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.

2010-09-05 15:44 . 2010-09-05 15:44 -------- d-----w- c:\program files\Common Files\Java
2010-09-05 15:43 . 2010-09-05 15:43 503808 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\msvcp71.dll
2010-09-05 15:43 . 2010-09-05 15:43 61440 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2061f8d4-n\decora-sse.dll
2010-09-05 15:43 . 2010-09-05 15:43 499712 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\jmc.dll
2010-09-05 15:43 . 2010-09-05 15:43 348160 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-11f01847-n\msvcr71.dll
2010-09-05 15:43 . 2010-09-05 15:43 12800 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2061f8d4-n\decora-d3d.dll
2010-09-05 15:43 . 2010-09-05 15:43 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\program files\ERUNT
2010-08-29 16:32 . 2010-08-29 16:32 -------- d-----w- c:\program files\Safer Networking
2010-08-21 01:09 . 2010-08-21 01:09 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Image Zone Express
2010-08-21 01:01 . 2010-08-21 01:07 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Photo! Web Album
2010-08-17 19:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 19:40 . 2010-08-17 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 19:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 01:35 . 2010-08-16 01:35 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-16 01:35 . 2010-09-02 02:50 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\skypePM
2010-08-16 01:33 . 2010-09-02 02:51 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Skype
2010-08-16 01:32 . 2010-08-16 01:32 -------- d-----w- c:\program files\Common Files\Skype
2010-08-16 01:32 . 2010-09-05 15:37 -------- d-----r- c:\program files\Skype
2010-08-16 01:31 . 2010-08-16 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-15 16:57 . 2010-08-15 16:57 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-15 16:54 . 2010-08-15 16:54 -------- d-----w- c:\program files\iPod
2010-08-15 16:45 . 2010-08-15 16:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-12 00:01 . 2010-08-12 00:01 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-10 15:09 . 2010-08-10 15:09 568832 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-10 15:09 . 2010-08-10 15:09 686080 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-10 15:09 . 2010-08-10 15:09 655872 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-10 15:09 . 2010-08-10 15:09 583168 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-10 15:09 . 2010-08-10 15:09 224768 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\uno_packages\13.tmp_\sun-pdfimport.oxt\msvcm90.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 02:11 . 2009-06-22 14:06 1 ----a-w- c:\documents and settings\Brooke and Nick\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-05 15:30 . 2009-02-26 01:59 -------- d-----w- c:\program files\Java
2010-08-29 17:33 . 2009-05-19 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-29 16:03 . 2007-05-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-29 16:03 . 2009-02-27 16:11 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Microsoft Games
2010-08-29 16:03 . 2009-02-27 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
2010-08-24 04:46 . 2009-10-03 03:15 -------- d-----w- c:\program files\Paint Shop Pro 7
2010-08-21 01:00 . 2009-04-12 19:03 -------- d-----w- c:\program files\Web Photo Album
2010-08-17 19:40 . 2010-06-11 23:42 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Malwarebytes
2010-08-17 19:40 . 2010-06-11 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-15 17:00 . 2010-05-07 00:48 -------- d-----w- c:\program files\Safari
2010-08-15 16:56 . 2010-07-04 20:29 -------- d-----w- c:\program files\iTunes
2010-08-15 16:54 . 2007-08-17 01:13 -------- d-----w- c:\program files\Common Files\Apple
2010-08-02 23:16 . 2010-06-16 01:37 132220 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-07-26 01:20 . 2010-07-26 01:17 -------- d-----w- c:\program files\CA
2010-07-26 01:12 . 2010-07-26 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-07-26 01:05 . 2010-06-15 13:57 20232 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe_rc.dll
2010-07-26 01:05 . 2010-06-15 13:57 243976 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\unicows.dll
2010-07-25 16:23 . 2007-01-02 03:05 -------- d-----w- c:\program files\GemMaster
2010-07-23 19:59 . 2009-02-27 18:45 72384 ----a-w- c:\documents and settings\Brooke and Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-23 17:13 . 2009-06-22 14:00 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-23 02:09 . 2010-07-23 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-23 01:40 . 2010-07-23 01:40 120 ----a-w- c:\windows\Bfulez.dat
2010-07-23 01:40 . 2010-07-23 01:40 0 ----a-w- c:\windows\Eyuzuw.bin
2010-07-03 03:33 . 2007-01-09 00:18 72384 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-10 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 17:20 . 2010-06-28 17:20 72384 ----a-w- c:\documents and settings\New User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-24 12:15 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-10 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-10 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 13:57 . 2010-06-15 13:57 615688 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SelfServe.exe
2010-06-15 13:57 . 2010-06-15 13:57 353544 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
2010-06-15 13:57 . 2010-06-15 13:57 632072 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\msvcr80.dll
2010-06-15 01:19 . 2010-06-15 01:19 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 14:31 . 2007-01-02 02:51 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Brooke and Nick\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-04-03 03:07 389120 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
2006-10-28 01:34 65536 ----a-w- c:\program files\Photo Toolkit\IvBar\phototoolkitmem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 17:56 1406024 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2008-06-10 17:56 1442888 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 03:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSWU-f36decbb"=2 (0x2)
"MSWU-38adf938"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Desktop\\Copied stuff from F drive\\Backup Data Disc 2\\Magic\\Manalink.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 10:50 AM 133104]
S4 MSWU-38adf938;MSWU-38adf938;c:\windows\system32\38adf938.exe --> c:\windows\system32\38adf938.exe [?]
S4 MSWU-f36decbb;MSWU-f36decbb;c:\windows\system32\f36decbb.exe --> c:\windows\system32\f36decbb.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]

2009-02-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 17:56]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://firefox/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
Trusted Zone: safer-networking.org\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 12:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codecx.acm
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm

- - - - - - - > 'explorer.exe'(1984)
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-07 12:34:55
ComboFix-quarantined-files.txt 2010-09-07 16:34
ComboFix-quarantined-files2.txt 2010-09-07 16:17
ComboFix2.txt 2010-09-07 16:14

Pre-Run: 16,337,281,024 bytes free
Post-Run: 16,327,962,624 bytes free

- - End Of File - - ED4FBD9CA61FCE38B95C303BFEF1F6E6

 

[peku006]

Hi HeadlessChief

Run CFScript

Open Notepad and copy/paste the text in the box into the window:

File::
c:\windows\system32\38adf938.exe
c:\windows\system32\f36decbb.exe
c:\windows\system32\ezsidmv.dat
c:\windows\Bfulez.dat
c:\windows\Eyuzuw.bin

Driver::
MSWU-38adf938
MSWU-f36decbb

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSWU-f36decbb"=-
"MSWU-38adf938"=-

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with

ComboFix log(C:\ComboFix.txt)

Thanks peku006

 

[HeadlessChief]

I really thought I had posted this. I am so sorry.
I thought you were just on a break. I am an idiot. Sorry.

ComboFix 10-09-07.01 - Brooke and Nick 09/07/2010 14:25:54.14.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.676 [GMT -4:00]
Running from: c:\documents and settings\Brooke and Nick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Brooke and Nick\Desktop\CFScript.txt

FILE ::
"c:\windows\Bfulez.dat"
"c:\windows\Eyuzuw.bin"
"c:\windows\system32\38adf938.exe"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\f36decbb.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Bfulez.dat
c:\windows\Eyuzuw.bin
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSWU-38ADF938
-------\Legacy_MSWU-F36DECBB
-------\Service_MSWU-38adf938
-------\Service_MSWU-f36decbb


((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
.

2010-09-05 15:44 . 2010-09-05 15:44 -------- d-----w- c:\program files\Common Files\Java
2010-09-05 15:43 . 2010-09-05 15:43 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 17:24 . 2010-08-29 17:24 -------- d-----w- c:\program files\ERUNT
2010-08-29 16:32 . 2010-08-29 16:32 -------- d-----w- c:\program files\Safer Networking
2010-08-21 01:09 . 2010-08-21 01:09 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Image Zone Express
2010-08-21 01:01 . 2010-08-21 01:07 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Photo! Web Album
2010-08-17 19:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-17 19:40 . 2010-08-17 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-17 19:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-16 01:35 . 2010-09-02 02:50 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\skypePM
2010-08-16 01:33 . 2010-09-02 02:51 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Skype
2010-08-16 01:32 . 2010-08-16 01:32 -------- d-----w- c:\program files\Common Files\Skype
2010-08-16 01:32 . 2010-09-05 15:37 -------- d-----r- c:\program files\Skype
2010-08-16 01:31 . 2010-08-16 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-15 16:54 . 2010-08-15 16:54 -------- d-----w- c:\program files\iPod
2010-08-12 00:01 . 2010-08-12 00:01 -------- d-----w- c:\windows\system32\MpEngineStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 15:30 . 2009-02-26 01:59 -------- d-----w- c:\program files\Java
2010-08-29 17:33 . 2009-05-19 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-29 16:03 . 2007-05-12 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-29 16:03 . 2009-02-27 16:11 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Microsoft Games
2010-08-29 16:03 . 2009-02-27 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
2010-08-24 04:46 . 2009-10-03 03:15 -------- d-----w- c:\program files\Paint Shop Pro 7
2010-08-21 01:00 . 2009-04-12 19:03 -------- d-----w- c:\program files\Web Photo Album
2010-08-17 19:40 . 2010-06-11 23:42 -------- d-----w- c:\documents and settings\Brooke and Nick\Application Data\Malwarebytes
2010-08-17 19:40 . 2010-06-11 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-15 17:00 . 2010-05-07 00:48 -------- d-----w- c:\program files\Safari
2010-08-15 16:56 . 2010-07-04 20:29 -------- d-----w- c:\program files\iTunes
2010-08-15 16:54 . 2007-08-17 01:13 -------- d-----w- c:\program files\Common Files\Apple
2010-08-02 23:16 . 2010-06-16 01:37 132220 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-07-26 01:20 . 2010-07-26 01:17 -------- d-----w- c:\program files\CA
2010-07-26 01:12 . 2010-07-26 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2010-07-25 16:23 . 2007-01-02 03:05 -------- d-----w- c:\program files\GemMaster
2010-07-23 19:59 . 2009-02-27 18:45 72384 ----a-w- c:\documents and settings\Brooke and Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-23 17:13 . 2009-06-22 14:00 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-23 02:09 . 2010-07-23 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-07-03 03:33 . 2007-01-09 00:18 72384 ----a-w- c:\documents and settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2004-08-10 11:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 17:20 . 2010-06-28 17:20 72384 ----a-w- c:\documents and settings\New User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-24 12:15 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-10 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-10 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-10 11:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-10 11:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2004-08-10 11:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2007-06-21 22:38 . 2007-06-21 22:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 22:38 . 2007-06-21 22:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 22:38 . 2007-06-21 22:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 22:38 . 2007-06-21 22:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 22:39 . 2007-06-21 22:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 22:39 . 2007-06-21 22:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 22:39 . 2007-06-21 22:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 22:39 . 2007-06-21 22:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 22:40 . 2007-06-21 22:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Brooke and Nick\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 03:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2006-04-03 03:07 389120 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I&F Viewer toolbar]
2006-10-28 01:34 65536 ----a-w- c:\program files\Photo Toolkit\IvBar\phototoolkitmem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 17:56 1406024 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2008-06-10 17:56 1442888 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 03:21 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Desktop\\Copied stuff from F drive\\Backup Data Disc 2\\Magic\\Manalink.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/26/2009 10:50 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]

2010-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-26 14:50]

2009-02-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 17:56]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://firefox/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
Trusted Zone: safer-networking.org\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Brooke and Nick\Application Data\Mozilla\Firefox\Profiles\vj8qx2x8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 14:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2540)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-07 14:47:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-07 18:47
ComboFix-quarantined-files2.txt 2010-09-07 16:17
ComboFix2.txt 2010-09-07 16:34
ComboFix3.txt 2010-09-07 16:14

Pre-Run: 15,246,053,376 bytes free
Post-Run: 15,246,028,800 bytes free

- - End Of File - - E81AEE15144E66D568E799B4F33B3014

 

[peku006]

Hi HeadlessChief

• Please Download Rootkit Unhooker Save it to your desktop.
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
• Wait till the scanner has finished and then click File, Save Report.
• Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?

Thanks peku006

 

[HeadlessChief]

:thanks::thanks::thanks:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF1CC000 C:\WINDOWS\System32\ati3duag.dll 3887104 bytes (ATI Technologies Inc. , ati3duag.dll)
0xB9AFC000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 3817472 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF9C5000 C:\WINDOWS\System32\ativvaxx.dll 2646016 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9973000 C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB98CB000 C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xBF065000 C:\WINDOWS\System32\ati2cqag.dll 626688 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xF7F16000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF0FE000 C:\WINDOWS\System32\atikvmag.dll 536576 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xA819E000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xA86A3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9773000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA8788000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA5915000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 339968 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF181000 C:\WINDOWS\System32\atiok3x2.dll 307200 bytes (ATI Technologies Inc., Ring 0 x2 component)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB9885000 C:\WINDOWS\system32\drivers\emu10k1m.sys 286720 bytes (Creative Technology Ltd., Creative SB Live! Adapter Driver)
0xA59BC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB9A95000 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xB97D1000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF79AC000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA5AED000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7D1E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA8713000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA8760000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF78B6000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA867D000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB9861000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9829000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9A72000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA873E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7C2B000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF78DC000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9ACB000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 118784 bytes (Intel Corporation, NDIS 5 driver)
0xF7DF9000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF789E000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA80D5000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7886000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7C02000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9812000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA5DC8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB984D000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9AE8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA87E1000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7C19000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF799B000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9801000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA80ED000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xBA3C5000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA3E5000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA415000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7A7B000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA5EAD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF797B000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7A3B000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA3F5000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7A8B000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7A1B000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7856000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF7AAB000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7A5B000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF790B000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA3D5000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7A0B000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7A9B000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF79FB000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF796B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF798B000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7A2B000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7866000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA425000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7ABB000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF791B000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA5379000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7A4B000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA405000 C:\WINDOWS\system32\drivers\sfmanm.sys 36864 bytes (Creative Technology Ltd., SoundFont(R) Manager)
0xF78FB000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7ADB000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xF7B73000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7BDB000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7B7B000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7AF3000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7AFB000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xF7ACB000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7BE3000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7B8B000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF7B83000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7BB3000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7B03000 C:\WINDOWS\system32\DRIVERS\point32.sys 24576 bytes (Microsoft Corporation, Point32.sys)
0xF7B93000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7BCB000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7BBB000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7BD3000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7AD3000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BA3000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BAB000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7B9B000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B23000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA7AF000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA6049000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA7E0000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7C5B000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB967A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7CEB000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA5AE1000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7CEF000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA7D8000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9EBE000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7D89000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D81000 C:\WINDOWS\system32\drivers\ctlfacem.sys 8192 bytes (Creative Technology Ltd., Creative SB Live! Interface Driver)
0xF7D51000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7DA3000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D87000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D4F000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7D4B000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7D8B000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7D8F000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7D8D000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D83000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7D85000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D4D000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E3B000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7E6B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7E85000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
[1708]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1708]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1708]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1708]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1708]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1708]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[1708]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

 

[peku006]

Hi HeadlessChief

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

can you explain a little more......where and what program ?

Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.

1. Read the "Advantages - Requirements and Limitations" then press... the ACCEPT...button.
   The latest program and definition files will be downloaded. It takes time, please be patient, let it finish.
2. Once the files have been downloaded, click on the SETTINGS...button.
   In the scan settings make sure the following are selected:
   • Detect malicious programs of the following categories:
     Viruses, Worms, Trojan Horses, Rootkits
     Spyware, Adware, Dialers and other potentially dangerous programs
   • Scan compound files (doesn't apply to the File scan area):
     Archives
     Mail databases
     By default the above items should already be checked.
   • Click the SAVE...button, if you made any changes.
3. Now under the Scan section on the left:
   • Select My Computer
   The program will start scanning your system. This takes a while, be patient... let it run.
   Once the scan is complete it will display if your system has been infected.
4. Save the scan results as a Text file ... save it to your desktop.
5. Copy and paste the saved scan results file in your next reply.

Thanks peku006

 

[HeadlessChief]

Hi HeadlessChief

can you explain a little more......where and what program ?

I didn't write that. It was on the bottom of the report. I have no idea what it meant.

Doing the scan right now.

 

[peku006]

Hi HeadlessChief

There are a lot of rootkits that are not malicious. Some anti-virus softwares use rootkit-like behavior to try to keep malware from disabling their software. At least for a while, optical drive emulation software (such as Alcohol 120% and Daemon Tools) used rootkit-like behavior to hide their presence from copy protection in games.

the log looks good.

Thanks peku006

 

[HeadlessChief]

Kaspersky Online scanner 7 will not run for me. I've tried to do it twice. The first time it pop up a timed out error. The second time it said it couldn't access it's update source.

 

[HeadlessChief]

I just tried again, & it said Java was interrupted.

What should I do?

 

[peku006]

Hi HeadlessChief

Lets´s try this......

Panda ActiveScan
Vista - W7 users:
Close your browser, right-click on the IE icon on the Start Menu or Quick Launch and select "Run as Administrator".
Please go to Panda ActiveScan © Panda Security... to perform a free online scan.
You must use Internet Explorer as the scan requires ActiveX.

1. Click on the Scan your PC now button.
   A new window will open.
2. Make sure the "Full scan" scan type is CHECKED.
3. Press the "Scan Now" button.
4. You will be prompted to install an ActiveX module. Please allow it.
   If your browser blocks pop-ups, you may see a bar at the top of the window asking you to click, to allow ... please allow it.
   Panda Active scan will update itself... this may also be a pop-up...please allow also.
5. Once the program is updated, it will begin to scan your computer. This will take a long time, so be patient, let it run.
6. Once done, click on Export to:... save it to your Desktop.
7. A file named "ActiveScan.txt" will be created on your desktop.
8. Please copy and paste the contents of the ActiveScan.txt file in your next reply.

Thanks peku006

 

[HeadlessChief]

It took all day, but it looks like it was well worth it. :

ANALYSIS: 2010-09-15 16:33:22
PROTECTIONS: 0
MALWARE: 2
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
06397482 Trj/Clicker.ASH Virus/Trojan No 1 Yes No c:\documents and settings\brooke and nick\application data\mozilla\firefox\profiles\vj8qx2x8.default\user.js.bak
06397482 Trj/Clicker.ASH Virus/Trojan No 1 Yes No c:\documents and settings\paul\application data\mozilla\firefox\profiles\sk8ba9yj.default\user.js
06397482 Trj/Clicker.ASH Virus/Trojan No 1 Yes No c:\documents and settings\brooke and nick\application data\mozilla\firefox\profiles\vj8qx2x8.default\user.js
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\documents and settings\brooke and nick\desktop\combofix.exe[32788r22fwjfw\pev.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\documents and settings\brooke and nick\desktop\combofix.exe[32788r22fwjfw\license\iexplore.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp650\a0114300.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp650\a0114363.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp666\a0120832.exe[32788r22fwjfw\license\iexplore.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp666\a0120832.exe[32788r22fwjfw\pev.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp666\a0120883.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp666\a0120914.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp666\a0120982.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp670\a0121216.exe[32788r22fwjfw\license\iexplore.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp670\a0121216.exe[32788r22fwjfw\license\pev.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp670\a0121216.exe[32788r22fwjfw\pev.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp670\a0121267.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp670\a0121298.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp670\a0121361.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122003.exe[32788r22fwjfw\license\iexplore.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122003.exe[32788r22fwjfw\pev.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122025.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122085.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122113.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122174.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122203.exe[32788r22fwjfw\license\iexplore.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 No No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122203.exe[32788r22fwjfw\pev.exe]
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122253.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122284.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122362.exe
07309541 Adware/SecurityEssentials2010 Adware No 0 Yes No c:\windows\pev.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp670\a0121216.exe
No c:\system volume information\_restore{3250f431-b8bd-4aeb-8719-084dabdabf39}\rp677\a0122003.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description

 

[peku006]

Hi HeadlessChief

Download OTM by Old Timer and save it to your Desktop.

• Double-click OTM.exe to run it.
• Paste the following code under the
  
  area. Do not include the word Code.

:Files
c:\documents and settings\brooke and nick\application data\mozilla\firefox\profiles\vj8qx2x8.default\user.js.bak
c:\documents and settings\paul\application data\mozilla\firefox\profiles\sk8ba9yj.default\user.js
c:\documents and settings\brooke and nick\application data\mozilla\firefox\profiles\vj8qx2x8.default\user.js

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large
  
  button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Thanks peku006