Windows BBS

Windows BBS (http://www.windowsbbs.com/)
-   Malware and Virus Removal (http://www.windowsbbs.com/malware-virus-removal/)
-   -   [Resolved] Need help with possible malware infection (http://www.windowsbbs.com/malware-virus-removal/95156-resolved-need-help-possible-malware-infection.html)

BillB 13th September 2010 20:11

[Resolved] Need help with possible malware infection
 
A friend of mine asked me to have a look at his PC. He complained about emails being sent from his PC that he didn't send, he was afraid someone had hijacked his internet connection. He has Malwarebytes and Superantispyware installed, as well as Norton360. All are up to date, and I have run scans with them. They cleaned up a few things, but nothing that looked that bad to me. I'm posting the DDS logs for someone to look at, hopefully the machine is clean but want to make sure.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/30/2009 6:09:46 PM
System Uptime: 9/13/2010 2:25:07 PM (2 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 770-C45 (MS-7599)
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 3007/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 287.425 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP305: 6/15/2010 5:53:42 AM - System Checkpoint
RP306: 6/16/2010 6:56:56 AM - System Checkpoint
RP307: 6/17/2010 7:53:12 AM - System Checkpoint
RP308: 6/18/2010 8:51:46 AM - System Checkpoint
RP309: 6/19/2010 9:27:42 AM - System Checkpoint
RP310: 6/20/2010 9:59:57 AM - System Checkpoint
RP311: 6/21/2010 10:27:37 AM - System Checkpoint
RP312: 6/22/2010 11:51:37 AM - System Checkpoint
RP313: 6/23/2010 4:02:27 PM - System Checkpoint
RP314: 6/24/2010 3:00:13 AM - Software Distribution Service 3.0
RP315: 6/25/2010 3:03:40 AM - System Checkpoint
RP316: 6/26/2010 3:51:10 AM - System Checkpoint
RP317: 6/27/2010 4:03:35 AM - System Checkpoint
RP318: 6/28/2010 4:19:45 AM - System Checkpoint
RP319: 6/29/2010 4:28:41 AM - System Checkpoint
RP320: 6/30/2010 5:28:41 AM - System Checkpoint
RP321: 7/1/2010 6:28:41 AM - System Checkpoint
RP322: 7/2/2010 7:28:41 AM - System Checkpoint
RP323: 7/3/2010 8:28:45 AM - System Checkpoint
RP324: 7/4/2010 9:34:26 AM - System Checkpoint
RP325: 7/5/2010 10:28:41 AM - System Checkpoint
RP326: 7/6/2010 10:36:44 AM - System Checkpoint
RP327: 7/7/2010 11:36:44 AM - System Checkpoint
RP328: 7/8/2010 12:36:44 PM - System Checkpoint
RP329: 7/9/2010 1:36:44 PM - System Checkpoint
RP330: 7/10/2010 2:36:48 PM - System Checkpoint
RP331: 7/11/2010 2:50:40 PM - System Checkpoint
RP332: 7/12/2010 3:50:40 PM - System Checkpoint
RP333: 7/13/2010 4:50:35 PM - System Checkpoint
RP334: 7/14/2010 5:00:10 PM - System Checkpoint
RP335: 7/15/2010 3:00:13 AM - Software Distribution Service 3.0
RP336: 7/16/2010 3:50:36 AM - System Checkpoint
RP337: 7/17/2010 4:50:40 AM - System Checkpoint
RP338: 7/18/2010 5:50:35 AM - System Checkpoint
RP339: 7/19/2010 6:50:35 AM - System Checkpoint
RP340: 7/20/2010 7:00:22 AM - System Checkpoint
RP341: 7/21/2010 8:33:00 AM - System Checkpoint
RP342: 7/22/2010 9:00:22 AM - System Checkpoint
RP343: 7/23/2010 10:00:22 AM - System Checkpoint
RP344: 7/24/2010 11:00:27 AM - System Checkpoint
RP345: 7/25/2010 12:00:22 PM - System Checkpoint
RP346: 7/26/2010 1:00:22 PM - System Checkpoint
RP347: 7/27/2010 2:00:17 PM - System Checkpoint
RP348: 7/28/2010 2:32:32 PM - System Checkpoint
RP349: 7/29/2010 3:32:31 PM - System Checkpoint
RP350: 7/30/2010 4:32:32 PM - System Checkpoint
RP351: 7/31/2010 5:32:32 PM - System Checkpoint
RP352: 8/2/2010 7:44:27 PM - System Checkpoint
RP353: 8/3/2010 3:00:13 AM - Software Distribution Service 3.0
RP354: 8/4/2010 3:20:27 AM - System Checkpoint
RP355: 8/5/2010 4:34:52 AM - System Checkpoint
RP356: 8/6/2010 5:20:27 AM - System Checkpoint
RP357: 8/7/2010 6:20:27 AM - System Checkpoint
RP358: 8/8/2010 7:20:27 AM - System Checkpoint
RP359: 8/9/2010 8:20:31 AM - System Checkpoint
RP360: 8/10/2010 9:20:21 AM - System Checkpoint
RP361: 8/11/2010 10:01:41 AM - System Checkpoint
RP362: 8/12/2010 11:01:37 AM - System Checkpoint
RP363: 8/13/2010 3:00:13 AM - Software Distribution Service 3.0
RP364: 8/14/2010 3:24:52 AM - System Checkpoint
RP365: 8/15/2010 4:36:29 AM - System Checkpoint
RP366: 8/16/2010 5:21:59 AM - System Checkpoint
RP367: 8/17/2010 6:21:59 AM - System Checkpoint
RP368: 8/18/2010 7:21:53 AM - System Checkpoint
RP369: 8/19/2010 8:21:54 AM - System Checkpoint
RP370: 8/20/2010 9:21:54 AM - System Checkpoint
RP371: 8/21/2010 10:21:53 AM - System Checkpoint
RP372: 8/22/2010 11:33:31 AM - System Checkpoint
RP373: 8/23/2010 12:21:53 PM - System Checkpoint
RP374: 8/24/2010 1:21:53 PM - System Checkpoint
RP375: 8/25/2010 2:21:48 PM - System Checkpoint
RP376: 8/26/2010 3:21:48 PM - System Checkpoint
RP377: 8/27/2010 4:21:48 PM - System Checkpoint
RP378: 8/28/2010 5:21:48 PM - System Checkpoint
RP379: 8/29/2010 6:21:48 PM - System Checkpoint
RP380: 8/30/2010 7:36:16 PM - System Checkpoint
RP381: 8/31/2010 8:22:53 PM - System Checkpoint
RP382: 9/1/2010 9:21:48 PM - System Checkpoint
RP383: 9/2/2010 9:22:46 PM - System Checkpoint
RP384: 9/3/2010 9:33:14 PM - System Checkpoint
RP385: 9/4/2010 10:21:53 PM - System Checkpoint
RP386: 9/5/2010 11:21:53 PM - System Checkpoint
RP387: 9/7/2010 12:21:53 AM - System Checkpoint
RP388: 9/12/2010 11:54:48 AM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.3
Agere Systems PCI-SV92PP Soft Modem
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar
AOL You've Got Pictures Screensaver
ATI - Software Uninstall Utility
ATI AVIVO Codecs
AzureBay Screen Saver
AzureBay Screen Saver 3.5
Brother MFL-Pro Suite MFC-495CW
BRPSS_Setup.SCR
Comcast Desktop Software (v1.2.0.9)
Coupon Printer for Windows
Desktop Doctor
DocProc
DocProcQFolder
FaxTalk Communicator SE 4.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 17
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Small Business
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Essentials
neroxml
Norton 360
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
PaperPort Image Printer
Pure Networks Port Magic
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
ScanSoft PaperPort 11
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Service Pack 3
WinZip

==== Event Viewer Messages From Past Week ========

9/13/2010 1:34:10 PM, error: Dhcp [1002] - The IP address lease 98.249.1.48 for the Network

Card with network address 002421A5186B has been denied by the DHCP server 0.0.0.0 (The DHCP

Server sent a DHCPNACK message).

==== End Of File ===========================



DDS (Ver_10-03-17.01) - NTFSx86
Run by Patrick at 16:05:50.12 on Mon 09/13/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1405 [GMT -4:00]

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Java\jre1.5.0_17\bin\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Patrick\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = hxxp://www.symantec.com/norton/products/toolbar/popup.jsp?pvid=n360v3_ss
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton

360\engine\3.8.0.41\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [CallControl 4.7] "c:\program files\faxtalk communicator\FTCtrl32.exe" /autoload
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all

users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_17\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\register.lnk - c:\program files\azurebay\azurebay screen

saver\Register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wallpa~1.lnk - c:\program files\azurebay\azurebay screen

saver\WPChanger.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - c:\program

files\java\jre1.5.0_17\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol

toolbar\toolbar.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www5.snapfish.com/SnapfishActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-1-27 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-1-27 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-1-27 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100909.001\IDSXpx86.sys [2010-9-12 331640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-1-27 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys

[2010-6-12 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100913.004\NAVENG.SYS [2010-9-13 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20100913.004\NAVEX15.SYS [2010-9-13 1362608]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-30 1684736]

=============== Created Last 30 ================


==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15:26 78336 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 16:05:57.62 ===============

PeteC 13th September 2010 20:21

Quote:

He complained about emails being sent from his PC that he didn't send
If the computer is clean the most likely scenario is that one of your friend's contacts has your friends's email address in his address book and that computer (the contact's) is compromised.

BillB 13th September 2010 20:55

Hi PeteC,

I was thinking kind of the same thing, but want to make sure there isn't any malware that the spyware programs missed.

broni 14th September 2010 02:46

We'll check, especially since MBAM apparently found something.
Both possible culprits are valid: someone else computer is infected and this one as well.

Please, disable "word wrap" in Notepad, because logs are hard to read.

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.



DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

BillB 14th September 2010 21:43

Hi Broni,

Here are the mbr and malwarebytes logs, the GMER program just stopped executing after a while, not sure why.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4614

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

9/14/2010 5:20:45 PM
mbam-log-2010-09-14 (17-20-45).txt

Scan type: Quick scan
Objects scanned: 131173
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xB7F11000 fltmgr.sys
0xB7EFF000 sr.sys
0xB7EB0000 SYMEFA.SYS
0xB7E99000 KSecDD.sys
0xB7E0C000 Ntfs.sys
0xB7DDF000 NDIS.sys
0xB7DC5000 Mup.sys
0xB82D8000 \SystemRoot\System32\DRIVERS\processr.sys
0xB373C000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xB3728000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xB3708000 \SystemRoot\System32\DRIVERS\Rtenicxp.sys
0xB82E8000 \SystemRoot\System32\DRIVERS\imapi.sys
0xB82F8000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB8308000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB36E5000 \SystemRoot\System32\DRIVERS\ks.sys
0xB8400000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xB36C1000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xB8408000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xB369C000 \SystemRoot\System32\DRIVERS\HDAudBus.sys
0xB8318000 \SystemRoot\System32\DRIVERS\serial.sys
0xB8598000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB8128000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xB8410000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xB8418000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xB3583000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xB85F2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB8420000 \SystemRoot\System32\Drivers\Modem.SYS
0xB85A4000 \SystemRoot\System32\DRIVERS\wmiacpi.sys
0xB8714000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB8138000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xB3DA1000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB356C000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB8148000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB8158000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB8428000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB355B000 \SystemRoot\System32\DRIVERS\psched.sys
0xB8168000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xB8430000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xB8438000 \SystemRoot\System32\DRIVERS\raspti.sys
0xB8440000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xB8178000 \SystemRoot\System32\DRIVERS\termdd.sys
0xB8448000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xB85F4000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB34D5000 \SystemRoot\System32\DRIVERS\update.sys
0xB3D8D000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xB8188000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xB8198000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB0DD3000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB0DAF000 \SystemRoot\system32\drivers\portcls.sys
0xB81E8000 \SystemRoot\system32\drivers\drmk.sys
0xB8608000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87D0000 \SystemRoot\System32\Drivers\Null.SYS
0xB860A000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8470000 \SystemRoot\System32\drivers\vga.sys
0xB860C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB860E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8478000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8480000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8590000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB0D54000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB0CFB000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB0C9F000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0xB0C79000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB0C54000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB8218000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB8488000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
0xB0C3F000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0xB8490000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMIDS.SYS
0xB0BEA000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100910.001\IDSxpx86.sys
0xB0BC2000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB0BA0000 \SystemRoot\System32\drivers\afd.sys
0xB8268000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB8278000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0xB0B7F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xB8498000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB0B54000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB0AE4000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xB8288000 \SystemRoot\System32\Drivers\Fips.SYS
0xB0A86000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB0A69000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB09EE000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0xB09AC000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0xB82A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB096C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB8616000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB0DA3000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8368000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB8717000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB05C0000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB036F000 \SystemRoot\system32\drivers\wdmaud.sys
0xB061C000 \SystemRoot\system32\drivers\sysaudio.sys
0xAFDA2000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB8662000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xAFCFB000 \SystemRoot\System32\DRIVERS\srv.sys
0xAF6A2000 \SystemRoot\System32\Drivers\HTTP.sys
0xAF5FF000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0xAF48B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100913.048\NAVEX15.SYS
0xAF3D7000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100913.048\NAVENG.SYS
0xB83C0000 \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
0xAF133000 \??\C:\DOCUME~1\Patrick\LOCALS~1\Temp\awadikod.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
848 C:\WINDOWS\system32\smss.exe
956 csrss.exe
980 C:\WINDOWS\system32\winlogon.exe
1024 C:\WINDOWS\system32\services.exe
1060 C:\WINDOWS\system32\lsass.exe
1216 C:\WINDOWS\system32\svchost.exe
1284 svchost.exe
1408 C:\WINDOWS\system32\svchost.exe
1528 svchost.exe
1656 svchost.exe
1836 C:\WINDOWS\system32\spoolsv.exe
208 C:\WINDOWS\explorer.exe
336 C:\WINDOWS\system32\rundll32.exe
344 C:\WINDOWS\RTHDCPL.EXE
360 C:\Program Files\FaxTalk Communicator\FTCtrl32.EXE
372 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
400 C:\Program Files\FaxTalk Communicator\fapiexe.exe
412 C:\Program Files\Real\RealPlayer\realplay.exe
572 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
688 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
752 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
1184 C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
544 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
1388 C:\WINDOWS\system32\ctfmon.exe
284 svchost.exe
1568 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
640 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
808 C:\WINDOWS\system32\nvsvc32.exe
1592 C:\WINDOWS\system32\HPZipm12.exe
2124 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
2244 C:\WINDOWS\system32\svchost.exe
2272 wdfmgr.exe
3932 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
4020 wmiprvse.exe
424 alg.exe
1176 C:\WINDOWS\system32\wscntfy.exe
132 C:\Program Files\Java\jre1.5.0_17\bin\jucheck.exe
3184 C:\Program Files\Norton 360\Engine\3.8.0.41\CLTLMH.EXE
884 C:\Documents and Settings\Patrick\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAKS-00M9A0, Rev: 05.01D05

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

broni 15th September 2010 00:53

So far, all good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

BillB 15th September 2010 13:20

Here's the combofix log;

ComboFix 10-09-14.04 - Patrick 09/15/2010 9:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1303 [GMT -4:00]
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\AV7

.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-08-27 00:45 . 2010-08-27 00:45 -------- d-----w- c:\documents and settings\Patrick\Local Settings\Application Data\Snapfish

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-13 19:07 . 2009-10-28 01:29 -------- d-----w- c:\documents and settings\Patrick\Application Data\MSN6
2010-09-13 18:09 . 2010-03-31 19:24 117760 ----a-w- c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-12 21:18 . 2010-03-31 19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 18:56 . 2009-08-30 23:29 60920 ----a-w- c:\documents and settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-30 12:31 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2002-08-29 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2009-08-30 23:26 78336 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2002-08-29 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2002-08-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-08-29 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-05-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"CallControl 4.7"="c:\program files\FAXTALK COMMUNICATOR\FTCtrl32.exe" [2007-06-26 180224]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 496752]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2009-09-10 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-10 98304]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 99480]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_17\bin\jusched.exe" [2008-11-10 75264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2009-9-10 156784]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Register.lnk - c:\program files\AzureBay\AzureBay Screen Saver\Register.exe [2006-8-10 323584]
Wallpaper Changer.lnk - c:\program files\AzureBay\AzureBay Screen Saver\WPChanger.exe [2007-3-8 57344]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA .sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [1/27/2010 11:25 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [1/27/2010 11:25 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [1/27/2010 11:25 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100910.001\IDSXpx86.sys [9/14/2010 12:51 PM 331640]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [1/27/2010 11:25 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/12/2010 2:39 AM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/30/2009 6:52 PM 1684736]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = hxxp://www.symantec.com/norton/products/toolbar/popup.jsp?pvid=n360v3_ss
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-15 09:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\:§w jY*]
"DisplayName"="??\08\17?\11\09"
"DeviceDesc"="??\08\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"d:\\chipset\\amd\\xp\\sbdrv\\smbus\\smbusati.inf \00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2880)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-09-15 09:09:03
ComboFix-quarantined-files.txt 2010-09-15 13:09

Pre-Run: 308,573,888,512 bytes free
Post-Run: 308,616,445,952 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 3646FB7046B4811758EC4C03BC44024A

broni 15th September 2010 23:22

Looks good :)

Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

BillB 16th September 2010 13:58

Here are the new logs;

OTL logfile created on: 9/16/2010 9:55:13 AM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Patrick\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 287.44 Gb Free Space | 96.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: N-F17JR8N32TRA0
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/16 09:52:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe
PRC - [2009/09/10 19:37:10 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2009/08/22 04:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/01/19 09:37:10 | 001,150,976 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/11/26 11:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/11/10 03:47:30 | 000,251,392 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_17\bin\jucheck.exe
PRC - [2008/11/10 03:47:30 | 000,075,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
PRC - [2008/10/24 12:44:34 | 000,872,448 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/07/10 00:07:00 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 14:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/26 12:02:12 | 000,180,224 | ---- | M] (Thought Communications, Inc.) -- C:\Program Files\FaxTalk Communicator\FTCtrl32.EXE
PRC - [2007/06/25 23:13:56 | 000,025,088 | R--- | M] (Thought Communications, Inc.) -- C:\Program Files\FaxTalk Communicator\fapiexe.exe
PRC - [2007/03/08 16:36:28 | 000,057,344 | ---- | M] (AzureBay) -- C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/10/18 16:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/05/07 16:53:52 | 000,156,784 | -H-- | M] (America Online, Inc.) -- C:\Program Files\America Online 9.0\aoltray.exe
PRC - [2004/04/07 12:07:34 | 000,496,752 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2010/09/16 09:52:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe
MOD - [2009/08/22 04:14:06 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\asOEHook.dll
MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/19 15:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/08/22 04:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/06/29 08:29:30 | 000,184,373 | ---- | M] () [Auto | Stopped] -- C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe -- (AOLService)
SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Patrick\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/13 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100914.052\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100914.052\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100910.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/26 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/26 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/10/08 20:08:14 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/09/10 19:37:12 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2009/08/22 04:14:09 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 04:14:09 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 04:14:09 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 04:14:09 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 04:14:09 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 04:14:09 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 04:14:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 04:14:09 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/22 04:14:09 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/22 04:13:59 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/22 04:13:59 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/03/30 05:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/27 02:33:42 | 000,130,816 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/01/23 14:59:06 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/05/16 14:31:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/09/03 10:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/25 04:24:30 | 001,149,888 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/14 03:18:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2002/08/29 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [CallControl 4.7] C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe (Thought Communications, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Pure Networks Port Magic] C:\Program Files\Pure Networks\Port Magic\PortAOL.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe (AzureBay)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe (AzureBay)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\NPJPI150_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www5.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5...ndows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/30 18:08:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/16 09:52:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe
[2010/09/16 09:51:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/15 09:05:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/15 09:04:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/15 09:04:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/15 09:04:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/15 09:04:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/15 09:04:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/15 09:04:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/14 16:04:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/26 20:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Patrick\Local Settings\Application Data\Snapfish
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/16 09:53:21 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/16 09:53:21 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/16 09:53:21 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/16 09:52:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe
[2010/09/16 09:49:07 | 005,760,054 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\sswpprep.bmp
[2010/09/16 09:49:07 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\AzureBay.bmp
[2010/09/16 09:49:07 | 000,092,406 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\cal.bmp
[2010/09/16 09:49:07 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\ScreenSaver.ini
[2010/09/16 09:49:04 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/16 09:49:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/16 09:49:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/16 09:49:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/15 09:21:13 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Patrick\NTUSER.DAT
[2010/09/15 09:21:13 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Patrick\ntuser.ini
[2010/09/15 09:21:06 | 004,313,314 | -H-- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\IconCache.db
[2010/09/15 09:08:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/15 09:05:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/15 08:27:01 | 003,845,170 | R--- | M] () -- C:\Documents and Settings\Patrick\Desktop\ComboFix.exe
[2010/09/14 16:06:17 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\ssprep.bmp
[2010/09/14 12:43:50 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\MBRCheck.exe
[2010/09/14 12:43:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\fo67osws.exe
[2010/09/13 16:03:35 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\dds.scr
[2010/09/13 15:14:02 | 000,000,729 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/12 11:32:36 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\Malwarebytes.doc
[2010/09/12 11:31:59 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\Microsoft Word.lnk
[2010/08/28 17:35:31 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\August 28.docpersonal day.doc
[2010/08/20 19:18:05 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\AUGUST 2010.doc Merchandiser.doc
[2010/08/13 03:21:03 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 03:04:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/08 20:53:57 | 000,128,000 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\My Rental QuoteTruck Rental Home.doc
[2010/08/08 14:56:52 | 000,060,920 | ---- | M] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/28 08:42:45 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\Atkinson,Patrick RESUME'1.doc
[2010/07/24 20:05:05 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/06/27 18:20:33 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\atkinsonpatrick54.doc
[2010/06/27 18:02:25 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Patrick\My Documents\Atkinson,Patrick RESUME'.doc
[2010/06/27 12:32:42 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wallpaper Changer.lnk
[2010/06/27 12:32:42 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Register.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/15 09:05:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/15 09:05:22 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/15 09:04:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/15 09:04:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/15 09:04:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/15 09:04:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/15 09:04:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/15 08:26:47 | 003,845,170 | R--- | C] () -- C:\Documents and Settings\Patrick\Desktop\ComboFix.exe
[2010/09/14 12:43:50 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\MBRCheck.exe
[2010/09/14 12:43:38 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\fo67osws.exe
[2010/09/13 16:03:34 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Patrick\Desktop\dds.scr
[2010/09/12 11:32:36 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\Malwarebytes.doc
[2010/08/28 17:35:30 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\August 28.docpersonal day.doc
[2010/08/20 19:16:24 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\AUGUST 2010.doc Merchandiser.doc
[2010/08/08 20:53:56 | 000,128,000 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\My Rental QuoteTruck Rental Home.doc
[2010/06/27 18:20:33 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\atkinsonpatrick54.doc
[2010/06/27 18:02:47 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\Atkinson,Patrick RESUME'1.doc
[2010/06/27 18:01:06 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Patrick\My Documents\Atkinson,Patrick RESUME'.doc
[2009/12/13 12:51:36 | 005,760,054 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\sswpprep.bmp
[2009/12/13 12:51:36 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\AzureBay.bmp
[2009/12/13 12:51:36 | 000,092,406 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\cal.bmp
[2009/12/13 12:51:12 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\ssprep.bmp
[2009/12/13 12:50:52 | 000,000,981 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\AzureBay.ini
[2009/12/13 12:49:53 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\Patrick\Local Settings\Application Data\ScreenSaver.ini
[2009/11/26 17:18:13 | 000,000,242 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/11/26 17:18:13 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/11/26 17:17:57 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/11/26 17:16:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/11/26 17:16:56 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/11/26 17:14:54 | 000,031,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/10 20:09:09 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/09/10 20:05:49 | 000,004,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/31 13:01:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/30 18:58:35 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/08/30 18:46:44 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/08/30 18:46:44 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/08/30 18:46:44 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/08/30 18:46:44 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/08/30 18:46:44 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/05/27 18:22:46 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\3dlWinMn.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 11:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/08/31 13:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/11/26 17:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/11/18 11:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/31 15:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/31 12:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thought Communications
[2009/09/10 19:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/08 20:08:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/30 18:08:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/30 19:26:29 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/15 09:05:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/15 09:09:04 | 000,009,101 | ---- | M] () -- C:\ComboFix.txt
[2009/08/30 18:08:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/30 18:08:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/12 17:18:44 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/08/30 18:08:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/30 19:25:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/09/08 16:13:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/16 09:49:00 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/08/30 18:08:43 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/04/10 14:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2007/03/08 19:12:30 | 000,782,412 | ---- | M] (AzureBay) -- C:\WINDOWS\AzureBay.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/08/30 12:55:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/30 12:55:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/30 12:55:18 | 000,409,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/09/08 16:17:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/08 16:22:26 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/08/30 18:11:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Patrick\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/15 08:27:01 | 003,845,170 | R--- | M] () -- C:\Documents and Settings\Patrick\Desktop\ComboFix.exe
[2010/09/14 12:43:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\fo67osws.exe
[2010/09/14 12:43:50 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Patrick\Desktop\MBRCheck.exe
[2010/09/16 09:52:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Patrick\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/02/14 14:40:20 | 001,068,544 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\Patrick\My Documents\CouponPrinter.exe
[2009/04/07 21:09:10 | 074,949,944 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Patrick\My Documents\N360S300EN.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/08 16:22:26 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Patrick\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/16 09:54:07 | 000,425,984 | ---- | M] () -- C:\Documents and Settings\Patrick\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 20:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/29 08:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/29 08:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/29 08:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/29 08:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

BillB 16th September 2010 13:59

OTL Extras logfile created on: 9/16/2010 9:55:13 AM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Patrick\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 287.44 Gb Free Space | 96.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: N-F17JR8N32TRA0
Current User Name: Patrick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = aolfile_HTM] -- C:\Program Files\America Online 9.0\aol.exe (America Online, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- C:\PROGRA~1\AMERIC~1.0\aol.exe -u"%1" (America Online, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-495CW
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4477B161-C8F1-42D3-85B0-2037760CA86C}" = FaxTalk Communicator SE 4.7
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66B6D13A-9CC1-417D-B6F2-58AA539D1033}" = Nero 7 Essentials
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{958A793F-F1D2-4A90-B6A5-C52E2D74E8FE}" = AzureBay Screen Saver 3.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AzureBay" = AzureBay Screen Saver
"BRPSS_Setup.SCR" = BRPSS_Setup.SCR
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Port Magic" = Pure Networks Port Magic
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/12/2010 5:54:24 PM | Computer Name = N-F17JR8N32TRA0 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/09/12 17:54:24.390]: [00001256]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 9/12/2010 5:54:25 PM | Computer Name = N-F17JR8N32TRA0 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/09/12 17:54:25.890]: [00001256]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 9/12/2010 5:54:27 PM | Computer Name = N-F17JR8N32TRA0 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/09/12 17:54:27.390]: [00001256]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 9/12/2010 5:54:28 PM | Computer Name = N-F17JR8N32TRA0 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/09/12 17:54:28.890]: [00001256]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 9/12/2010 5:54:30 PM | Computer Name = N-F17JR8N32TRA0 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/09/12 17:54:30.390]: [00001256]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 9/12/2010 5:54:31 PM | Computer Name = N-F17JR8N32TRA0 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/09/12 17:54:31.890]: [00001256]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 9/12/2010 5:54:33 PM | Computer Name = N-F17JR8N32TRA0 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/09/12 17:54:33.390]: [00001256]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 9/12/2010 5:54:34 PM | Computer Name = N-F17JR8N32TRA0 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/09/12 17:54:34.890]: [00001256]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 9/12/2010 5:54:36 PM | Computer Name = N-F17JR8N32TRA0 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/09/12 17:54:36.390]: [00001256]: lperrcode->api
= 1 , lperrcode->code = 2

Error - 9/12/2010 5:54:37 PM | Computer Name = N-F17JR8N32TRA0 | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2010/09/12 17:54:37.890]: [00001256]: lperrcode->api
= 1 , lperrcode->code = 2

[ System Events ]
Error - 8/15/2010 5:26:46 PM | Computer Name = N-F17JR8N32TRA0 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.20
on the Network Card with network address 002421A5186B.

Error - 9/2/2010 4:24:39 PM | Computer Name = N-F17JR8N32TRA0 | Source = Dhcp | ID = 1002
Description = The IP address lease 71.63.56.78 for the Network Card with network
address 002421A5186B has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 9/2/2010 4:24:45 PM | Computer Name = N-F17JR8N32TRA0 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/2/2010 4:24:45 PM | Computer Name = N-F17JR8N32TRA0 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 9/2/2010 4:25:59 PM | Computer Name = N-F17JR8N32TRA0 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 9/2/2010 4:25:59 PM | Computer Name = N-F17JR8N32TRA0 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 9/2/2010 4:26:46 PM | Computer Name = N-F17JR8N32TRA0 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.20
on the Network Card with network address 002421A5186B.

Error - 9/13/2010 1:34:10 PM | Computer Name = N-F17JR8N32TRA0 | Source = Dhcp | ID = 1002
Description = The IP address lease 98.249.1.48 for the Network Card with network
address 002421A5186B has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 9/14/2010 4:04:26 PM | Computer Name = N-F17JR8N32TRA0 | Source = Service Control Manager | ID = 7017
Description = Detected circular dependencies demand starting Remote Access Connection
Manager.

Error - 9/14/2010 5:06:15 PM | Computer Name = N-F17JR8N32TRA0 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the N360 service.


< End of report >

broni 17th September 2010 00:21

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:

    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2009/09/10 19:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint


    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Go to Kaspersky website and perform an online antivirus scan.
  • Disable your active antivirus program.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

BillB 17th September 2010 02:36

Updated Java and removed old version. Here are the logs you requested;

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ deleted successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\WINDOWS\002058_.tmp deleted successfully.
C:\WINDOWS\005139_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SETA.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Patrick
->Temp folder emptied: 10242259 bytes
->Temporary Internet Files folder emptied: 13872744 bytes
->Java cache emptied: 6532011 bytes
->Flash cache emptied: 20530 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Patrick
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09162010_204709

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\JET82EB.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1b4.dat not found!

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton 360
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
America Online 9.0 aoltray.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 16, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 16, 2010 22:28:32
Records in database: 4216728
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 44901
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 00:34:55

No threats found. Scanned area is clean.

Selected area has been scanned.

broni 17th September 2010 02:39

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop« Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop« Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

http://i7.photobucket.com/albums/y25...stallation.png

make sure, you have both boxes UN-checked AND (important!) click on Decline button

===============================================================

Your computer is clean :)

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.

BillB 17th September 2010 02:52

Here's the latest OTL log. The machine is doing a lot better. I've opened his email client and received and sent email and it seems to be working fine. His biggest complaint seemed to be problems with email. I'm going to run the defrag and install WOT as well. It is much improved over when I first booted it up. Appreciate the help.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Patrick
->Temp folder emptied: 108971129 bytes
->Temporary Internet Files folder emptied: 3033803 bytes
->Java cache emptied: 128101 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 107.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Patrick
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.12.1 log created on 09162010_224236

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\JET85BA.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_2d8.dat moved successfully.

Registry entries deleted on Reboot...

broni 17th September 2010 02:57

You're very welcome :)

Good luck to your friend with better working computer :)


All times are GMT. The time now is 05:21.

Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright ę 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy

Page generated in 0.15803 seconds with 7 queries