TechSpot

Is this ToughBook clean ?

By al davis
Nov 22, 2010
  1. Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5151

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/19/2010 10:13:30 AM
    mbam-log-2010-11-19 (10-13-30).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 214520
    Time elapsed: 53 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-11-22 07:00:19
    Windows 5.1.2600 Service Pack 3
    Running: bco3fvo5.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awdiruow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8993A4A8 ZwAlertResumeThread
    SSDT 899394B0 ZwAlertThread
    SSDT 899E0148 ZwAllocateVirtualMemory
    SSDT 899580B0 ZwAssignProcessToJobObject
    SSDT 89767500 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA4265720]
    SSDT 89935D50 ZwCreateMutant
    SSDT 8974FEE8 ZwCreateSymbolicLinkObject
    SSDT 8981B248 ZwCreateThread
    SSDT 89956D50 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA42659A0]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA4265F00]
    SSDT 899E6B50 ZwDuplicateObject
    SSDT 89B089D0 ZwFreeVirtualMemory
    SSDT 8993ACE0 ZwImpersonateAnonymousToken
    SSDT 8993A620 ZwImpersonateThread
    SSDT 8981B9F8 ZwLoadDriver
    SSDT 89C94730 ZwMapViewOfSection
    SSDT 8993ADB8 ZwOpenEvent
    SSDT 899FC4E8 ZwOpenProcess
    SSDT 89938E58 ZwOpenProcessToken
    SSDT 89951AD8 ZwOpenSection
    SSDT 899F54A0 ZwOpenThread
    SSDT 8987F0F8 ZwProtectVirtualMemory
    SSDT 899393D8 ZwResumeThread
    SSDT 89938008 ZwSetContextThread
    SSDT 89BC9C98 ZwSetInformationProcess
    SSDT 899561E0 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA4266150]
    SSDT 8993AE90 ZwSuspendProcess
    SSDT 89939300 ZwSuspendThread
    SSDT 89938BE8 ZwTerminateProcess
    SSDT 89939228 ZwTerminateThread
    SSDT 89938F30 ZwUnmapViewOfSection
    SSDT 89C8F8C0 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2CB4 80504550 8 Bytes CALL C8D9BA53
    .text ntkrnlpa.exe!ZwCallbackReturn + 2DCC 80504668 8 Bytes CALL D8D9E631
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 8 Bytes CALL A8D9DC14
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  3. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 7:06:52.35 on Mon 11/22/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1494 [GMT -5:00]

    AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\fpapli.exe
    C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
    C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Panasonic\WSwitch\WSwitch.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Documents and Settings\Administrator\Desktop\virus_et_al\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun: [Hotkey] c:\windows\system32\hkeyman.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [scroller] fpapli.exe
    mRun: [gemstrmw] c:\windows\system32\gemstrmw.exe /r
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [PRunOnce] c:\util\prunonce\PRunOnce.exe
    mRun: [PCinfo] c:\program files\panasonic\pcinfo\SetDiag.exe /FirstLogin
    mRun: [Panasonic HotKey Manager] "c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE"
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [WSwitch] c:\program files\panasonic\wswitch\WSwitch.exe
    mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
    mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimage\TimounterMonitor.exe
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188767369515
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    Hosts: 192.168.0.250 CMIDGITS
    Hosts: 192.168.0.81 CDAS
    Hosts: 192.168.0.76 DILWORTH

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\avqu5877.default\
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-11-16 339504]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-11-16 666672]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20101104.001\BHDrvx86.sys [2010-11-3 691248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-11-16 134704]
    R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\panasonic\brecal\Brecal.sys [2006-12-25 7168]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2010-11-16 126904]
    R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\panasonic\pcinfo\PCINFO.sys [2006-12-25 8192]
    R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\panasonic\pcinfo\PCInfoSV.exe [2006-12-25 90112]
    R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\panasonic\sdkey\SDKEY.sys [2006-12-25 8192]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-1 102448]
    R3 FIDMOU;Fujitsu touchpad;c:\windows\system32\drivers\Fidmou.sys [2006-12-25 23463]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20101119.001\IDSXpx86.sys [2010-10-19 341880]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-12-25 36352]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20101120.002\NAVENG.SYS [2010-11-20 86064]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20101120.002\NAVEX15.SYS [2010-11-20 1371184]
    R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2007-6-6 42624]
    S3 FIDTPU;Fujitsu Touch Panel (USB);c:\windows\system32\drivers\FIDTPU.sys [2006-12-25 27031]
    S3 GTWINSER;GTWINSER;c:\windows\system32\drivers\GTwinSER.sys [2006-12-25 66912]
    S3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP;c:\rsi\idl63\bin\bin.x86\idl_dicomexstorscp.exe [2006-3-27 49152]
    S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2004-10-26 31375]
    S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [2007-9-3 727908]
    S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [2007-9-3 44928]

    =============== Created Last 30 ================

    2010-11-16 15:41:57 0 d-----w- c:\docume~1\admini~1\applic~1\Tific
    2010-11-11 18:52:12 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2010-11-11 18:52:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-11 18:52:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-11 18:52:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-11-11 18:52:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-11 16:56:09 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-11-11 16:56:09 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-11-11 16:55:14 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

    ==================== Find3M ====================

    2010-11-16 13:37:20 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-11-16 13:37:20 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-11-16 13:37:20 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-16 13:37:20 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2009-04-06 12:47:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040620090407\index.dat

    ============= FINISH: 7:07:27.93 ===============
     
  4. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/1/2007 2:14:40 PM
    System Uptime: 11/22/2010 7:02:20 AM (0 hours ago)

    Motherboard: Matsushita Electric Industrial Co.,Ltd. | | CF30-1
    Processor: Intel(R) Core(TM) Duo CPU L2400 @ 1.66GHz | IC1 | 1662/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 75 GiB total, 37.648 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP247: 9/9/2010 12:12:05 PM - Software Distribution Service 3.0
    RP248: 9/18/2010 12:26:41 PM - Software Distribution Service 3.0
    RP249: 9/19/2010 11:30:38 AM - Software Distribution Service 3.0
    RP250: 9/20/2010 7:48:35 PM - System Checkpoint
    RP251: 9/21/2010 9:53:34 PM - System Checkpoint
    RP252: 9/24/2010 5:08:34 PM - System Checkpoint
    RP253: 9/29/2010 2:26:48 PM - System Checkpoint
    RP254: 11/11/2010 12:00:04 PM - Software Distribution Service 3.0
    RP255: 11/16/2010 12:28:01 PM - System Checkpoint
    RP256: 11/18/2010 12:27:09 PM - Installed ENVI 4.8

    ==== Installed Programs ======================

    7-Zip 4.42
    Acronis*True*Image
    Adobe Reader 9.3
    AgRemote Version 2.52
    Backer 5.04
    Battery Recalibration
    Bluetooth Stack for Windows by Toshiba
    CCleaner (remove only)
    Core FTP LE 1.3c
    DMI Viewer
    ENVI 4.7
    ENVI 4.7 SP1
    ENVI 4.8
    FliteStar
    Global Mapper 11
    Global Mapper 9
    Google Earth
    HDAUDIO V.92 Soft Data Fax Modem with SmartCP
    High Definition Audio Driver Package - KB888111
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HotKey Appendix
    Hotkey Driver for Panasonic PC
    Hotkey Settings
    Icon Enlarger
    InstallMgr
    Intel Matrix Storage Manager
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    Java Auto Updater
    Java(TM) 6 Update 20
    JGsoft EditPad Pro 4.5.2
    Keyspan USB Serial Adapter
    Loupe Utility
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    mCore
    mDriver
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 6.0 Professional Edition
    MIGITS Command and Control 1.01
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox (3.6.3)
    mPfMgr
    mPfWiz
    mProSafe
    MSDN Library - Visual Studio 6.0a
    MSN Toolbar
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    mZConfig
    Norton Internet Security
    OGA Notifier 2.0.0048.0
    Panasonic Common Components
    Panasonic Hand Writing 4
    Panasonic Misc Driver
    PC Information Viewer
    PDFCreator
    POS AV Controller 2.3
    RSI ENVI 4.3
    SD Utility
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    touchpad
    Update for Windows Internet Explorer 8 (KB969497)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VNC 3.3.7
    VNC Free Edition 4.1.2
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player 10 Hotfix [See KB887626 for more information]
    Windows XP Service Pack 3
    Wireless Switch Utility

    ==== Event Viewer Messages From Past Week ========

    11/19/2010 8:58:41 AM, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 8:58:41 AM, error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 8:58:41 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 8:58:41 AM, error: Service Control Manager [7034] - The Panasonic PC Information Viewer service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 8:58:41 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 8:58:41 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 8:58:41 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 8:58:41 AM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 8:58:41 AM, error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 8:58:40 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    11/19/2010 8:47:59 AM, error: NetBT [4321] - The name "DAEDALUS :1d" could not be registered on the Interface with IP address 192.168.0.70. The machine with the IP address 192.168.0.69 did not allow the name to be claimed by this machine.
    11/19/2010 8:47:31 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    11/18/2010 2:15:11 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
    11/16/2010 8:42:13 AM, error: NetBT [4321] - The name "DAEDALUS :1d" could not be registered on the Interface with IP address 192.168.0.70. The machine with the IP address 192.168.0.70 did not allow the name to be claimed by this machine.

    ==== End Of File ===========================
     
  5. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    a rootkit was reported earlier
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You have 3 Active threads going that Broni is helping with:
    Confikcer virus help on computer touch> http://www.techspot.com/vb/topic156658.html
    Conficker virus on computer china_dell> http://www.techspot.com/vb/topic156629.html
    Need help with Conflicker virus> http://www.techspot.com/vb/topic156414.html


    And there was one Solved previously:
    Win32:Inject=XP[trj]

    Is Is this ToughBook clean ? yet another system?

    I read that you had a network of computers, but I have to wonder if you're running this many, why there is no IT helping. Normally, we help members clean their home PC.
     
  7. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    Yes. I was concerned about overstaying my welcome. I'll stop.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Where/when was it?
     
  9. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    Malwarebytes reported and removed a rootkit about 2 weeks ago. The machine has been turned off until yesterday
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 151):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB9F4A000 pcmcia.sys
    0xBA0B8000 MountMgr.sys
    0xB9F2B000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F05000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA4C4000 ACPIEC.sys
    0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xBA0C8000 VolSnap.sys
    0xB9EED000 atapi.sys
    0xB9E17000 iaStor.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9DF7000 fltmgr.sys
    0xB9DA0000 SYMDS.SYS
    0xB9D8E000 sr.sys
    0xB9CE5000 SYMEFA.SYS
    0xB9CCE000 KSecDD.sys
    0xB9C41000 Ntfs.sys
    0xB9C14000 NDIS.sys
    0xB9BB5000 timntr.sys
    0xB9B9C000 snapman.sys
    0xBA0F8000 ohci1394.sys
    0xBA108000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xB9B82000 Mup.sys
    0xBA2F8000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xB93F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xB93F5000 \SystemRoot\system32\DRIVERS\HOTKEY.SYS
    0xB8E28000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB7B74000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xB7B60000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB7B38000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB79DB000 \SystemRoot\system32\DRIVERS\w39n51.sys
    0xB799E000 \SystemRoot\system32\DRIVERS\yk51x86.sys
    0xBA448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB797A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA458000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB7966000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xB8E18000 \SystemRoot\system32\DRIVERS\serial.sys
    0xB93F1000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xB7952000 \SystemRoot\system32\DRIVERS\parport.sys
    0xB8E08000 \SystemRoot\system32\DRIVERS\IFXTPM.SYS
    0xB8DF8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA460000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA468000 \SystemRoot\system32\DRIVERS\Fidmou.sys
    0xBA470000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xB8DE8000 \SystemRoot\System32\Drivers\tosrfcom.sys
    0xBA78D000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB8DD8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB93ED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB793B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB7D25000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB7D15000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA478000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB792A000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB7D05000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA480000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA488000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBA61C000 \SystemRoot\System32\Drivers\RootMdm.sys
    0xBA490000 \SystemRoot\System32\Drivers\Modem.SYS
    0xB78FA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB7CF5000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB7CE5000 \SystemRoot\system32\DRIVERS\SymIM.sys
    0xBA61E000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB78D7000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB7879000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9B52000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB7CD5000 \SystemRoot\system32\DRIVERS\newmisc.sys
    0xB7CC5000 \SystemRoot\system32\DRIVERS\tosporte.sys
    0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA2C43000 \SystemRoot\system32\drivers\sthda.sys
    0xA2C1F000 \SystemRoot\system32\drivers\portcls.sys
    0xA405F000 \SystemRoot\system32\drivers\drmk.sys
    0xA2B4D000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    0xA2A59000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    0xA29A8000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xA403F000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5C0000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA5C8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xA406F000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5CA000 \SystemRoot\System32\Drivers\Beep.SYS
    0xA4C57000 \SystemRoot\System32\drivers\vga.sys
    0xBA5CC000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5CE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA4C4F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xA4C47000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA7017000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA2939000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA28E0000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA287D000 \SystemRoot\system32\drivers\NIS\1201000.025\SYMTDI.SYS
    0xA2857000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA2831000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xA401F000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA400F000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xA1736000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101122.004\IDSxpx86.sys
    0xA170E000 \SystemRoot\system32\DRIVERS\netbt.sys
    0x9FF60000 \SystemRoot\System32\drivers\afd.sys
    0xBA248000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9F781000 \SystemRoot\system32\drivers\NIS\1201000.025\Ironx86.SYS
    0x9C343000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x9C480000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x9BECE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x9BBFE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xA2984000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x9B8D4000 \SystemRoot\system32\drivers\NIS\1201000.025\SRTSPX.SYS
    0x9B5DA000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x9B56A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9B8A4000 \SystemRoot\System32\Drivers\Fips.SYS
    0x9B50C000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x9B4EF000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x9B443000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
    0x9B36D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0x9F548000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9B968000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA689000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04D000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1AE000 \SystemRoot\System32\igxpdx32.DLL
    0xBA390000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
    0xBA3B0000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0x9F217000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0x9EADF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9B290000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB7CB5000 \SystemRoot\system32\drivers\sysaudio.sys
    0x9B11D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA65CB000 \??\C:\Program Files\Panasonic\BRECAL\Brecal.sys
    0x9B162000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9B075000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA65BB000 \??\C:\Program Files\Panasonic\PCINFO\pcinfo.sys
    0xA65B3000 \??\C:\Program Files\Panasonic\SDKEY\SDKEY.SYS
    0x9AD4C000 \SystemRoot\System32\Drivers\NIS\1201000.025\SRTSP.SYS
    0x9ABD6000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101123.002\NAVEX15.SYS
    0x9ABC2000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101123.002\NAVENG.SYS
    0x9A541000 \SystemRoot\System32\Drivers\HTTP.sys
    0x9A1F6000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 57):
    0 System Idle Process
    4 System
    1416 C:\WINDOWS\system32\smss.exe
    1520 csrss.exe
    1544 C:\WINDOWS\system32\winlogon.exe
    1588 C:\WINDOWS\system32\services.exe
    1600 C:\WINDOWS\system32\lsass.exe
    1772 C:\WINDOWS\system32\svchost.exe
    1852 svchost.exe
    260 C:\WINDOWS\system32\svchost.exe
    328 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    356 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    436 svchost.exe
    652 svchost.exe
    944 C:\WINDOWS\system32\spoolsv.exe
    1056 scardsvr.exe
    1448 svchost.exe
    1496 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    1744 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    1812 C:\Program Files\Java\jre6\bin\jqs.exe
    1916 C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    448 C:\Program Files\Panasonic\PCINFO\PCInfoSV.exe
    508 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    644 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    800 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    904 wdfmgr.exe
    1644 C:\Program Files\RealVNC\VNC4\winvnc4.exe
    288 C:\WINDOWS\system32\wuauclt.exe
    2436 wmiprvse.exe
    2576 C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    3068 alg.exe
    3128 C:\WINDOWS\explorer.exe
    3296 C:\WINDOWS\system32\igfxtray.exe
    3312 C:\WINDOWS\system32\hkcmd.exe
    3336 C:\WINDOWS\system32\igfxpers.exe
    3356 C:\WINDOWS\system32\FPapli.exe
    3400 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3448 C:\Program Files\Panasonic\HotKey Appendix\hkeyapp.exe
    3456 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    3480 C:\Program Files\Panasonic\WSwitch\WSwitch.exe
    3488 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    3528 C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    3544 C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
    3552 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    3608 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3656 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    3732 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    3812 wmiprvse.exe
    3852 C:\Program Files\Internet Explorer\iexplore.exe
    3944 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    2676 C:\Program Files\Internet Explorer\iexplore.exe
    1224 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    2692 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    1320 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    3712 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    3424 C:\Program Files\Internet Explorer\iexplore.exe
    1092 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: HitachiHTS541680J9SA00, Rev: SB2OC70P
    PhysicalDrive1 Model Number: HitachiHTS545050B9A300, Rev:

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
    SHA1: 77B9FBD3DAD62FB08DA1DFAAD89DCAC64093C783


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  12. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    ComboFix 10-11-23.04 - Administrator 11/24/2010 6:34.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1508 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\win.ini

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-24 to 2010-11-24 )))))))))))))))))))))))))))))))
    .

    2010-11-16 15:41 . 2010-11-16 15:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
    2010-11-16 15:41 . 2010-11-16 15:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
    2010-11-16 13:36 . 2010-11-16 13:37 -------- d-----w- c:\windows\system32\drivers\NIS\1201000.025
    2010-11-11 18:52 . 2010-11-11 18:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-11-11 18:52 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-11 18:52 . 2010-11-11 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-11-11 18:52 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-11 18:52 . 2010-11-11 18:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-11 16:56 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2010-11-11 16:56 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2010-11-11 16:55 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-16 13:37 . 2009-12-16 13:50 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-11-16 13:37 . 2009-12-16 13:50 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-09-18 17:23 . 2006-12-25 14:06 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2006-12-25 14:06 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2006-12-25 14:06 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2006-12-25 14:06 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58 . 2006-12-25 14:07 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2006-12-25 14:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2006-12-25 14:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-01 11:51 . 2006-12-25 14:05 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2006-12-25 14:07 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02 . 2006-12-25 14:07 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2006-12-25 14:07 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2006-12-25 14:07 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2009-05-20 14:15 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
    "scroller"="fpapli.exe" [2006-08-01 69780]
    "gemstrmw"="c:\windows\system32\gemstrmw.exe" [2006-08-24 24576]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2004-08-06 110592]
    "PCinfo"="c:\program files\Panasonic\PCINFO\SetDiag.exe" [2006-04-22 45056]
    "Panasonic HotKey Manager"="c:\program files\Panasonic\HotKey Appendix\HKEYAPP.EXE" [2006-09-29 983040]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
    "WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2007-03-20 726672]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2006-06-01 1106562]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImage\TimounterMonitor.exe" [2006-06-01 1827640]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-06-01 126976]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-5 421888]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Applanix\\Posav\\Posav.exe"=
    "c:\\Program Files\\CoreFTP\\coreftp.exe"=

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SymDS.sys [11/16/2010 8:37 AM 339504]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SymEFA.sys [11/16/2010 8:37 AM 666672]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys [11/3/2010 7:07 PM 691248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.sys [11/16/2010 8:37 AM 134704]
    R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\Panasonic\BRECAL\Brecal.sys [12/25/2006 6:41 PM 7168]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [11/16/2010 8:37 AM 126904]
    R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\Panasonic\PCINFO\PCINFO.sys [12/25/2006 6:50 PM 8192]
    R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\PCINFO\PCInfoSV.exe [12/25/2006 6:50 PM 90112]
    R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\Panasonic\SDKEY\SDKEY.sys [12/25/2006 6:51 PM 8192]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/1/2010 10:22 AM 102448]
    R3 FIDMOU;Fujitsu touchpad;c:\windows\system32\drivers\Fidmou.sys [12/25/2006 9:10 AM 23463]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101122.004\IDSXpx86.sys [10/19/2010 3:36 PM 341880]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/25/2006 9:10 AM 36352]
    R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [6/6/2007 7:13 PM 42624]
    S3 FIDTPU;Fujitsu Touch Panel (USB);c:\windows\system32\drivers\FIDTPU.sys [12/25/2006 9:11 AM 27031]
    S3 GTWINSER;GTWINSER;c:\windows\system32\drivers\GTwinSER.sys [12/25/2006 5:58 PM 66912]
    S3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP;c:\rsi\IDL63\bin\bin.x86\idl_dicomexstorscp.exe [3/27/2006 4:45 PM 49152]
    S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [10/26/2004 6:15 PM 31375]
    S3 USA19H;USA19H;c:\windows\system32\drivers\USA19H2k.sys [9/3/2007 7:25 AM 727908]
    S3 USA19H2KP;Keyspan USB Serial Port Driver;c:\windows\system32\drivers\USA19H2kp.sys [9/3/2007 7:25 AM 44928]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\avqu5877.default\
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-24 06:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3433957912-3719340694-2889653568-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,ff,58,dd,48,52,21,45,bc,80,b1,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,ff,58,dd,48,52,21,45,bc,80,b1,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3860)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\RealVNC\VNC4\WinVNC4.exe
    c:\windows\system32\fpapli.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-24 06:45:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-24 11:45

    Pre-Run: 40,234,852,352 bytes free
    Post-Run: 40,119,545,856 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - F2C5C4D6A0E76424883533BE702A3DB3
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    I'm at 'grandmas house' for the hoiiday. i'll pick this up Tuesday,

    Al
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    OK................
     
  16. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    OTL logfile created on: 11/30/2010 6:42:26 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 37.43 Gb Free Space | 50.23% Space Free | Partition Type: NTFS

    Computer Name: FIREMAPPER | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/30 06:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/07/23 00:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/20 18:37:38 | 000,726,672 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\WSwitch\WSwitch.exe
    PRC - [2006/12/20 20:17:16 | 002,752,512 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    PRC - [2006/12/18 18:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    PRC - [2006/11/01 01:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    PRC - [2006/10/27 23:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    PRC - [2006/09/29 00:17:52 | 000,983,040 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\HotKey Appendix\hkeyapp.exe
    PRC - [2006/09/05 22:08:26 | 000,090,112 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PCINFO\PCInfoSV.exe
    PRC - [2006/08/01 11:42:08 | 000,069,780 | ---- | M] (Fujitsu Component Limited) -- C:\WINDOWS\system32\FPapli.exe
    PRC - [2006/06/01 10:14:16 | 001,827,640 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
    PRC - [2006/06/01 10:08:28 | 000,126,976 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2006/06/01 10:08:26 | 000,204,800 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2006/06/01 10:06:42 | 001,106,562 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
    PRC - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
    PRC - [2006/02/28 17:25:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2006/02/28 17:25:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2006/02/28 17:22:50 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2006/02/28 17:18:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2006/02/28 17:16:08 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2006/02/28 17:15:30 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2006/01/24 02:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    PRC - [2005/10/12 15:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2005/10/12 15:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/30 06:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2010/08/16 22:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll
    MOD - [2009/07/12 02:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcr90.dll
    MOD - [2009/07/12 02:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcp90.dll
    MOD - [2005/07/22 06:13:32 | 000,036,988 | ---- | M] (Fujitsu Takamisawa Component Limited) -- C:\WINDOWS\system32\Fphook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/07/23 00:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)
    SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2006/11/01 01:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2006/09/05 22:08:26 | 000,090,112 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\Program Files\Panasonic\PCINFO\PCInfoSV.exe -- (PcInfoSV)
    SRV - [2006/06/01 10:08:26 | 000,204,800 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2006/05/12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
    SRV - [2006/03/27 16:45:52 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe -- (IDL DicomEx Storage SCP)
    SRV - [2006/02/28 17:18:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2006/02/28 17:16:08 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2006/02/28 17:15:30 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2005/10/12 15:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/11/16 08:37:20 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/11/15 01:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101124.004\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/11/15 01:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101124.004\NAVENG.SYS -- (NAVENG)
    DRV - [2010/11/08 19:50:31 | 000,341,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101122.006\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2010/11/03 19:07:06 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2010/09/09 10:51:20 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/07/28 22:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA)
    DRV - [2010/07/28 21:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP)
    DRV - [2010/07/28 21:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2010/07/21 20:27:14 | 000,043,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
    DRV - [2010/07/21 20:27:14 | 000,043,952 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
    DRV - [2010/07/12 20:20:22 | 000,369,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMTDI.SYS -- (SYMTDI)
    DRV - [2010/06/26 23:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON)
    DRV - [2010/06/13 05:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS)
    DRV - [2010/06/01 10:22:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/09/02 21:50:38 | 000,387,520 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2007/09/02 21:50:38 | 000,032,224 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2007/09/02 21:50:36 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2007/03/02 22:56:24 | 000,042,624 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\newmisc.sys -- (NewMisc)
    DRV - [2006/11/30 22:55:00 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2006/11/22 19:09:22 | 000,053,504 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV - [2006/11/20 20:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2006/10/28 03:29:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
    DRV - [2006/10/10 22:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
    DRV - [2006/10/06 09:24:00 | 001,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2006/10/05 19:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2006/08/24 05:35:26 | 000,066,912 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GTwinSER.sys -- (GTWINSER)
    DRV - [2006/06/27 11:56:00 | 000,248,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2006/06/15 10:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/04/11 10:36:24 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2006/02/28 18:35:56 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2006/02/26 07:43:00 | 001,428,480 | ---- | M] (IntelĀ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/12/05 12:56:02 | 000,008,192 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Panasonic\PCINFO\PCINFO.sys -- (pcinfo)
    DRV - [2005/11/25 10:50:44 | 000,010,112 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HOTKEY.SYS -- (HOTKEY)
    DRV - [2005/11/08 10:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/11/08 10:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/11/08 10:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/10/21 06:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2005/10/12 15:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
    DRV - [2005/08/01 19:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2005/07/26 15:02:58 | 000,023,463 | ---- | M] (Fujitsu Component Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Fidmou.sys -- (FIDMOU)
    DRV - [2005/07/11 21:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)
    DRV - [2005/06/23 10:20:14 | 000,027,031 | ---- | M] (Fujitsu Component Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FIDTPU.sys -- (FIDTPU) Fujitsu Touch Panel (USB)
    DRV - [2005/04/21 21:56:00 | 000,008,192 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Panasonic\SDKEY\SDKEY.sys -- (SDKEY)
    DRV - [2005/01/06 16:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
    DRV - [2004/11/15 20:46:16 | 000,007,168 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Panasonic\BRECAL\Brecal.sys -- (brecal)
    DRV - [2004/08/30 14:11:16 | 000,031,375 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS -- (MOSUMAC)
    DRV - [2003/06/24 19:30:18 | 000,727,908 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USA19H2k.sys -- (USA19H)
    DRV - [2003/06/24 19:21:20 | 000,044,928 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USA19H2kp.sys -- (USA19H2KP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.1

    FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/11/16 08:40:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/11/16 08:36:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/02 10:43:04 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/11 11:26:24 | 000,000,000 | ---D | M]

    [2010/06/02 10:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/06/02 10:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\avqu5877.default\extensions
    [2010/06/02 10:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/11/24 06:40:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [gemstrmw] C:\WINDOWS\System32\gemstrmw.exe (Gemplus)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [Panasonic HotKey Manager] C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE (Matsushita Electric Industrial Co., Ltd.)
    O4 - HKLM..\Run: [PCinfo] C:\Program Files\Panasonic\PCINFO\SetDiag.exe (Matsushita Electric Industrial Co., Ltd.)
    O4 - HKLM..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe (Matsushita Electric Industrial Co., Ltd)
    O4 - HKLM..\Run: [scroller] C:\WINDOWS\System32\FPapli.exe (Fujitsu Component Limited)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [WSwitch] C:\Program Files\Panasonic\WSwitch\WSwitch.exe (Matsushita Electric Industrial Co., Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1188767369515 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.45
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/12/25 17:54:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/30 06:41:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/24 06:59:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/11/24 06:33:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/24 06:31:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/11/24 06:31:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/11/24 06:31:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/11/24 06:31:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/11/24 06:30:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/24 06:30:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/19 08:50:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\netVirus
    [2010/11/18 14:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\virus_et_al
    [2010/11/16 10:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Tific
    [2010/11/16 10:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
    [2010/11/16 08:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
    [2010/11/11 13:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/11/11 13:52:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/11 13:52:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/11 13:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/11/11 13:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

    ========== Files - Modified Within 30 Days ==========

    [2010/11/30 06:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/11/30 06:39:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/30 06:38:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/30 06:38:49 | 2136,985,600 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/24 06:40:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/24 06:33:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/11/24 06:29:11 | 003,914,642 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/18 13:28:50 | 000,206,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/11/18 12:34:15 | 000,001,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ENVI Zoom 4.8.lnk
    [2010/11/18 12:34:15 | 000,001,924 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ENVI 4.8.lnk
    [2010/11/18 12:34:15 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ENVI + IDL 4.8.lnk
    [2010/11/16 08:39:34 | 000,678,552 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1201000.025\Cat.DB
    [2010/11/16 08:39:22 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
    [2010/11/16 08:39:11 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
    [2010/11/16 08:37:20 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
    [2010/11/16 08:37:20 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
    [2010/11/16 08:37:20 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
    [2010/11/16 08:37:20 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
    [2010/11/11 12:20:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/11/10 13:43:10 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/10 13:43:10 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

    ========== Files Created - No Company Name ==========

    [2010/11/24 06:33:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/11/24 06:33:49 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/24 06:31:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/11/24 06:31:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/11/24 06:31:01 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/24 06:31:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/11/24 06:31:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/11/24 06:29:11 | 003,914,642 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/22 08:39:26 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Explorer.lnk
    [2010/11/18 12:34:15 | 000,001,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ENVI Zoom 4.8.lnk
    [2010/11/18 12:34:15 | 000,001,924 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ENVI 4.8.lnk
    [2010/11/18 12:34:15 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ENVI + IDL 4.8.lnk
    [2010/11/16 08:15:59 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Norton Installation Files.lnk
    [2010/06/11 10:39:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/03/30 07:37:57 | 000,000,391 | ---- | C] () -- C:\WINDOWS\UpdateClient.INI
    [2008/04/11 10:48:31 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Markers.ini
    [2008/04/02 07:24:13 | 000,000,042 | ---- | C] () -- C:\WINDOWS\InstallerStatus.ini
    [2008/04/02 07:23:53 | 000,008,192 | ---- | C] () -- C:\WINDOWS\FliteStar.ini
    [2008/04/02 07:23:53 | 000,000,079 | ---- | C] () -- C:\WINDOWS\Jeppesen.ini
    [2007/09/28 10:12:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/09/05 18:04:07 | 000,000,218 | ---- | C] () -- C:\WINDOWS\AgRemote.ini
    [2007/09/03 07:25:19 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\USA19HPropPage.dll
    [2007/09/03 07:25:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\k19hinst.dll
    [2007/09/03 07:21:12 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
    [2007/06/25 20:56:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/12/27 15:17:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
    [2006/12/27 14:45:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Writing.INI
    [2006/12/25 18:46:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\DMIVIEW.INI
    [2006/12/25 09:49:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/12/25 09:12:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
    [2006/12/25 09:07:53 | 000,002,190 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/12/05 16:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
    [2005/07/23 00:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [1999/04/24 09:57:16 | 000,001,454 | ---- | C] () -- C:\WINDOWS\ntctrm.sys

    ========== LOP Check ==========

    [2007/09/18 22:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreFTP
    [2010/09/28 14:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlobalMapper
    [2010/11/16 10:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
    [2007/09/03 07:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/12/25 17:54:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2007/09/01 13:11:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/24 06:33:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/11/24 06:45:13 | 000,012,091 | ---- | M] () -- C:\ComboFix.txt
    [2006/12/25 17:54:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/11/30 06:38:49 | 2136,985,600 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/25 17:54:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/01/11 14:28:43 | 000,002,142 | ---- | M] () -- C:\jan_11.PDF
    [2007/11/19 07:34:13 | 000,003,360 | ---- | M] () -- C:\log.PDF
    [2007/11/20 07:58:54 | 000,403,674 | ---- | M] () -- C:\log2.PDF
    [2006/12/25 17:54:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2006/07/11 17:35:42 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\msvcp71.dll
    [2004/08/04 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/04/06 07:32:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/11/30 06:38:48 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/20 07:56:36 | 000,098,366 | ---- | M] () -- C:\pg.bmp

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/12/25 17:54:00 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/12/25 09:47:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/12/25 09:47:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/12/25 09:47:44 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/04/06 07:36:54 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/09/01 13:15:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2006/12/25 18:56:04 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/24 06:29:11 | 003,914,642 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2010/11/30 06:41:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/09/01 13:15:49 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/30 06:41:17 | 000,049,152 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/11 04:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2006/03/14 04:28:24 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 04:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 04:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 04:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 04:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 04:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 04:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 04:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  17. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    OTL Extras logfile created on: 11/30/2010 6:42:26 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.52 Gb Total Space | 37.43 Gb Free Space | 50.23% Space Free | Partition Type: NTFS

    Computer Name: FIREMAPPER | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Applanix\Posav\Posav.exe" = C:\Program Files\Applanix\Posav\Posav.exe:*:Enabled:pOS AV -- (Applanix Corporation)
    "C:\Program Files\CoreFTP\coreftp.exe" = C:\Program Files\CoreFTP\coreftp.exe:*:Enabled:Core FTP App -- (Core FTP)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0D5618A0-A109-479F-AE62-B0E25B1319A1}" = ENVI 4.7
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{1AA8913B-0A5E-4B70-8A1C-878283EF0F66}" = RSI ENVI 4.3
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 20
    "{2E97DE76-851A-48AA-A0D6-665860FAD9CA}" = Keyspan USB Serial Adapter
    "{30348D0E-37F0-41EE-869B-F0441A87FFEC}" = PC Information Viewer
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{406ECB40-9B45-459D-9E97-ADFEA4610FBA}" = Panasonic Misc Driver
    "{455309FD-229D-4698-B97B-8EEF59CE6305}" = Global Mapper 11
    "{45D39011-AD99-4980-ADF9-B8202173668D}" = HotKey Appendix
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{5408344D-95C0-486A-9539-36EBBACADC68}" = Panasonic Hand Writing 4
    "{5639BE8E-33DA-402A-B414-1FBED9CC50E1}" = DMI Viewer
    "{6DAA0AF0-3B51-4EE0-83CC-47A3582DFA51}" = Loupe Utility
    "{7F129516-73AD-4232-8FD0-C7BC2508B274}" = Acronis*True*Image
    "{81581EB9-6752-4308-9E4A-F6B9D7F1E814}" = POS AV Controller 2.3
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85B0C1EA-7E30-4D06-AE3A-608518C72AA9}" = Global Mapper 9
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{8F8C91F0-F15C-11D4-A4D6-0004ACD720DA}" = FliteStar
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{93994589-6A13-49BE-8AF6-12AAC9A28529}" = Icon Enlarger
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
    "{99733131-7B00-4E5C-8991-113CD61D8E2F}" = Panasonic Common Components
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{B18C20D2-A3E9-422D-9136-99B5BDD6565D}" = SD Utility
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6CE8C63-4FCA-4C3E-A81E-526C1306B479}" = ENVI 4.7 SP1
    "{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
    "{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
    "{BAD873C8-8631-4016-9E26-7978B4A5453F}" = ENVI 4.8
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD5C2205-7BAD-4B87-BF9A-2BAC626B29C8}" = Battery Recalibration
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{DEEFA812-64A6-4083-BB38-87F68B6BA820}" = Hotkey Settings
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FD95D9B1-CD01-4240-BE5F-A2CA21B553BC}" = Wireless Switch Utility
    "7-Zip" = 7-Zip 4.42
    "AgRemote_is1" = AgRemote Version 2.52
    "Backer 5.04" = Backer 5.04
    "CCleaner" = CCleaner (remove only)
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10F70000" = HDAUDIO V.92 Soft Data Fax Modem with SmartCP
    "Core FTP LE 1.3c" = Core FTP LE 1.3c
    "EditPad Pro" = JGsoft EditPad Pro 4.5.2
    "FIDMOU" = touchpad
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{0D5618A0-A109-479F-AE62-B0E25B1319A1}" = ENVI 4.7
    "InstallShield_{1AA8913B-0A5E-4B70-8A1C-878283EF0F66}" = RSI ENVI 4.3
    "InstallShield_{99733131-7B00-4E5C-8991-113CD61D8E2F}" = Panasonic Common Components
    "InstallShield_{B6CE8C63-4FCA-4C3E-A81E-526C1306B479}" = ENVI 4.7 SP1
    "InstallShield_{BAD873C8-8631-4016-9E26-7978B4A5453F}" = ENVI 4.8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
    "MIGITS Command and Control 1.01" = MIGITS Command and Control 1.01
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "NIS" = Norton Internet Security
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PanasonicHotkeyDriver" = Hotkey Driver for Panasonic PC
    "PDFCreator" = PDFCreator
    "ProInst" = Intel(R) PROSet/Wireless Software
    "RealVNC_is1" = VNC Free Edition 4.1.2
    "Visual C++ 6.0 Professional Edition" = Microsoft Visual C++ 6.0 Professional Edition
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinVNC_is1" = VNC 3.3.7

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 10/3/2008 8:20:01 PM | Computer Name = FIREMAPPER | Source = avast! | ID = 33554522
    Description =

    Error - 10/3/2008 8:20:01 PM | Computer Name = FIREMAPPER | Source = avast! | ID = 33554522
    Description =

    Error - 10/3/2008 8:20:02 PM | Computer Name = FIREMAPPER | Source = avast! | ID = 33554522
    Description =

    Error - 10/3/2008 8:20:03 PM | Computer Name = FIREMAPPER | Source = avast! | ID = 33554522
    Description =

    Error - 10/3/2008 8:20:12 PM | Computer Name = FIREMAPPER | Source = avast! | ID = 33554522
    Description =

    Error - 10/3/2008 8:20:16 PM | Computer Name = FIREMAPPER | Source = avast! | ID = 33554522
    Description =

    Error - 10/3/2008 8:20:19 PM | Computer Name = FIREMAPPER | Source = avast! | ID = 33554522
    Description =

    Error - 10/3/2008 8:20:19 PM | Computer Name = FIREMAPPER | Source = avast! | ID = 33554522
    Description =

    Error - 10/3/2008 8:20:19 PM | Computer Name = FIREMAPPER | Source = avast! | ID = 33554522
    Description =

    Error - 10/3/2008 8:20:19 PM | Computer Name = FIREMAPPER | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 5/21/2010 8:53:55 AM | Computer Name = FIREMAPPER | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module msneie.dll, version 3.0.1125.0, fault address 0x000220d4.

    Error - 6/2/2010 11:31:00 AM | Computer Name = FIREMAPPER | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module ieframe.dll, version 8.0.6001.18904, fault address 0x000c0550.

    Error - 6/2/2010 11:43:18 AM | Computer Name = FIREMAPPER | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 6/2/2010 11:43:18 AM | Computer Name = FIREMAPPER | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 6/2/2010 2:34:17 PM | Computer Name = FIREMAPPER | Source = Application Error | ID = 1000
    Description = Faulting application ccsvchst.exe, version 109.0.3.4, faulting module
    msvcr90.dll, version 9.0.30729.4148, fault address 0x0006ccb5.

    Error - 6/21/2010 2:42:44 PM | Computer Name = FIREMAPPER | Source = WinVNC4 | ID = 1
    Description = SConnection: AuthFailureException: Authentication failure

    Error - 6/21/2010 2:46:04 PM | Computer Name = FIREMAPPER | Source = WinVNC4 | ID = 1
    Description = SConnection: AuthFailureException: Authentication failure

    Error - 6/21/2010 2:48:01 PM | Computer Name = FIREMAPPER | Source = WinVNC4 | ID = 1
    Description = SConnection: AuthFailureException: Authentication failure

    Error - 6/21/2010 2:48:47 PM | Computer Name = FIREMAPPER | Source = WinVNC4 | ID = 1
    Description = SConnection: AuthFailureException: Authentication failure

    Error - 6/21/2010 2:49:43 PM | Computer Name = FIREMAPPER | Source = WinVNC4 | ID = 1
    Description = SConnection: AuthFailureException: Authentication failure

    [ System Events ]
    Error - 11/23/2010 4:39:39 PM | Computer Name = FIREMAPPER | Source = NetBT | ID = 4321
    Description = The name "DAEDALUS :1d" could not be registered on the Interface
    with IP address 192.168.0.70. The machine with the IP address 192.168.0.70 did not
    allow the name to be claimed by this machine.

    Error - 11/23/2010 4:44:49 PM | Computer Name = FIREMAPPER | Source = NetBT | ID = 4321
    Description = The name "DAEDALUS :1d" could not be registered on the Interface
    with IP address 192.168.0.70. The machine with the IP address 192.168.0.70 did not
    allow the name to be claimed by this machine.

    Error - 11/23/2010 4:46:54 PM | Computer Name = FIREMAPPER | Source = NetBT | ID = 4321
    Description = The name "DAEDALUS :1d" could not be registered on the Interface
    with IP address 192.168.0.70. The machine with the IP address 192.168.0.70 did not
    allow the name to be claimed by this machine.

    Error - 11/23/2010 4:52:04 PM | Computer Name = FIREMAPPER | Source = NetBT | ID = 4321
    Description = The name "DAEDALUS :1d" could not be registered on the Interface
    with IP address 192.168.0.70. The machine with the IP address 192.168.0.70 did not
    allow the name to be claimed by this machine.

    Error - 11/23/2010 4:57:14 PM | Computer Name = FIREMAPPER | Source = NetBT | ID = 4321
    Description = The name "DAEDALUS :1d" could not be registered on the Interface
    with IP address 192.168.0.70. The machine with the IP address 192.168.0.70 did not
    allow the name to be claimed by this machine.

    Error - 11/23/2010 4:59:19 PM | Computer Name = FIREMAPPER | Source = NetBT | ID = 4321
    Description = The name "DAEDALUS :1d" could not be registered on the Interface
    with IP address 192.168.0.70. The machine with the IP address 192.168.0.70 did not
    allow the name to be claimed by this machine.

    Error - 11/30/2010 7:39:04 AM | Computer Name = FIREMAPPER | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 11/30/2010 7:39:04 AM | Computer Name = FIREMAPPER | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 11/30/2010 7:39:04 AM | Computer Name = FIREMAPPER | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 11/30/2010 7:39:04 AM | Computer Name = FIREMAPPER | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.


    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 10138170 bytes
    ->Temporary Internet Files folder emptied: 4256576 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16867 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 14.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12012010_074154

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA413.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA425.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA484.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA496.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA4CD.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA4DF.tmp not found!
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z06ARBFK\topic156984[4].html moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NWKDIWHW\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NWKDIWHW\sh28[1].html moved successfully.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_6f0.dat not found!

    Registry entries deleted on Reboot...
     
  20. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Norton Internet Security
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner (remove only)
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Reader 9.3
    Mozilla Firefox (3.6.3) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  21. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    ESET no threats found
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Update Firefox to current 3.6.12 version.

    Then...

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  23. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 251708 bytes
    ->Temporary Internet Files folder emptied: 6209452 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16867 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 6.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.17.3 log created on 12022010_070556

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1AC1.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1AD3.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1B34.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1B46.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1C51.tmp not found!
    File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1C63.tmp not found!
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z8PK2C7P\addthis_widget[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z8PK2C7P\vbulletin_lightbox[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z8PK2C7P\vbulletin_post_loader[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z8PK2C7P\vbulletin_quick_edit[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z8PK2C7P\vbulletin_quick_reply[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Z8PK2C7P\yahoo-dom-event[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SQ1VPEZB\connection-min[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SQ1VPEZB\vb-limited[1].css moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SQ1VPEZB\vbulletin_ajax_tagsugg[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SQ1VPEZB\vbulletin_global[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SQ1VPEZB\vbulletin_menu[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KLIRSLOR\jquery.min[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KLIRSLOR\techspot.com[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KLIRSLOR\techspot[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KLIRSLOR\topic156984-2[1].html moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\KLIRSLOR\vbulletin_textedit[1].js moved successfully.
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2V42XX3D\google_com[1].htm moved successfully.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_624.dat not found!

    Registry entries deleted on Reboot...
     
  24. al davis

    al davis TS Enthusiast Topic Starter Posts: 185

    thank you for all the help

    Al
     
  25. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You're very welcome [​IMG]

    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...