System Restore not working

[wjkennedy4]

I am having a problem with System Restore and was wondering if you have any suggestions for me.

I searched your site and read about a similar problem someone had but it was back in 2009.  If there's anything more recent that I missed I'd be happy to try that first if you could direct me to the fix.

I have a Dell desktop and it has Windows XP  Pro version 2002 SP3.  I tried to use system restore and the first few times it would tell me that it could not do the restore.  It did this in in regular mode as well as safe mode, no matter what restore date I chose.  Then I read in the old dialogue from 2009 that said to download systemrestore.reg and do the merge, which I did.  Now system restore will not do anything when I click on "confirm restore point selection" which was not happening before the merge.  I thought I'd ask before I made things worse.....

In the last few weeks, I've upgraded to firefox 7.0.1 and updated Adobe Reader, Flash, and installed windows updates.  I've had various annoying problems ever since so I decided to try system restore but to no avail.

I don't know if this is a malware problem but I'd appreciate your thoughts about what to do or whether I should try the software forum.  Thank you for any ideas.

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*************************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
**********************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[wjkennedy4]

Hi Dave,

First and foremost, thank you very much for taking time to help me out.  I really appreciate this no matter what the result.  It's very nice of you to share your expertise and your time with people like me that you don't even know. 

I've downloaded and run the various scans as you have asked and the logs are posted below.  One problem I had was that SuperAntiSpyware  looked a little different than what you described in your instructions but I followed along with your instructions as best I could.  I missed the selection to do a complete system scan and did a quick scan by accident (which was the default).  I then ran a complete scan and attached both logs.  MBAM and DDS followed.  One last thing was that I downloaded and installed Adobe Flash and Adobe Reader today.....maybe that wasn't a great idea in retrospect but I won't make any more changes while your helping me.


Here are the logs:

The first one.....


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/02/2011 at 03:44 PM

Application Version : 5.0.1128

Core Rules Database Version : 7746
Trace Rules Database Version: 5558

Scan type       : Quick Scan
Total Scan Time : 00:12:43

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 520
Memory threats detected   : 0
Registry items scanned    : 32090
Registry threats detected : 0
File items scanned        : 16128
File threats detected     : 38

Adware.Tracking Cookie
   C:\Documents and Settings\owner\Cookies\[email protected][2].txt [ /ads.undertone ]
   C:\Documents and Settings\owner\Cookies\owner@findlaw[1].txt [ /findlaw ]
   C:\Documents and Settings\owner\Cookies\[email protected][1].txt [ /lawyers.findlaw ]
   C:\Documents and Settings\owner\Cookies\owner@lucidmedia[1].txt [ /lucidmedia ]
   C:\Documents and Settings\owner\Cookies\[email protected][1].txt [ /pview.findlaw ]
   C:\Documents and Settings\owner\Cookies\owner@specificmedia[2].txt [ /specificmedia ]
   C:\Documents and Settings\owner\Cookies\797SN7LQ.txt [ /essexsteamtrain.com ]
   C:\Documents and Settings\owner\Cookies\92WWO2L4.txt [ /r1-ads.ace.advertising.com ]
   C:\Documents and Settings\owner\Cookies\QMROZMD1.txt [ /advertising.com ]
   C:\Documents and Settings\owner\Cookies\SX9A37RU.txt [ /imrworldwide.com ]
   C:\Documents and Settings\owner\Cookies\RBLAZX9G.txt [ /www.peoplefinders.com ]
   C:\Documents and Settings\owner\Cookies\8084RE9V.txt [ /ad.wsod.com ]
   C:\Documents and Settings\owner\Cookies\Q1QT2F7R.txt [ /adxpose.com ]
   C:\Documents and Settings\owner\Cookies\7QNZIYPU.txt [ /media6degrees.com ]
   C:\Documents and Settings\owner\Cookies\EIZTVG9X.txt [ /peoplefinders.com ]
   C:\Documents and Settings\owner\Cookies\FF3B37WZ.txt [ /fastclick.net ]
   C:\Documents and Settings\owner\Cookies\11Y7K3ZA.txt [ /legolas-media.com ]
   C:\Documents and Settings\owner\Cookies\JYP7XPLB.txt [ /accountonline.com ]
   stats.finra.org [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D8WS3NFR.DEFAULT\COOKIES.SQLITE ]
   .accountonline.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D8WS3NFR.DEFAULT\COOKIES.SQLITE ]
   www.accountonline.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D8WS3NFR.DEFAULT\COOKIES.SQLITE ]
   C:\Documents and Settings\owner\Cookies\9GCHU16R.txt [ /interclick.com ]
   C:\Documents and Settings\owner\Cookies\STLXK1RY.txt [ /revsci.net ]
   C:\Documents and Settings\owner\Cookies\T3NNCKZQ.txt [ /atdmt.com ]
   C:\Documents and Settings\owner\Cookies\CK5TIHAI.txt [ /yieldmanager.net ]
   C:\Documents and Settings\owner\Cookies\LK3BYMOV.txt [ /statse.webtrendslive.com ]
   C:\Documents and Settings\owner\Cookies\MJC8V4CW.txt [ /accounts.google.com ]
   C:\Documents and Settings\owner\Cookies\DW0ORSEL.txt [ /casalemedia.com ]
   C:\Documents and Settings\owner\Cookies\3BR0R8UD.txt [ /ru4.com ]
   C:\Documents and Settings\owner\Cookies\AEGGXNTD.txt [ /doubleclick.net ]
   C:\Documents and Settings\owner\Cookies\KJR91EOT.txt [ /ad.yieldmanager.com ]
   .accountonline.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D8WS3NFR.DEFAULT\COOKIES.SQLITE ]
   C:\Documents and Settings\owner\Cookies\75ND5OLY.txt [ /invitemedia.com ]
   C:\Documents and Settings\owner\Cookies\T6525YVX.txt [ /www.googleadservices.com ]
   accounts.google.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\D8WS3NFR.DEFAULT\COOKIES.SQLITE ]
   C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\B4UH6TVL.txt [ Cookie:[email protected]/accounts ]
   C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\E3BTUBXP.txt [ Cookie:[email protected]/accounts/ ]
   C:\DOCUMENTS AND SETTINGS\OWNER\Cookies\CZ9DLTFO.txt [ Cookie:[email protected]/adserving ]


The second one....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/02/2011 at 04:27 PM

Application Version : 5.0.1128

Core Rules Database Version : 7746
Trace Rules Database Version: 5558

Scan type       : Complete Scan
Total Scan Time : 00:34:57

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 495
Memory threats detected   : 0
Registry items scanned    : 38200
Registry threats detected : 0
File items scanned        : 69097
File threats detected     : 13

Adware.Tracking Cookie
   accountonline.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   adsatt.espn.go.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   cdn.gotraffic.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   espn360.channelfinder.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   insight.randomhouse.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   media.cnbc.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   media10.washingtonpost.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]
   secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DK5D8FXP ]


MBAM LOG:


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7849

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/2/2011 5:38:13 PM
mbam-log-2011-10-02 (17-38-13).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 248543
Time elapsed: 27 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


2 DDS LOGS:



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_20
Run by owner at 18:03:55 on 2011-10-02
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.214 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Xerox\Scan_Utility\xrxzipui.exe
C:\WINDOWS\system32\xWCASbgnd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.1.1.3\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [XeroxScanUtility] c:\program files\xerox\scan_utility\xrxzipui.exe 1
mRun: [XeroxEndeavorBackgroundTask] c:\windows\system32\xWCASbgnd.exe 1
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274550924781
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 167.206.251.130 167.206.251.129
TCP: Interfaces\{A0A2093A-3825-4A73-823B-4CD780C0334F} : DhcpNameServer = 167.206.251.130 167.206.251.129
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\d8ws3nfr.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: keyword.enabled - false
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\coffplgn_2011_7_1_3\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.6.0.29\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\d8ws3nfr.default\extensions\{343db173-0e5a-4f2a-b7bb-71a49085d70e}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\d8ws3nfr.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1301010.003\SymDS.sys [2011-10-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1301010.003\SymEFA.sys [2011-10-1 897656]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\bashdefs\20110901.001\BHDrvx86.sys [2011-10-1 815736]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1301010.003\ccSetx86.sys [2011-10-1 132744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1301010.003\Ironx86.sys [2011-10-1 149624]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-5-8 10448]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.1.1.3\ccSvcHst.exe [2011-10-1 138760]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2011-5-6 90112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-3 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\ipsdefs\20110726.001\IDSXpx86.sys [2011-10-1 356280]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20110930.033\naveng.sys [2011-10-1 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\definitions\virusdefs\20110930.033\navex15.sys [2011-10-1 1576312]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 B-Service;B-Service;c:\documents and settings\owner\local settings\temporary internet files\content.ie5\g9yrchyb\b-service.exe --> c:\documents and settings\owner\local settings\temporary internet files\content.ie5\g9yrchyb\B-Service.exe [?]
.
=============== Created Last 30 ================
.
2011-10-02 21:09:21   --------   d-----w-   c:\documents and settings\owner\application data\Malwarebytes
2011-10-02 21:05:56   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-10-02 21:05:53   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-10-02 21:05:52   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-10-02 19:26:37   --------   d-----w-   c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2011-10-02 19:22:15   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-10-02 19:22:15   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-10-02 17:30:01   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 23:57:41   --------   d-----w-   c:\documents and settings\owner\application data\EMCO
2011-10-01 23:57:11   --------   d-----w-   c:\program files\EMCO
2011-10-01 19:28:30   897656   ----a-r-   c:\windows\system32\drivers\nis\1301010.003\SymEFA.sys
2011-10-01 19:28:30   566904   ----a-r-   c:\windows\system32\drivers\nis\1301010.003\srtsp.sys
2011-10-01 19:28:30   387192   ----a-r-   c:\windows\system32\drivers\nis\1301010.003\symtdi.sys
2011-10-01 19:28:30   344184   ----a-r-   c:\windows\system32\drivers\nis\1301010.003\symtdiv.sys
2011-10-01 19:28:30   340088   ----a-r-   c:\windows\system32\drivers\nis\1301010.003\SymDS.sys
2011-10-01 19:28:30   31864   ----a-r-   c:\windows\system32\drivers\nis\1301010.003\srtspx.sys
2011-10-01 19:28:30   314488   ----a-r-   c:\windows\system32\drivers\nis\1301010.003\symnets.sys
2011-10-01 19:28:30   149624   ----a-r-   c:\windows\system32\drivers\nis\1301010.003\Ironx86.sys
2011-10-01 19:28:30   132744   ----a-r-   c:\windows\system32\drivers\nis\1301010.003\ccSetx86.sys
2011-10-01 19:28:22   2801   ----a-r-   c:\windows\system32\drivers\nis\1301010.003\SymVTcer.dat
2011-10-01 19:28:22   --------   d-----w-   c:\windows\system32\drivers\nis\1301010.003
2011-09-21 14:15:02   13983976   ----a-w-   c:\program files\mozilla firefox\Firefox Setup 6.0.2.exe
2011-09-05 17:04:56   183696   ----a-w-   c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-09-05 17:04:56   183696   ----a-w-   c:\program files\internet explorer\plugins\nppdf32.dll
2011-09-03 10:17:37   599040   -c----w-   c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M  ====================
.
2011-10-01 19:28:47   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2011-10-01 19:28:47   127096   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2011-09-09 09:12:13   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-07-15 13:29:31   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 18:04:27.79 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/22/2010 12:18:56 PM
System Uptime: 10/2/2011 3:48:48 PM (3 hours ago)
.
Motherboard: Dell Inc.           |  | 0MH651
Processor:               Intel(R) Pentium(R) D CPU 3.40GHz | Microprocessor | 3400/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 124.161 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP401: 7/3/2011 5:03:52 AM - System Checkpoint
RP402: 7/4/2011 6:03:52 AM - System Checkpoint
RP403: 7/5/2011 7:03:52 AM - System Checkpoint
RP404: 7/6/2011 8:04:57 AM - System Checkpoint
RP405: 7/7/2011 8:47:15 AM - System Checkpoint
RP406: 7/8/2011 10:51:55 AM - System Checkpoint
RP407: 7/9/2011 11:03:53 AM - System Checkpoint
RP408: 7/10/2011 12:03:52 PM - System Checkpoint
RP409: 7/11/2011 12:42:03 PM - System Checkpoint
RP410: 7/12/2011 12:43:35 PM - System Checkpoint
RP411: 7/13/2011 3:00:16 AM - Software Distribution Service 3.0
RP412: 7/14/2011 3:03:53 AM - System Checkpoint
RP413: 7/15/2011 4:03:53 AM - System Checkpoint
RP414: 7/16/2011 5:03:50 AM - System Checkpoint
RP415: 7/17/2011 6:03:50 AM - System Checkpoint
RP416: 7/18/2011 7:03:53 AM - System Checkpoint
RP417: 7/19/2011 8:03:54 AM - System Checkpoint
RP418: 7/20/2011 10:46:32 AM - System Checkpoint
RP419: 7/21/2011 3:17:48 PM - System Checkpoint
RP420: 7/22/2011 4:34:28 PM - System Checkpoint
RP421: 7/23/2011 5:03:53 PM - System Checkpoint
RP422: 7/25/2011 1:16:10 AM - System Checkpoint
RP423: 7/26/2011 2:03:55 AM - System Checkpoint
RP424: 7/27/2011 3:03:54 AM - System Checkpoint
RP425: 7/28/2011 4:03:52 AM - System Checkpoint
RP426: 7/29/2011 5:03:44 AM - System Checkpoint
RP427: 7/30/2011 6:03:43 AM - System Checkpoint
RP428: 7/31/2011 7:03:44 AM - System Checkpoint
RP429: 8/1/2011 8:03:44 AM - System Checkpoint
RP430: 8/2/2011 9:03:44 AM - System Checkpoint
RP431: 8/3/2011 10:03:45 AM - System Checkpoint
RP432: 8/3/2011 7:34:27 PM - Restore Operation
RP433: 8/3/2011 7:39:31 PM - Restore Operation
RP434: 8/3/2011 7:44:00 PM - Restore Operation
RP435: 8/3/2011 7:46:38 PM - Restore Operation
RP436: 8/3/2011 8:26:17 PM - Restore Operation
RP437: 8/3/2011 8:29:35 PM - Restore Operation
RP438: 8/3/2011 8:37:49 PM - Removed VIPRE Antivirus.
RP439: 8/3/2011 8:41:08 PM - Restore Operation
RP440: 8/3/2011 8:48:40 PM - Restore Operation
RP441: 8/3/2011 9:14:39 PM - Removed VIPRE Antivirus.
RP442: 8/5/2011 10:44:16 AM - System Checkpoint
RP443: 8/5/2011 4:52:57 PM - Restore Operation
RP444: 8/5/2011 4:59:31 PM - Restore Operation
RP445: 8/5/2011 5:18:23 PM - Restore Operation
RP446: 8/5/2011 5:35:03 PM - Removed VIPRE Antivirus.
RP447: 8/8/2011 1:52:54 PM - System Checkpoint
RP448: 8/9/2011 2:46:15 PM - System Checkpoint
RP449: 8/10/2011 2:53:33 PM - System Checkpoint
RP450: 8/11/2011 8:02:00 PM - Software Distribution Service 3.0
RP451: 8/13/2011 11:04:59 AM - System Checkpoint
RP452: 8/14/2011 8:21:51 PM - System Checkpoint
RP453: 8/15/2011 9:13:03 PM - System Checkpoint
RP454: 8/17/2011 11:14:15 AM - System Checkpoint
RP455: 8/18/2011 12:36:37 PM - System Checkpoint
RP456: 8/19/2011 1:46:09 PM - System Checkpoint
RP457: 8/22/2011 11:33:36 AM - System Checkpoint
RP458: 8/23/2011 11:46:44 AM - System Checkpoint
RP459: 8/24/2011 11:59:37 AM - System Checkpoint
RP460: 8/26/2011 11:32:11 AM - System Checkpoint
RP461: 8/27/2011 12:19:01 PM - System Checkpoint
RP462: 8/29/2011 11:15:11 AM - System Checkpoint
RP463: 8/30/2011 2:32:36 PM - System Checkpoint
RP464: 8/31/2011 2:47:20 PM - System Checkpoint
RP465: 9/1/2011 5:10:22 PM - System Checkpoint
RP466: 9/2/2011 5:13:39 PM - System Checkpoint
RP467: 9/5/2011 1:18:55 PM - Software Distribution Service 3.0
RP468: 9/6/2011 2:43:03 PM - System Checkpoint
RP469: 9/7/2011 2:53:35 PM - System Checkpoint
RP470: 9/8/2011 2:56:56 PM - System Checkpoint
RP471: 9/9/2011 4:43:45 PM - System Checkpoint
RP472: 9/12/2011 11:06:11 AM - System Checkpoint
RP473: 9/13/2011 1:10:13 PM - System Checkpoint
RP474: 9/14/2011 8:27:19 AM - Software Distribution Service 3.0
RP475: 9/15/2011 11:02:36 AM - System Checkpoint
RP476: 9/16/2011 11:25:15 AM - System Checkpoint
RP477: 9/18/2011 7:46:33 PM - System Checkpoint
RP478: 9/19/2011 10:13:34 PM - System Checkpoint
RP479: 9/21/2011 10:09:38 AM - System Checkpoint
RP480: 9/21/2011 10:46:46 AM - Software Distribution Service 3.0
RP481: 9/22/2011 12:38:49 PM - System Checkpoint
RP482: 9/23/2011 1:18:05 PM - System Checkpoint
RP483: 9/26/2011 4:56:09 PM - System Checkpoint
RP484: 9/27/2011 6:05:59 PM - System Checkpoint
RP485: 9/28/2011 6:31:03 PM - System Checkpoint
RP486: 9/28/2011 9:12:54 PM - Software Distribution Service 3.0
RP487: 9/30/2011 11:11:08 AM - System Checkpoint
RP488: 9/30/2011 1:02:50 PM - Restore Operation
RP489: 9/30/2011 2:13:52 PM - Restore Operation
RP490: 9/30/2011 2:20:03 PM - Restore Operation
RP491: 9/30/2011 2:30:15 PM - Restore Operation
RP492: 9/30/2011 2:45:01 PM - Restore Operation
RP493: 9/30/2011 2:53:51 PM - Restore Operation
RP494: 9/30/2011 3:11:26 PM - Restore Operation
RP495: 9/30/2011 3:21:26 PM - Restore Operation
RP496: 9/30/2011 3:28:53 PM - Restore Operation
RP497: 9/30/2011 3:35:29 PM - Restore Operation
RP498: 9/30/2011 3:38:07 PM - Restore Operation
RP499: 10/1/2011 1:42:25 PM - Sat 10-1-11
RP500: 10/1/2011 2:39:16 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ATI Display Driver
Brother HL-5370DW
Compatibility Pack for the 2007 Office system
Custody X Change 3.56
EMCO MoveOnBoot 2.2
eReg
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 20
Logitech SetPoint 6.22
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office XP Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NAVIGON Fresh 3.3.1
NetX360
Norton Internet Security
QuickBooks
QuickBooks Pro 2010
Quicken 2010
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sony Ericsson PC Suite 6.011.00
SUPERAntiSpyware
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
VLC media player 1.1.11
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
9/30/2011 3:32:24 PM, error: System Error [1003]  - Error code 10000050, parameter1 e1d27fe6, parameter2 00000000, parameter3 f72bed73, parameter4 00000001.
9/30/2011 3:06:40 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/30/2011 2:44:58 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SBRE
9/30/2011 2:43:17 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/30/2011 2:42:14 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
9/30/2011 2:40:58 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx86 eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SBRE SRTSPX SymIRON SYMTDI Tcpip
9/30/2011 2:40:58 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
9/30/2011 2:40:58 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/30/2011 2:40:58 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/30/2011 2:40:58 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
10/1/2011 2:44:56 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000034' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
10/1/2011 2:39:11 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
10/1/2011 12:44:56 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Sony Ericsson OMSI download service service to connect.
10/1/2011 12:44:56 PM, error: Service Control Manager [7000]  - The Sony Ericsson OMSI download service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


Thanks again Dave, let me know what you think.

[SuperDave]

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
:files
c:\documents and settings\owner\local settings\temporary internet files\content.ie5\g9yrchyb\B-Service.exe

:services
B-Service

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
******************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************************
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[wjkennedy4]

Thank you.  Okay, I downloaded and ran OTL, installed latest version of Java (also removed old versions), downloaded and ran Combo Fix using Explorer rather than Firefox (which did install Windows Recovery Console because I didn't have it).  After that console was installed, Combo Fix continued scanning and I eventually got the full blue screen of death warning from windows with large white letters saying something was wrong.  I had to do the forced shutdown by holding the power button down and reboot.  When the desktop came back up, I launched Combo Fix and ran it again without any problems and it gave me a log when it was finished.  I've attached the logs for OTL & Combo Fix.  Thanks again, let me know what you think.

Here are the logs:

========== OTL ==========
========== FILES ==========
File\Folder c:\documents and settings\owner\local settings\temporary internet files\content.ie5\g9yrchyb\B-Service.exe not found.
========== SERVICES/DRIVERS ==========
Service B-Service stopped successfully!
Service B-Service deleted successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.29.1 log created on 10032011_135820





ComboFix 11-10-03.01 - owner 10/03/2011  14:43:16.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.561 [GMT -4:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\hpe22F.dll
c:\windows\system32\d3d9caps.dat
c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-03 to 2011-10-03  )))))))))))))))))))))))))))))))
.
.
2011-10-03 18:13 . 2011-10-03 18:13   --------   d-----w-   c:\program files\Common Files\Java
2011-10-03 18:12 . 2011-10-03 18:11   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-10-03 17:58 . 2011-10-03 17:58   --------   d-----w-   C:\_OTL
2011-10-02 21:09 . 2011-10-02 21:09   --------   d-----w-   c:\documents and settings\owner\Application Data\Malwarebytes
2011-10-02 21:05 . 2011-10-02 21:05   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-02 21:05 . 2011-08-31 21:00   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-10-02 21:05 . 2011-10-02 21:05   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-10-02 19:26 . 2011-10-02 19:26   --------   d-----w-   c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com
2011-10-02 19:22 . 2011-10-02 19:26   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-10-02 19:22 . 2011-10-02 19:22   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-10-02 17:30 . 2011-10-02 17:30   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 23:57 . 2011-10-01 23:57   --------   d-----w-   c:\documents and settings\owner\Application Data\EMCO
2011-10-01 23:57 . 2011-10-01 23:57   --------   d-----w-   c:\program files\EMCO
2011-10-01 19:28 . 2011-10-01 19:31   --------   d-----w-   c:\windows\system32\drivers\NIS\1301010.003
2011-09-30 18:41 . 2011-10-01 18:45   --------   d-s---w-   c:\documents and settings\Administrator.USER-9DDA35D83A.000
2011-09-21 14:15 . 2011-09-21 14:15   13983976   ----a-w-   c:\program files\Mozilla Firefox\Firefox Setup 6.0.2.exe
2011-09-05 17:04 . 2011-09-05 17:04   183696   ----a-w-   c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04   183696   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 18:11 . 2010-05-23 18:43   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-01 19:28 . 2011-06-16 14:59   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2011-10-01 19:28 . 2011-06-16 14:59   127096   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2011-09-09 09:12 . 2004-08-04 12:00   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-08-04 12:00   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-08-04 12:00   10496   ----a-w-   c:\windows\system32\drivers\ndistapi.sys
2011-09-29 06:53 . 2011-10-01 20:39   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]
"XeroxScanUtility"="c:\program files\Xerox\Scan_Utility\xrxzipui.exe" [2008-11-21 2307072]
"XeroxEndeavorBackgroundTask"="c:\windows\system32\xWCASbgnd.exe" [2008-11-18 92672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-8-6 1154848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13   64592   ----a-w-   c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1301010.003\SymDS.sys [10/1/2011 3:28 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1301010.003\SymEFA.sys [10/1/2011 3:28 PM 897656]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx86.sys [10/1/2011 3:28 PM 815736]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1301010.003\ccSetx86.sys [10/1/2011 3:28 PM 132744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1301010.003\Ironx86.sys [10/1/2011 3:28 PM 149624]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [5/8/2011 3:16 PM 10448]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe [10/1/2011 3:28 PM 138760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/3/2011 11:02 AM 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSXpx86.sys [10/1/2011 3:28 PM 356280]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 1:30 PM 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 1:30 PM 10448]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [5/6/2011 1:23 PM 90112]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\d8ws3nfr.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: keyword.enabled - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 14:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.1.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.1.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(664)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2011-10-03  14:52:30
ComboFix-quarantined-files.txt  2011-10-03 18:52
.
Pre-Run: 133,263,581,184 bytes free
Post-Run: 135,159,324,672 bytes free
.
- - End Of File - - B8776418A5BC27620019D82649D67B95
 

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[wjkennedy4]

Hi Dave, thank you, here is the log you requested from SysProt:


SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: C:\Program Files\Mozilla Firefox\plugin-container.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\plugin-container.exe
PID: 4
Hidden: Yes
Window Visible: No

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: SYMDS.SYS
Service Name: SymDS
Module Base: F72D8000
Module End: F732F000
Hidden: Yes

Module Name: SYMEFA.SYS
Service Name: SymEFA
Module Base: F71E5000
Module End: F72C6000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: ED0EC000
Module End: ED104000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7A6E000
Module End: F7A70000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F7AC6000
Module End: F7AC8000
Hidden: Yes

Module Name: \??\C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: F78DC000
Module End: F78E4000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
Service Name: ---
Module Base: F7A22000
Module End: F7A24000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAlertResumeThread
Address: 8695AAD8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAlertThread
Address: 86962818
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAllocateVirtualMemory
Address: 86F91250
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwAssignProcessToJobObject
Address: 869AEE90
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwConnectPort
Address: 8685F368
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateKey
Address: ED4FC980
Driver Base: ED4E6000
Driver End: ED50C000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwCreateMutant
Address: 869D6D70
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateSymbolicLinkObject
Address: 868165A0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwCreateThread
Address: 86CEB178
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDebugActiveProcess
Address: 869AE398
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteKey
Address: ED4FCC00
Driver Base: ED4E6000
Driver End: ED50C000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwDeleteValueKey
Address: ED4FCF10
Driver Base: ED4E6000
Driver End: ED50C000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwDuplicateObject
Address: 86CF7DA8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwFreeVirtualMemory
Address: 86F90648
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateAnonymousToken
Address: 869AA0E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwImpersonateThread
Address: 86953718
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwLoadDriver
Address: 8685F788
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwMapViewOfSection
Address: 86A61998
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenEvent
Address: 869AB248
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 869CF850
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcessToken
Address: 86CD3A38
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenSection
Address: 869AD1A8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 869A9E50
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwProtectVirtualMemory
Address: 86864830
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwResumeThread
Address: 86A0B460
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetContextThread
Address: 86A7AB40
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetInformationProcess
Address: 8699DC00
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetSystemInformation
Address: 869ADF30
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSetValueKey
Address: ED4FD160
Driver Base: ED4E6000
Driver End: ED50C000
Driver Name: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

Function Name: ZwSuspendProcess
Address: 869AC908
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwSuspendThread
Address: 869EFC50
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 86CD54E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateThread
Address: 86A57448
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwUnmapViewOfSection
Address: 86EF1BA0
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: 86CFCD10
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\33A9CEC5.TMP
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\58610D8C.TMP
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\FED47D1F.TMP
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

[SuperDave]

Is your computer working any better?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[wjkennedy4]

Thanks Dave, sorry for the delay.  Well, the computer seems to be working fine.....I've not tried System Restore since you've been helping me and maybe now there's no reason to do so.  I would, however, like to see that it's working again for use in the future, if necessary.  Should I try to set a restore point when we're finished and then restore to that point to check that System Restore is working again?  I thought I'd rather not use an old restore point since maybe that could bring back old problems and undo what we've done.

I ran the ESET OnlineScan that you asked for and it said there were no threats found.  Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=6ed63d71bb4b4a4d8d39fc04530a30f6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-07 03:06:20
# local_time=2011-10-07 11:06:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=258 16777214 0 2 5330802 5330802 0 0
# compatibility_mode=3584 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=44971
# found=0
# cleaned=0
# scan_time=2667

[SuperDave]

I've not tried System Restore since you've been helping me and maybe now there's no reason to do so.  I would, however, like to see that it's working again for use in the future, if necessary.

We will be wiping the System Restore so that you don't get re-infected. Malware like to hide in SR and then when you hit it, you're infected again.

We can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*******************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Go to Microsoft Windows Update and get all critical updates.
----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[wjkennedy4]

Thank you Dave.  Okay, again, sorry for the delayed response.

I've uninstalled ComboFix, ran CleanUp on OTL, downloaded and ran TFC and did the Microsoft Windows Update to get the critical updates installed.

Thank you for all the other the suggestions going forward.  My computer seems to be running quite well at this point.  Anything else I need to do?  Any reason to test System Restore or should we just assume it's working normally now and use it in the future only if needed?

[SuperDave]

Anything else I need to do?

Just stay safe.

Any reason to test System Restore or should we just assume it's working normally now and use it in the future only if needed?

When you removed ComboFix, it should have re-set your System Restore so there are no Restore points. This to ensure that there are no infections hiding there.
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.