BleepingComputer.com: Infected with XP Security 2011

Infected with XP Security 2011 and followed removal guide to clean. Infection reappeared within 2 days. Reran all removal guide steps, but noticed that I was getting a message about "security Center Downloads" I went to change the security center downloads and noticed I could not change the settings, and it just did not look right. Now I turn to you for more help.

DDS Log:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Run by Charlie at 16:17:27 on 2011-05-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.171 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Charlie\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://verizon.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://verizon.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Shop to Win 11: {67d688ec-87da-4a28-bfa5-c4db8be5c9ea} - c:\program files\shop to win 11\ShoppingBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177184401031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-12 98392]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
S1 MpKsld237b68c;MpKsld237b68c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6524729e-3a97-4ed7-9680-fa44ddb30702}\mpksld237b68c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6524729e-3a97-4ed7-9680-fa44ddb30702}\MpKsld237b68c.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\admini~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\admini~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\admini~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
.
=============== Created Last 30 ================
.
2011-05-20 17:05:04 1409 ----a-w- c:\windows\QTFont.for
2011-05-18 12:34:18 -------- d-----w- c:\documents and settings\charlie\application data\FCSB000063127
2011-05-17 12:05:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-17 12:05:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-17 12:05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-13 20:17:25 -------- d-sha-r- C:\cmdcons
2011-05-13 20:12:37 98816 ----a-w- c:\windows\sed.exe
2011-05-13 20:12:37 89088 ----a-w- c:\windows\MBR.exe
2011-05-13 20:12:37 256512 ----a-w- c:\windows\PEV.exe
2011-05-13 20:12:37 161792 ----a-w- c:\windows\SWREG.exe
2011-04-30 23:45:36 -------- d-----w- c:\documents and settings\charlie\local settings\application data\ESET
2011-04-30 23:34:33 -------- d-----w- c:\program files\Setup Support for ShopToWin
2011-04-30 23:26:10 -------- d-----w- c:\program files\Setup Support for Weatherbug
2011-04-30 23:26:05 -------- d-----w- c:\program files\AWS
2011-04-30 23:25:41 -------- d-----w- c:\program files\Shop to Win 11
.
==================== Find3M ====================
.
2011-04-15 11:41:35 0 ----a-w- c:\windows\Nraho.bin
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD16 rev.10.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82241439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x822477d0]; MOV EAX, [0x8224784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x82BD9AB8]
3 CLASSPNP[0xF8527FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x821FD780]
\Driver\iastor[0x8225E640] -> IRP_MJ_CREATE -> 0x82241439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1600JS-75NCB1_____________________10.02E01#4&3203b792&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
copy of MBR has been found in sector 9 !
sectors 312499998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 16:18:41.85 ===============

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  
  
• Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  
  
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  
  
• If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  
  
• Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  
  
• Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  
  
• I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
  Because of this, you must reply within three days failure to reply will result in the topic being closed!
  
  
• Please do not PM me directly for help. If you have any questions, post them in this topic.
  
  
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


One or more of the identified infections is a backdoor trojan and password stealer.



I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:



Running OTL

We need to create a FULL OTL Report

• Please download OTL from here:
  
  • Main Mirror
  
  
• Save it to your desktop.
  
• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Change the "Extra Registry" option to "SafeList"
  
• Push the button.
  
• Two reports will open, copy and paste them in a reply here:
  
  • OTL.txt <-- Will be opened
    
  • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Good morning ST,

I look forward to working with and learning from you. I am still receiving the message about "windows security center" automatic updates are turned off and firewall is not monitored. If I click to turn on automatic updates I receive a message "we're sorry. The security center could not change your automatic updates setting."

Here are the logs from TDS and OTL.

TDS log:

2011/05/24 07:51:08.0093 3844 TDSS rootkit removing tool 2.5.2.0 May 24 2011 11:01:23
2011/05/24 07:51:08.0453 3844 ================================================================================
2011/05/24 07:51:08.0453 3844 SystemInfo:
2011/05/24 07:51:08.0453 3844
2011/05/24 07:51:08.0453 3844 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/24 07:51:08.0453 3844 Product type: Workstation
2011/05/24 07:51:08.0453 3844 ComputerName: CWALLIO
2011/05/24 07:51:08.0453 3844 UserName: Charlie
2011/05/24 07:51:08.0453 3844 Windows directory: C:\WINDOWS
2011/05/24 07:51:08.0453 3844 System windows directory: C:\WINDOWS
2011/05/24 07:51:08.0453 3844 Processor architecture: Intel x86
2011/05/24 07:51:08.0453 3844 Number of processors: 2
2011/05/24 07:51:08.0453 3844 Page size: 0x1000
2011/05/24 07:51:08.0453 3844 Boot type: Normal boot
2011/05/24 07:51:08.0453 3844 ================================================================================
2011/05/24 07:51:08.0937 3844 Initialize success
2011/05/24 07:51:12.0609 3968 ================================================================================
2011/05/24 07:51:12.0609 3968 Scan started
2011/05/24 07:51:12.0609 3968 Mode: Manual;
2011/05/24 07:51:12.0609 3968 ================================================================================
2011/05/24 07:51:12.0921 3968 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/24 07:51:12.0984 3968 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/24 07:51:13.0031 3968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/24 07:51:13.0093 3968 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/24 07:51:13.0140 3968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/24 07:51:13.0203 3968 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/05/24 07:51:13.0250 3968 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/24 07:51:13.0296 3968 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/24 07:51:13.0328 3968 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/24 07:51:13.0343 3968 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/24 07:51:13.0359 3968 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/24 07:51:13.0406 3968 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/24 07:51:13.0421 3968 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/24 07:51:13.0437 3968 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/24 07:51:13.0484 3968 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/24 07:51:13.0500 3968 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/24 07:51:13.0515 3968 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/24 07:51:13.0531 3968 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/24 07:51:13.0578 3968 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/05/24 07:51:13.0640 3968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/24 07:51:13.0765 3968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/24 07:51:13.0859 3968 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/24 07:51:13.0906 3968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/24 07:51:13.0953 3968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/24 07:51:14.0000 3968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/24 07:51:14.0140 3968 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/24 07:51:14.0156 3968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/24 07:51:14.0203 3968 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/24 07:51:14.0250 3968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/24 07:51:14.0281 3968 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/24 07:51:14.0343 3968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/24 07:51:14.0375 3968 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/24 07:51:14.0421 3968 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/24 07:51:14.0468 3968 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/24 07:51:14.0484 3968 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/24 07:51:14.0515 3968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/24 07:51:14.0593 3968 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/24 07:51:14.0656 3968 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/24 07:51:14.0687 3968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/24 07:51:14.0734 3968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/24 07:51:14.0859 3968 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/24 07:51:14.0953 3968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/24 07:51:15.0000 3968 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/05/24 07:51:15.0046 3968 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/05/24 07:51:15.0187 3968 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/05/24 07:51:15.0281 3968 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/05/24 07:51:15.0343 3968 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/24 07:51:15.0390 3968 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/05/24 07:51:15.0437 3968 eamon (d42dd9021acd47683b33adf21bca49aa) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/05/24 07:51:15.0484 3968 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/05/24 07:51:15.0546 3968 epfwtdir (aa0667eb9a92414abb784c101a6c7fec) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/05/24 07:51:15.0593 3968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/24 07:51:15.0640 3968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/24 07:51:15.0687 3968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/24 07:51:15.0734 3968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/24 07:51:15.0781 3968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/24 07:51:15.0828 3968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/24 07:51:15.0859 3968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/24 07:51:15.0890 3968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/24 07:51:15.0906 3968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/24 07:51:15.0937 3968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/24 07:51:15.0984 3968 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/24 07:51:16.0031 3968 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/05/24 07:51:16.0125 3968 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/05/24 07:51:16.0234 3968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/24 07:51:16.0265 3968 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/24 07:51:16.0281 3968 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/24 07:51:16.0296 3968 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/24 07:51:16.0375 3968 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
2011/05/24 07:51:16.0390 3968 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/24 07:51:16.0468 3968 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/24 07:51:16.0500 3968 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/24 07:51:16.0531 3968 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/24 07:51:16.0546 3968 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/24 07:51:16.0562 3968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/24 07:51:16.0578 3968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/24 07:51:16.0609 3968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/24 07:51:16.0671 3968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/24 07:51:16.0703 3968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/24 07:51:16.0734 3968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/24 07:51:16.0781 3968 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/24 07:51:16.0796 3968 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/24 07:51:16.0843 3968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/24 07:51:16.0875 3968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/24 07:51:16.0953 3968 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/24 07:51:16.0984 3968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/24 07:51:17.0046 3968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/24 07:51:17.0093 3968 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/05/24 07:51:17.0140 3968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/24 07:51:17.0171 3968 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/24 07:51:17.0187 3968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/24 07:51:17.0343 3968 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/24 07:51:17.0390 3968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/24 07:51:17.0437 3968 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/24 07:51:17.0515 3968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/24 07:51:17.0562 3968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/24 07:51:17.0609 3968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/24 07:51:17.0640 3968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/24 07:51:17.0703 3968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/24 07:51:17.0718 3968 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/24 07:51:17.0750 3968 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/24 07:51:17.0796 3968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/24 07:51:17.0812 3968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/24 07:51:17.0828 3968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/24 07:51:17.0859 3968 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/24 07:51:17.0875 3968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/24 07:51:17.0906 3968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/24 07:51:17.0953 3968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/24 07:51:18.0000 3968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/24 07:51:18.0031 3968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/24 07:51:18.0109 3968 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/24 07:51:18.0203 3968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/24 07:51:18.0218 3968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/24 07:51:18.0234 3968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/24 07:51:18.0250 3968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/24 07:51:18.0281 3968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/24 07:51:18.0296 3968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/24 07:51:18.0375 3968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/24 07:51:18.0390 3968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/24 07:51:18.0468 3968 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/24 07:51:18.0484 3968 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/24 07:51:18.0546 3968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/24 07:51:18.0562 3968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/24 07:51:18.0578 3968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/24 07:51:18.0640 3968 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/24 07:51:18.0671 3968 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/24 07:51:18.0718 3968 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/24 07:51:18.0734 3968 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/24 07:51:18.0750 3968 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/24 07:51:18.0765 3968 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/24 07:51:18.0812 3968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/24 07:51:18.0828 3968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/24 07:51:18.0890 3968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/24 07:51:18.0906 3968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/24 07:51:18.0953 3968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/24 07:51:18.0984 3968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/24 07:51:19.0015 3968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/24 07:51:19.0078 3968 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/24 07:51:19.0125 3968 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/24 07:51:19.0296 3968 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREDrv.sys
2011/05/24 07:51:19.0343 3968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/24 07:51:19.0421 3968 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/24 07:51:19.0453 3968 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/24 07:51:19.0500 3968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/24 07:51:19.0640 3968 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/24 07:51:19.0687 3968 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/24 07:51:19.0734 3968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/24 07:51:19.0812 3968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/24 07:51:19.0859 3968 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/24 07:51:19.0921 3968 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/05/24 07:51:19.0984 3968 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/05/24 07:51:20.0031 3968 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/24 07:51:20.0078 3968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/24 07:51:20.0125 3968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/24 07:51:20.0156 3968 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/24 07:51:20.0171 3968 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/24 07:51:20.0187 3968 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/24 07:51:20.0218 3968 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/24 07:51:20.0281 3968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/24 07:51:20.0343 3968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/24 07:51:20.0437 3968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/24 07:51:20.0468 3968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/24 07:51:20.0500 3968 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/24 07:51:20.0562 3968 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/05/24 07:51:20.0578 3968 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/05/24 07:51:20.0593 3968 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/05/24 07:51:20.0625 3968 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/05/24 07:51:20.0640 3968 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/05/24 07:51:20.0656 3968 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/05/24 07:51:20.0671 3968 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/05/24 07:51:20.0687 3968 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/05/24 07:51:20.0718 3968 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/05/24 07:51:20.0750 3968 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/24 07:51:20.0796 3968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/24 07:51:20.0875 3968 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/24 07:51:20.0937 3968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/24 07:51:20.0968 3968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/24 07:51:21.0031 3968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/24 07:51:21.0046 3968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/24 07:51:21.0062 3968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/24 07:51:21.0093 3968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/24 07:51:21.0140 3968 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/24 07:51:21.0156 3968 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/24 07:51:21.0203 3968 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/05/24 07:51:21.0218 3968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/24 07:51:21.0250 3968 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/24 07:51:21.0281 3968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/24 07:51:21.0312 3968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/24 07:51:21.0359 3968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/24 07:51:21.0421 3968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/24 07:51:21.0500 3968 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/05/24 07:51:21.0625 3968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/24 07:51:21.0687 3968 MBR (0x1B8) (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0
2011/05/24 07:51:21.0687 3968 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/24 07:51:21.0687 3968 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR8
2011/05/24 07:51:21.0703 3968 ================================================================================
2011/05/24 07:51:21.0703 3968 Scan finished
2011/05/24 07:51:21.0703 3968 ================================================================================
2011/05/24 07:51:21.0718 3960 Detected object count: 1
2011/05/24 07:51:21.0718 3960 Actual detected object count: 1
2011/05/24 07:52:21.0421 3960 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/24 07:52:21.0421 3960 \Device\Harddisk0\DR0 - ok
2011/05/24 07:52:21.0421 3960 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/05/24 07:52:30.0187 3824 Deinitialize success



OTL log:

OTL logfile created on: 5/24/2011 7:58:40 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Charlie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.09 Mb Total Physical Memory | 221.33 Mb Available Physical Memory | 43.39% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 81.03% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.54 Gb Total Space | 132.38 Gb Free Space | 91.59% Space Free | Partition Type: NTFS
Drive J: | 7.45 Gb Total Space | 0.27 Gb Free Space | 3.57% Space Free | Partition Type: FAT32

Computer Name: CWALLIO | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 07:45:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\desktop\OTL.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/23 02:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 07:45:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/08 21:00:29 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/15 00:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2003/11/17 23:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 23:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 23:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {DC902A2C-0D85-42F0-8016-68630226AEB9}:1.9.1


FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/04/15 09:24:36 | 000,000,000 | ---D | M]

[2008/12/16 22:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Extensions
[2011/05/12 19:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\kthj54jl.default\extensions
[2010/10/15 12:31:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\kthj54jl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/18 08:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHARLIE\LOCAL SETTINGS\APPLICATION DATA\{DC902A2C-0D85-42F0-8016-68630226AEB9}
[2009/09/15 19:26:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

Hosts file not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Shop to Win 11) - {67D688EC-87DA-4A28-BFA5-C4DB8BE5C9EA} - C:\Program Files\Shop to Win 11\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] File not found
O4 - HKU\.DEFAULT..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] File not found
O4 - HKU\S-1-5-18..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177184401031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.172.3.8 207.172.3.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Charlie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charlie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\WINDOWS\TEMP\6.203468217872694E8.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\WINDOWS\TEMP\6.203468217872694E8.exe" -a "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/24 07:55:58 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charlie\Desktop\OTL.exe
[2011/05/24 07:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\tdsskiller
[2011/05/23 16:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\gmer
[2011/05/23 16:17:02 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Charlie\Desktop\dds.scr
[2011/05/20 09:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/18 09:38:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Charlie\Start Menu\Programs\Administrative Tools
[2011/05/18 09:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/05/18 09:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/18 08:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Application Data\FCSB000063127
[2011/05/17 08:05:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/17 08:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/17 08:05:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/17 08:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/16 16:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/13 16:17:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/13 16:12:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/13 16:12:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/13 16:12:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/13 16:12:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/13 16:12:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/13 16:09:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/30 19:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Local Settings\Application Data\ESET
[2011/04/30 19:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Support for ShopToWin
[2011/04/30 19:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Support for Weatherbug
[2011/04/30 19:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2011/04/30 19:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 11
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/24 07:53:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/24 07:53:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/24 07:53:08 | 534,941,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/24 07:45:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\Desktop\OTL.exe
[2011/05/24 07:44:50 | 001,294,262 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\tdsskiller.zip
[2011/05/23 16:16:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Charlie\defogger_reenable
[2011/05/23 16:13:48 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\gmer.zip
[2011/05/23 16:13:18 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Charlie\Desktop\dds.scr
[2011/05/23 07:37:19 | 000,014,112 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\605mcc14d74nw837
[2011/05/20 16:44:23 | 000,014,266 | -HS- | M] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\605mcc14d74nw837
[2011/05/20 16:44:23 | 000,014,266 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3293952714
[2011/05/20 13:05:04 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/20 13:05:04 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/05/18 10:20:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/17 08:05:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 16:31:07 | 000,019,402 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\sa1c1605154h17u888wq0ck36505fo0
[2011/05/16 16:28:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 16:17:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/13 08:28:17 | 000,015,590 | -HS- | M] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta
[2011/05/13 08:28:17 | 000,015,590 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/24 07:50:35 | 001,294,262 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\tdsskiller.zip
[2011/05/23 16:20:22 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\gmer.zip
[2011/05/23 16:16:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Charlie\defogger_reenable
[2011/05/20 16:43:36 | 000,014,266 | -HS- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\605mcc14d74nw837
[2011/05/20 16:43:36 | 000,014,266 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3293952714
[2011/05/20 13:05:04 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/05/20 13:05:04 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/05/20 11:10:48 | 000,014,112 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\605mcc14d74nw837
[2011/05/20 11:10:48 | 000,014,112 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\605mcc14d74nw837
[2011/05/17 08:05:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/17 07:57:58 | 534,941,696 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/16 16:28:58 | 000,019,402 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\sa1c1605154h17u888wq0ck36505fo0
[2011/05/16 16:28:58 | 000,019,402 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\sa1c1605154h17u888wq0ck36505fo0
[2011/05/13 16:17:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/13 16:17:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/13 16:12:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/13 16:12:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/13 16:12:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/13 16:12:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/13 16:12:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/12 21:47:01 | 000,015,590 | -HS- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta
[2011/05/12 21:47:01 | 000,015,590 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta
[2011/04/15 08:28:10 | 000,016,306 | -HS- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\1076078220
[2011/04/15 08:28:10 | 000,016,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1076078220
[2011/04/15 08:27:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/09 15:53:49 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\075E8UE2.dat
[2011/02/19 14:09:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nraho.bin
[2011/02/19 14:09:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ozaweyo.dat
[2008/07/07 16:31:19 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\fusioncache.dat
[2008/04/15 12:14:38 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\99B2F3D964.sys
[2008/04/15 12:14:37 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/13 16:29:03 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/01/28 12:28:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/10 14:30:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/01/10 14:21:58 | 000,000,417 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI
[2006/01/10 14:19:34 | 000,000,090 | ---- | C] () -- C:\WINDOWS\Cook'n99.ini
[2006/01/10 14:08:04 | 000,000,219 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/01/10 13:35:24 | 000,000,575 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/01/09 23:03:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/09 16:46:53 | 000,004,620 | ---- | C] () -- C:\Documents and Settings\Charlie\Application Data\wklnhst.dat
[2006/01/09 16:18:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/09 15:52:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/01/09 15:30:43 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2006/01/09 15:30:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/01/09 15:30:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/01/09 15:30:41 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2006/01/09 15:30:41 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2006/01/09 15:30:41 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2006/01/09 15:30:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/01/09 15:30:40 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/01/09 15:30:40 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2006/01/09 15:30:39 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2006/01/09 15:30:39 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/01/09 15:30:39 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcccoms.exe
[2006/01/09 15:30:38 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2006/01/09 15:30:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2006/01/09 15:30:37 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2006/01/09 15:30:36 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/01/09 15:30:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/01/09 15:30:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/01/09 15:30:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/01/09 15:30:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/01/09 15:30:31 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/01/09 15:30:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/12/08 21:15:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/08 21:10:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/08 21:09:23 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/08 21:02:17 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/08 20:59:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/08 20:30:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/08 20:30:28 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/08 20:29:56 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 10:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,254,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

< End of report >


Extras log:

OTL Extras logfile created on: 5/24/2011 7:58:40 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Charlie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.09 Mb Total Physical Memory | 221.33 Mb Available Physical Memory | 43.39% Memory free
1.22 Gb Paging File | 0.99 Gb Available in Paging File | 81.03% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.54 Gb Total Space | 132.38 Gb Free Space | 91.59% Space Free | Partition Type: NTFS
Drive J: | 7.45 Gb Total Space | 0.27 Gb Free Space | 3.57% Space Free | Partition Type: FAT32

Computer Name: CWALLIO | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\WINDOWS\TEMP\6.203468217872694E8.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- "C:\WINDOWS\TEMP\6.203468217872694E8.exe" -a "%1" %*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- ()
"C:\PROGRA~1\Yahoo!\MESSEN~1\Yserver.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Cook'n with Pillsbury" = Cook'n with Pillsbury
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"PROSet" = Intel® PRO Network Connections Drivers
"Quicken WillMaker Plus 2006" = Quicken WillMaker Plus 2006
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Revo Uninstaller" = Revo Uninstaller 1.88
"Setup Support for ShopToWin" = Setup Support for ShopToWin 1.0
"Setup Support for Weatherbug" = Setup Support for Weatherbug 1.0
"Shop to Win 11" = Shop to Win 11
"StreetPlugin" = Learn2 Player (Uninstall Only)
"The 80 Classic Games" = Atari: The 80 Classic Games
"Verizon Yahoo! Applications" = Verizon Yahoo! Applications
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2011 12:05:48 AM | Computer Name = CWALLIO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/24/2011 12:05:48 AM | Computer Name = CWALLIO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/24/2011 12:28:16 AM | Computer Name = CWALLIO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/24/2011 12:28:16 AM | Computer Name = CWALLIO | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 5/24/2011 12:28:16 AM | Computer Name = CWALLIO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/24/2011 12:28:16 AM | Computer Name = CWALLIO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/24/2011 12:28:16 AM | Computer Name = CWALLIO | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212.crt>
with error: This network connection does not exist.

Error - 5/24/2011 12:28:16 AM | Computer Name = CWALLIO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/24/2011 2:05:53 AM | Computer Name = CWALLIO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 5/24/2011 2:05:53 AM | Computer Name = CWALLIO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 5/20/2011 9:23:47 AM | Computer Name = CWALLIO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/23/2011 8:11:28 AM | Computer Name = CWALLIO | Source = Service Control Manager | ID = 7000
Description = The avast! iAVS4 Control Service service failed to start due to the
following error: %%3

Error - 5/23/2011 8:11:29 AM | Computer Name = CWALLIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 5/23/2011 8:11:30 AM | Computer Name = CWALLIO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/23/2011 3:38:51 PM | Computer Name = CWALLIO | Source = Service Control Manager | ID = 7000
Description = The avast! iAVS4 Control Service service failed to start due to the
following error: %%3

Error - 5/23/2011 3:38:51 PM | Computer Name = CWALLIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 5/24/2011 7:49:50 AM | Computer Name = CWALLIO | Source = Service Control Manager | ID = 7000
Description = The avast! iAVS4 Control Service service failed to start due to the
following error: %%3

Error - 5/24/2011 7:49:51 AM | Computer Name = CWALLIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 5/24/2011 7:53:25 AM | Computer Name = CWALLIO | Source = Service Control Manager | ID = 7000
Description = The avast! iAVS4 Control Service service failed to start due to the
following error: %%3

Error - 5/24/2011 7:53:27 AM | Computer Name = CWALLIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >

Hi gtechpc!

Quote

That should be an easy thing to fix. We'll utilize a Microsoft Support Article to fix this.

The main infection that you were infected with is called TDL4.

See the snippet of text below:

Quote

You can read more about this infection here:

• TDL4 Rootkit - Bootkit
  
• TDSS: Rootkit technologies from the beginning
  
• TDL3: The Rootkit of All Evil?
  
• Backdoor.Tdss.565
  
• TDL3: Part I A detailed analysis of TDL rootkit 3rd generation

Special thanks to quietman7 for providing the above links.



NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Services
  :OTL
  SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
  IE - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
  O3 - HKU\S-1-5-21-4093974132-3098753635-347973882-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
  O4 - HKLM..\Run: [UserFaultCheck] File not found
  O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] File not found
  O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] File not found
  O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
  O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\WINDOWS\TEMP\6.203468217872694E8.exe" -a "%1" %*
  O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\WINDOWS\TEMP\6.203468217872694E8.exe" -a "%1" %*
  [2011/05/23 07:37:19 | 000,014,112 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\605mcc14d74nw837
  [2011/05/20 16:44:23 | 000,014,266 | -HS- | M] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\605mcc14d74nw837
  [2011/05/20 16:44:23 | 000,014,266 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3293952714
  [2011/05/16 16:31:07 | 000,019,402 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\sa1c1605154h17u888wq0ck36505fo0
  [2011/05/13 08:28:17 | 000,015,590 | -HS- | M] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta
  [2011/05/13 08:28:17 | 000,015,590 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta
  [2011/05/20 16:43:36 | 000,014,266 | -HS- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\605mcc14d74nw837
  [2011/05/20 16:43:36 | 000,014,266 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3293952714
  [2011/05/20 11:10:48 | 000,014,112 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\605mcc14d74nw837
  [2011/05/20 11:10:48 | 000,014,112 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\605mcc14d74nw837
  [2011/05/16 16:28:58 | 000,019,402 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\sa1c1605154h17u888wq0ck36505fo0
  [2011/05/16 16:28:58 | 000,019,402 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\sa1c1605154h17u888wq0ck36505fo0
  [2011/05/12 21:47:01 | 000,015,590 | -HS- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta
  [2011/05/12 21:47:01 | 000,015,590 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta
  [2011/04/15 08:28:10 | 000,016,306 | -HS- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\1076078220
  [2011/04/15 08:28:10 | 000,016,306 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1076078220
  [2011/04/09 15:53:49 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\075E8UE2.dat
  [2011/02/19 14:09:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nraho.bin
  [2011/02/19 14:09:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ozaweyo.dat
  
  :Reg
  
  :Files
  C:\WINDOWS\TEMP\6.203468217872694E8.exe
  dir /s /a "C:\Documents and Settings\Charlie\Application Data\FCSB000063127" /c
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Please visit this link here and follow the instructions to reset your Windows Updates Component.

Link: http://support.microsoft.com/kb/971058


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



What issues are you currently experiencing with your computer?

Good morning ST,

Everything at this time appears to be normal after running the OTL Fix and the Microsoft Update Repair, the PC has downloaded 17 updates from Microsoft and is installing them now. Listed below are the logs you requested.

OTL Log:

========== SERVICES/DRIVERS ==========
========== OTL ==========
Service aswUpdSv stopped successfully!
Service aswUpdSv deleted successfully!
HKU\S-1-5-21-4093974132-3098753635-347973882-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4093974132-3098753635-347973882-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-4093974132-3098753635-347973882-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\DWQueuedReporting deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\DWQueuedReporting not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\exefile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\All Users\Application Data\605mcc14d74nw837 moved successfully.
C:\Documents and Settings\Charlie\Local Settings\Application Data\605mcc14d74nw837 moved successfully.
C:\Documents and Settings\All Users\Application Data\3293952714 moved successfully.
C:\Documents and Settings\All Users\Application Data\sa1c1605154h17u888wq0ck36505fo0 moved successfully.
C:\Documents and Settings\Charlie\Local Settings\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta moved successfully.
C:\Documents and Settings\All Users\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta moved successfully.
File C:\Documents and Settings\Charlie\Local Settings\Application Data\605mcc14d74nw837 not found.
File C:\Documents and Settings\All Users\Application Data\3293952714 not found.
C:\Documents and Settings\LocalService\Local Settings\Application Data\605mcc14d74nw837 moved successfully.
File C:\Documents and Settings\All Users\Application Data\605mcc14d74nw837 not found.
C:\Documents and Settings\LocalService\Local Settings\Application Data\sa1c1605154h17u888wq0ck36505fo0 moved successfully.
File C:\Documents and Settings\All Users\Application Data\sa1c1605154h17u888wq0ck36505fo0 not found.
File C:\Documents and Settings\Charlie\Local Settings\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta not found.
File C:\Documents and Settings\All Users\Application Data\a4xlwp64cfg6weuhaf1w1j2ma4di5es36w0ta not found.
C:\Documents and Settings\Charlie\Local Settings\Application Data\1076078220 moved successfully.
C:\Documents and Settings\All Users\Application Data\1076078220 moved successfully.
C:\Documents and Settings\All Users\Application Data\075E8UE2.dat moved successfully.
C:\WINDOWS\Nraho.bin moved successfully.
C:\WINDOWS\Ozaweyo.dat moved successfully.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\WINDOWS\TEMP\6.203468217872694E8.exe not found.
< dir /s /a "C:\Documents and Settings\Charlie\Application Data\FCSB000063127" /c >
Volume in drive C has no label.
Volume Serial Number is 640B-4783
Directory of C:\Documents and Settings\Charlie\Application Data\FCSB000063127
05/18/2011 08:34 AM <DIR> .
05/18/2011 08:34 AM <DIR> ..
05/18/2011 08:34 AM <DIR> Toolbar
0 File(s) 0 bytes
Directory of C:\Documents and Settings\Charlie\Application Data\FCSB000063127\Toolbar
05/18/2011 08:34 AM <DIR> .
05/18/2011 08:34 AM <DIR> ..
05/18/2011 08:34 AM <DIR> %APPDATA%
08/12/2010 02:08 PM 713 patch.bat
08/12/2010 02:08 PM 1,483 settings.xml
04/30/2011 07:25 PM 682,496 ShoppingBHO.dll
04/27/2010 12:08 PM 6,862 ShopToWin.ico
04/30/2011 07:25 PM 59,115 Uninst.exe
04/30/2011 07:25 PM 51 version.txt
6 File(s) 750,720 bytes
Directory of C:\Documents and Settings\Charlie\Application Data\FCSB000063127\Toolbar\%APPDATA%
05/18/2011 08:34 AM <DIR> .
05/18/2011 08:34 AM <DIR> ..
05/18/2011 08:34 AM <DIR> FCSB000063127
0 File(s) 0 bytes
Directory of C:\Documents and Settings\Charlie\Application Data\FCSB000063127\Toolbar\%APPDATA%\FCSB000063127
05/18/2011 08:34 AM <DIR> .
05/18/2011 08:34 AM <DIR> ..
05/18/2011 08:34 AM <DIR> Toolbar
0 File(s) 0 bytes
Directory of C:\Documents and Settings\Charlie\Application Data\FCSB000063127\Toolbar\%APPDATA%\FCSB000063127\Toolbar
05/18/2011 08:34 AM <DIR> .
05/18/2011 08:34 AM <DIR> ..
05/18/2011 08:34 AM <DIR> %APPDATA%
08/12/2010 02:08 PM 713 patch.bat
08/12/2010 02:08 PM 1,483 settings.xml
04/30/2011 07:25 PM 682,496 ShoppingBHO.dll
04/27/2010 12:08 PM 6,862 ShopToWin.ico
04/30/2011 07:25 PM 59,115 Uninst.exe
04/30/2011 07:25 PM 51 version.txt
6 File(s) 750,720 bytes
Directory of C:\Documents and Settings\Charlie\Application Data\FCSB000063127\Toolbar\%APPDATA%\FCSB000063127\Toolbar\%APPDATA%
05/18/2011 08:34 AM <DIR> .
05/18/2011 08:34 AM <DIR> ..
05/18/2011 08:34 AM <DIR> FCSB000063127
0 File(s) 0 bytes
Directory of C:\Documents and Settings\Charlie\Application Data\FCSB000063127\Toolbar\%APPDATA%\FCSB000063127\Toolbar\%APPDATA%\FCSB000063127
05/18/2011 08:34 AM <DIR> .
05/18/2011 08:34 AM <DIR> ..
05/18/2011 08:34 AM <DIR> Toolbar
0 File(s) 0 bytes
Directory of C:\Documents and Settings\Charlie\Application Data\FCSB000063127\Toolbar\%APPDATA%\FCSB000063127\Toolbar\%APPDATA%\FCSB000063127\Toolbar
05/18/2011 08:34 AM <DIR> .
05/18/2011 08:34 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
12 File(s) 1,501,440 bytes
23 Dir(s) 142,077,509,632 bytes free
C:\Documents and Settings\Charlie\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Charlie\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Charlie\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Charlie\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.23.0 log created on 05252011_081551



MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6673

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/25/2011 8:42:57 AM
mbam-log-2011-05-25 (08-42-57).txt

Scan type: Quick scan
Objects scanned: 178714
Time elapsed: 14 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi!

Glad to hear that!

Please run these scans:


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Check
  
• Make sure that the option "Remove found threats" is Unchecked
  
• When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  
  • Enable Anti-Stealth technology
  
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

NEXT:


Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Good Day ST,

I was slightly confused by your request to do an online scan with Eset. I already use Eset NOD32 anti-virus. I disabled my version and downloaded and ran the online scanner. No log was created since no threats were found. Posted below is the log from SecurityCheck.

Checkup.txt:

Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
ESET NOD32 Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 17
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

Hi gtechpc!

Quote

Sorry about that. Let me have you run a scan with a different scanner then.

Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.

Link 1
Link 2

Be sure to print out and read the instructions provided in:

How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses

• Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  
  
• When the 'Setup page' appears, click Next, check the box 'I accept the license agreement' and click Next twice more to begin extracting the required files.
  
• Setup may recommend to scan the computer in Safe Mode. Click Ok.
  
• A window will open with a tab that says Autoscan and one for Manual disinfection.
  
• Click the green Start scan button on the Autoscan tab in the main window.
  
• If malware is detected, you will see the Scan Alert screen. Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  
• After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  
• Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  
• If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  
• In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  
• Copy and paste the report results of any threats detected and if they were successfully removed in your next reply. Do not include the longer list marked Events.
  
• When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.

-- If you cannot run this tool in normal mode, then try using it in "safe mode".


NEXT:



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

• Go to Start > Control Panel > Add/Remove Programs
  
• Remove ALL instances of Adobe Reader
  
• Re-boot your computer as required.
  
• Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
  
• Drive-by Trojan preying on out-of-date Java installations
  
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "Java Platform, Standard Edition".
  
• Click the "Download JRE" button to the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• From the list, select your OS and Platform.
  
  • 32-bit Select: Windows x86 Offline.
    
  • 64-bit Select: Windows x64.
  
  
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
  
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  
• Click Ok and reboot your computer.

NEXT



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  
  
  
  netsvcs
  drivers32
  hklm\software\clients\startmenuinternet|command /rs
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
  
  
• Push the button.
  
• A report will open. Copy and Paste that report in your next reply.

NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Good morning ST,

I have run the items you requested, report are pasted below. Everything appears fine, boot time is very fast.

avptool

Autoscan: completed 5 minutes ago (events: 2, objects: 7490, time: 00:05:50)
5/27/2011 7:54:24 AM Task completed
5/27/2011 7:48:33 AM Task started
Autoscan: completed 1 minute ago (events: 2, objects: 2319, time: 00:03:00)
5/27/2011 7:58:23 AM Task completed
5/27/2011 7:55:23 AM Task started


OTL Report

OTL logfile created on: 5/27/2011 8:24:07 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Charlie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.09 Mb Total Physical Memory | 218.23 Mb Available Physical Memory | 42.78% Memory free
1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.32% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.54 Gb Total Space | 131.78 Gb Free Space | 91.17% Space Free | Partition Type: NTFS
Drive J: | 7.45 Gb Total Space | 0.26 Gb Free Space | 3.53% Space Free | Partition Type: FAT32

Computer Name: CWALLIO | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/24 07:45:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\desktop\OTL.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2005/03/23 02:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe


========== Modules (SafeList) ==========

MOD - [2011/05/24 07:45:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/11/15 10:23:56 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/06/17 09:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/05/25 09:33:23 | 000,213,760 | ---- | M] (Apricorn) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ezgmntr.sys -- (ezgmntr)
DRV - [2011/05/25 09:33:23 | 000,085,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2011/05/25 09:33:23 | 000,028,800 | ---- | M] (Apricorn) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ezgfsfilt.sys -- (ezgfsfilt)
DRV - [2010/12/21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/08 21:00:29 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/04 06:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/15 00:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2003/11/17 23:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 23:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 23:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/sbcydsl/*http://www.yahoo.com/search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {DC902A2C-0D85-42F0-8016-68630226AEB9}:1.9.1


FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/04/15 09:24:36 | 000,000,000 | ---D | M]

[2008/12/16 22:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Extensions
[2011/05/12 19:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\kthj54jl.default\extensions
[2010/10/15 12:31:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\kthj54jl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/18 08:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHARLIE\LOCAL SETTINGS\APPLICATION DATA\{DC902A2C-0D85-42F0-8016-68630226AEB9}
[2011/05/27 08:21:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

O1 HOSTS File: ([2011/05/25 08:15:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (Shop to Win 11) - {67D688EC-87DA-4A28-BFA5-C4DB8BE5C9EA} - C:\Program Files\Shop to Win 11\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Verizon Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177184401031 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.172.3.8 207.172.3.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Charlie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charlie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: L
CompanyName - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/27 08:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/27 08:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/27 08:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/27 08:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/05/27 08:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/05/27 07:45:30 | 121,681,040 | ---- | C] ( ) -- C:\Documents and Settings\Charlie\Desktop\setup_9.0.0.722_27.05.2011_14-13.exe
[2011/05/25 09:33:23 | 000,213,760 | ---- | C] (Apricorn) -- C:\WINDOWS\System32\drivers\ezgmntr.sys
[2011/05/25 09:33:23 | 000,028,800 | ---- | C] (Apricorn) -- C:\WINDOWS\System32\drivers\ezgfsfilt.sys
[2011/05/25 09:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apricorn
[2011/05/25 09:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apricorn
[2011/05/25 09:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Apricorn
[2011/05/25 08:15:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/24 07:55:58 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charlie\Desktop\OTL.exe
[2011/05/24 07:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\tdsskiller
[2011/05/23 16:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\gmer
[2011/05/23 16:17:02 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Charlie\Desktop\dds.scr
[2011/05/20 09:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/05/18 09:38:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Charlie\Start Menu\Programs\Administrative Tools
[2011/05/18 09:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/05/18 09:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/18 08:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Application Data\FCSB000063127
[2011/05/17 08:05:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/17 08:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/17 08:05:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/17 08:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/16 16:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/05/13 16:17:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/13 16:12:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/13 16:12:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/13 16:12:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/13 16:12:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/13 16:12:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/13 16:09:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/30 19:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Local Settings\Application Data\ESET
[2011/04/30 19:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Support for ShopToWin
[2011/04/30 19:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Support for Weatherbug
[2011/04/30 19:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2011/04/30 19:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Shop to Win 11
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/27 08:19:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/27 08:19:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/27 08:19:08 | 534,941,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/27 08:15:33 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/27 07:42:32 | 121,681,040 | ---- | M] ( ) -- C:\Documents and Settings\Charlie\Desktop\setup_9.0.0.722_27.05.2011_14-13.exe
[2011/05/25 15:41:08 | 000,879,035 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\SecurityCheck.exe
[2011/05/25 09:33:26 | 000,000,975 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Apricorn EZ Gig II.lnk
[2011/05/25 09:33:23 | 000,213,760 | ---- | M] (Apricorn) -- C:\WINDOWS\System32\drivers\ezgmntr.sys
[2011/05/25 09:33:23 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\setupnt.dll
[2011/05/25 09:33:23 | 000,028,800 | ---- | M] (Apricorn) -- C:\WINDOWS\System32\drivers\ezgfsfilt.sys
[2011/05/25 08:59:20 | 000,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/25 08:46:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/25 08:15:54 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/24 07:45:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\Desktop\OTL.exe
[2011/05/24 07:44:50 | 001,294,262 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\tdsskiller.zip
[2011/05/23 16:16:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Charlie\defogger_reenable
[2011/05/23 16:13:48 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\gmer.zip
[2011/05/23 16:13:18 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Charlie\Desktop\dds.scr
[2011/05/20 13:05:04 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/05/20 13:05:04 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/05/18 10:20:42 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/17 08:05:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/16 16:28:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/13 16:17:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/27 08:15:33 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/27 08:15:33 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/05/25 17:02:34 | 000,879,035 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\SecurityCheck.exe
[2011/05/25 09:33:26 | 000,000,975 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Apricorn EZ Gig II.lnk
[2011/05/25 09:33:23 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2011/05/24 07:50:35 | 001,294,262 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\tdsskiller.zip
[2011/05/23 16:20:22 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\gmer.zip
[2011/05/23 16:16:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Charlie\defogger_reenable
[2011/05/20 13:05:04 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/05/20 13:05:04 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/05/17 08:05:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/17 07:57:58 | 534,941,696 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/13 16:17:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/13 16:17:26 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/05/13 16:12:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/13 16:12:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/13 16:12:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/13 16:12:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/13 16:12:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/15 08:27:15 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/07/07 16:31:19 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\fusioncache.dat
[2008/04/15 12:14:38 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\99B2F3D964.sys
[2008/04/15 12:14:37 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/07/13 16:29:03 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/01/28 12:28:28 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/10 14:30:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2006/01/10 14:21:58 | 000,000,417 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI
[2006/01/10 14:19:34 | 000,000,090 | ---- | C] () -- C:\WINDOWS\Cook'n99.ini
[2006/01/10 14:08:04 | 000,000,219 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/01/10 13:35:24 | 000,000,575 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006/01/09 23:03:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/09 16:46:53 | 000,004,620 | ---- | C] () -- C:\Documents and Settings\Charlie\Application Data\wklnhst.dat
[2006/01/09 16:18:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/09 15:52:40 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/01/09 15:30:43 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2006/01/09 15:30:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/01/09 15:30:42 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/01/09 15:30:41 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2006/01/09 15:30:41 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2006/01/09 15:30:41 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2006/01/09 15:30:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/01/09 15:30:40 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/01/09 15:30:40 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2006/01/09 15:30:39 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2006/01/09 15:30:39 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/01/09 15:30:39 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcccoms.exe
[2006/01/09 15:30:38 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2006/01/09 15:30:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2006/01/09 15:30:37 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2006/01/09 15:30:36 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/01/09 15:30:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/01/09 15:30:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/01/09 15:30:32 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/01/09 15:30:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/01/09 15:30:31 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/01/09 15:30:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2005/12/08 21:15:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/08 21:10:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/08 21:09:23 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/08 21:02:17 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/08 20:59:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/08 20:30:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/08 20:30:28 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/12/08 20:29:56 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 10:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,254,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/04/15 09:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/02/21 12:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iAnPgFn08200
[2008/02/14 14:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2007/05/14 12:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/01/11 12:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2011/05/18 08:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\FCSB000063127
[2010/03/11 19:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\GlarySoft
[2006/01/10 10:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\Leadertech
[2007/10/09 12:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\Viewpoint
[2011/05/27 08:18:21 | 000,032,544 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\YBROWSER.EXE\shell\open\command\\: "C:\PROGRA~1\Yahoo!\browser\ybrowser.exe" [2005/11/21 21:42:48 | 000,673,816 | ---- | M] (Yahoo!, Inc.)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-25 12:48:16

< End of report >

Hi!

Your logs look good! There is one folder that I'm seeing that I am not sure about.

I'm going to ask for an export of the contents of it.

Please do the following:

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

cmd /c dir /a /s "C:\Documents and Settings\All Users\Application Data\iAnPgFn08200">"%userprofile%\desktop\look.txt"

A file called look.txt should appear on your Desktop. Please post the contents of this file.

Hello ST,

Here is the contents of the folder you wanted. Thanks

look.txt

Volume in drive C has no label.
Volume Serial Number is 640B-4783

Directory of C:\Documents and Settings\All Users\Application Data\iAnPgFn08200

02/21/2011 12:47 PM <DIR> .
02/21/2011 12:47 PM <DIR> ..
02/21/2011 11:53 AM 98 iAnPgFn08200
1 File(s) 98 bytes

Total Files Listed:
1 File(s) 98 bytes
2 Dir(s) 141,568,860,160 bytes free

Hello,




NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Files
  C:\Documents and Settings\All Users\Application Data\iAnPgFn08200
  :Commands
  [ClearAllRestorePoints]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.

NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

• Reopen on your desktop.
  
• Click on
  
• You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


NEXT:



All Clean Speech




Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.



Extra Goodies

• It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
  Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
  
  
• Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
  
  
  • Open Malwarebytes' Anti-Malware
    
  • Select the Update tab
    
  • Click Check for Updates
  
  
  
• Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
  
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
  
• ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
    
  • Yellow for caution
    
  • Red to stop
  WOT has an addon available for Chrome and Opera.
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
  
  Think Prevention.
  PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

Good Morning ST,

Sorry for the delay in this reply, but I was out of town for the Memorial Day holiday weekend. Posted below is the final log from OTL. I am working on some of the other maintenance items you suggested. I want to thank you for all of your help with this infection.

OTL Final log:

========== FILES ==========
C:\Documents and Settings\All Users\Application Data\iAnPgFn08200 folder moved successfully.
========== COMMANDS ==========
Unable to start service SRService!

OTL by OldTimer - Version 3.2.23.0 log created on 05312011_075016

Hi!

You're more than welcome! I'm glad to have been of assistance to you.

Before you go, I want you to go to this link here: http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/ and disable the System Restore, and then enable it again.

Please post back confirming you've done so.

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.