Jake227

OK, Got Java installed. Here's both of the lists starting with the OTL List: OTL logfile created on: 9/30/2010 8:17:56 PM - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Jake\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.00 Mb Total Physical Memory | 125.00 Mb Available Physical Memory | 25.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 127.99 Gb Total Space | 75.82 Gb Free Space | 59.24% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JAKE-FRXTA9G0LG Current User Name: Jake Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/09/30 20:17:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jake\Desktop\OTL.exe PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005/07/25 12:47:30 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2005/07/25 12:47:08 | 002,806,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE ========== Modules (SafeList) ========== MOD - [2010/09/30 20:17:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jake\Desktop\OTL.exe MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Combo-Fix24071C\PEV.cfx -- (PEVSystemStart) SRV - File not found [On_Demand | Stopped] -- C:\windows\System32\appmgmts.dll -- (AppMgmt) SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\ip6fw.sys -- (ip6fw) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jake\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2009/03/15 06:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2005/07/25 12:47:28 | 003,851,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/07/22 12:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.google.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-1177238915-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search IE - HKU\S-1-5-21-789336058-1177238915-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/ IE - HKU\S-1-5-21-789336058-1177238915-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.woodtv.com/ IE - HKU\S-1-5-21-789336058-1177238915-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-789336058-1177238915-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-789336058-1177238915-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811 [2009/07/12 12:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\extensions [2009/07/12 12:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jake\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} O1 HOSTS File: ([2010/09/30 19:31:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [AlcWzrd] C:\windows\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\windows\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider) O4 - HKLM..\Run: [soundMan] C:\windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-789336058-1177238915-725345543-1004..\Run: [appcore707en0setup.exe] C:\Documents and Settings\Jake\Application Data\3AF78EE3CE4BFEC94B6230D759A73318\appcore707en0setup.exe File not found O4 - HKU\S-1-5-21-789336058-1177238915-725345543-1004..\Run: [ehqaxdxn] C:\Documents and Settings\Jake\Local Settings\Application Data\cescgowhk\nmodtcnlanw.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-789336058-1177238915-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-789336058-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-789336058-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-789336058-1177238915-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1199661946853 (WUWebControl Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Jake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jake\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/09/30 20:17:13 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jake\Desktop\OTL.exe [2010/09/30 20:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/09/30 20:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/09/30 20:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/09/30 19:33:44 | 000,000,000 | ---D | C] -- C:\windows\temp [2010/09/28 02:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jake\Application Data\Genieo [2010/09/28 02:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/09/28 02:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update [2010/09/12 17:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/07/13 20:10:55 | 000,000,000 | ---D | C] -- C:\Combo-Fix [2010/07/06 23:57:03 | 000,000,000 | ---D | C] -- C:\windows\ie8updates [2010/07/06 22:14:00 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Jake\Desktop\TDSSKiller.exe [2010/07/05 16:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jake\Desktop\JavaRa [8 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010/09/30 20:17:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jake\Desktop\OTL.exe [2010/09/30 19:56:27 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/09/30 19:56:25 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2010/09/30 19:55:48 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Jake\NTUSER.DAT [2010/09/30 19:55:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jake\ntuser.ini [2010/09/30 19:55:43 | 002,689,612 | -H-- | M] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\IconCache.db [2010/09/30 19:31:59 | 000,000,227 | ---- | M] () -- C:\windows\system.ini [2010/09/30 19:31:48 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2010/09/30 19:26:24 | 003,858,602 | R--- | M] () -- C:\Documents and Settings\Jake\Desktop\Combo-Fix.exe [2010/09/30 19:23:17 | 000,013,002 | ---- | M] () -- C:\windows\System32\wpa.dbl [2010/09/28 21:42:46 | 000,003,218 | ---- | M] () -- C:\windows\lsrslt.ini [2010/09/16 20:02:23 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK [2010/09/07 20:41:42 | 000,002,462 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\Attach.zip [2010/09/07 19:11:09 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2010/09/06 14:21:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\p8nfr8r8.exe [2010/08/10 20:18:46 | 000,091,888 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2010/07/05 15:53:36 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Jake\Desktop\JavaRa.zip [8 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/09/28 20:45:23 | 000,003,218 | ---- | C] () -- C:\windows\lsrslt.ini [2010/09/09 23:05:58 | 003,858,602 | R--- | C] () -- C:\Documents and Settings\Jake\Desktop\Combo-Fix.exe [2010/09/07 20:41:42 | 000,002,462 | ---- | C] () -- C:\Documents and Settings\Jake\Desktop\Attach.zip [2010/09/06 14:21:41 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Jake\Desktop\p8nfr8r8.exe [2010/07/05 15:59:49 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Jake\Desktop\JavaRa.zip [2010/04/12 20:03:08 | 000,013,786 | -HS- | C] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\4T227ly4 [2010/04/12 20:03:08 | 000,013,786 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4T227ly4 [2009/10/17 13:18:48 | 000,000,173 | ---- | C] () -- C:\windows\System32\MRT.INI [2009/07/13 23:48:30 | 000,815,104 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2009/07/13 23:48:28 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2009/05/12 23:53:33 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2008/10/19 02:16:19 | 000,017,684 | ---- | C] () -- C:\Documents and Settings\Jake\Application Data\vowome.dl [2008/10/19 02:16:19 | 000,016,923 | ---- | C] () -- C:\Documents and Settings\Jake\Application Data\asyzyty.dl [2008/10/19 02:16:19 | 000,013,258 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\umug.pif [2008/10/19 02:16:19 | 000,012,063 | ---- | C] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\ozeke._dl [2008/10/19 02:16:19 | 000,010,713 | ---- | C] () -- C:\windows\System32\xocory.sys [2008/10/19 02:16:19 | 000,010,539 | ---- | C] () -- C:\windows\System32\dinano.sys [2008/03/10 18:43:38 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Jake\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/01/09 00:00:02 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ========== LOP Check ========== [2009/07/12 12:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2009/09/14 20:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/07/12 12:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia [2010/09/30 19:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update [2010/05/08 12:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/12/06 16:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/12 23:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010/05/19 07:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Azureus [2010/09/28 02:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Genieo [2009/07/07 15:56:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\LimeWire [2009/07/19 17:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\Snapfish [2010/09/06 16:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jake\Application Data\TuneUpMedia ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:825D5945 < End of report > Here's the other one: OTL Extras logfile created on: 9/30/2010 8:17:57 PM - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Jake\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.00 Mb Total Physical Memory | 125.00 Mb Available Physical Memory | 25.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 127.99 Gb Total Space | 75.82 Gb Free Space | 59.24% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JAKE-FRXTA9G0LG Current User Name: Jake Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Gateway\HPA\gwmenu.exe" = C:\Program Files\Gateway\HPA\gwmenu.exe:*:Enabled:HPA/SCCD/SRCD New Code -- (Gateway Computers) "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus -- (Vuze Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 21 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{33571E15-3EB4-4190-BA74-C6CA97288461}" = Microsoft Flight Simulator X SDK "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player Plugin "Ask Toolbar_is1" = Vuze Toolbar "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP "Gateway Drivers and Applications Recovery" = Gateway Drivers and Applications Recovery "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{33571E15-3EB4-4190-BA74-C6CA97288461}" = Microsoft Flight Simulator X SDK "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PowerISO" = PowerISO "PROSet" = Intel® PRO Network Connections Drivers "TuneUpMedia" = TuneUp Companion 1.5.9 "Windows XP Service Pack" = Windows XP Service Pack 3 "Xvid_is1" = Xvid 1.2.1 final uninstall ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 10/22/2009 8:05:54 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Application Error | ID = 1005 Description = Windows cannot access the file H:\rescue_system-common-en.exe for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Rescue CD Wizard because of this error. Program: Rescue CD Wizard File: H:\rescue_system-common-en.exe The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 5 Error - 10/22/2009 8:05:58 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Application Error | ID = 1000 Description = Faulting application rescue_system-common-en.exe, version 2.0.0.3, faulting module rescue_system-common-en.exe, version 2.0.0.3, fault address 0x0000f25b. Error - 10/25/2009 8:48:49 PM | Computer Name = JAKE-FRXTA9G0LG | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 10/27/2009 8:27:36 PM | Computer Name = JAKE-FRXTA9G0LG | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 10/27/2009 8:28:36 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Application Error | ID = 1000 Description = Faulting application avgemc.exe, version 0.0.0.0, faulting module msvcr80.dll, version 8.0.50727.762, fault address 0x000287f5. Error - 11/6/2009 2:12:14 AM | Computer Name = JAKE-FRXTA9G0LG | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.16915, faulting module avgssie.dll, version 9.0.0.663, fault address 0x0002c1d9. Error - 11/8/2009 3:39:18 AM | Computer Name = JAKE-FRXTA9G0LG | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/22/2009 3:30:40 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16915, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/13/2009 6:09:56 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/9/2010 2:14:28 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 7.0.6000.16945, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 9/28/2010 8:52:08 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip WS2IFSL Error - 9/28/2010 9:40:56 PM | Computer Name = JAKE-FRXTA9G0LG | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/28/2010 9:41:42 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Service Control Manager | ID = 7023 Description = The HID Input Service service terminated with the following error: %%126 Error - 9/30/2010 7:23:48 PM | Computer Name = JAKE-FRXTA9G0LG | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/30/2010 7:25:24 PM | Computer Name = JAKE-FRXTA9G0LG | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/30/2010 7:26:42 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Fips intelppm SCDEmu Error - 9/30/2010 7:43:00 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Service Control Manager | ID = 7023 Description = The HID Input Service service terminated with the following error: %%126 Error - 9/30/2010 7:43:08 PM | Computer Name = JAKE-FRXTA9G0LG | Source = System Error | ID = 1003 Description = Error code 100000d1, parameter1 f8ba0000, parameter2 00000002, parameter3 00000000, parameter4 f84d4ccb. Error - 9/30/2010 7:56:39 PM | Computer Name = JAKE-FRXTA9G0LG | Source = Service Control Manager | ID = 7023 Description = The HID Input Service service terminated with the following error: %%126 Error - 9/30/2010 7:56:44 PM | Computer Name = JAKE-FRXTA9G0LG | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. < End of report >

Actually, I have been able to access my internet fine for a while. But I think I need to re-install Java (it had to be uninstalled earlier for troubleshooting). At any rate, he had instructed me to wait until a couple more scans were done, but I don't know where we are at at this point.

Here's the log C:\Documents and Settings\Jake\Application Data\Sun\Java\Deployment\cache\6.0\3\76911fc3-2a2b85da multiple threats deleted - quarantined C:\Documents and Settings\Jake\Application Data\Sun\Java\Deployment\cache\6.0\63\775493bf-5ae9c2cf a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined C:\Qoobox\Quarantine\C\windows\system32\dyfxwpuhkxq.dll-uninst.exe.vir Win32/Adware.GooochiBiz.AE.Gen application deleted - quarantined

Crap. That's the problem is that I don't have the CD.

Here it is! ComboFix 10-09-09.03 - Jake 09/09/2010 23:08:17.11.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.253 [GMT -4:00] Running from: c:\documents and settings\Jake\Desktop\Combo-Fix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-06 20:23 . 2009-07-12 16:24 -------- d-----w- c:\documents and settings\Jake\Application Data\TuneUpMedia 2010-07-07 02:26 . 2001-08-18 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-06-30 12:31 . 2001-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2001-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2001-08-18 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2001-08-18 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2001-08-18 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2008-01-06 22:29 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe 2010-06-14 07:41 . 2001-08-18 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((( SnapShot_2010-07-14_00.16.55 ))))))))))))))))))))))))))))))))))))))))) . - 2007-08-13 23:54 . 2010-05-06 10:41 55296 c:\windows\system32\msfeedsbs.dll + 2007-08-13 23:54 . 2010-06-24 12:21 55296 c:\windows\system32\msfeedsbs.dll - 2001-08-18 12:00 . 2010-05-06 10:41 25600 c:\windows\system32\jsproxy.dll + 2001-08-18 12:00 . 2010-06-24 12:21 25600 c:\windows\system32\jsproxy.dll + 2008-01-06 14:30 . 2010-08-11 00:18 91888 c:\windows\system32\FNTCACHE.DAT - 2008-01-06 14:30 . 2010-07-08 22:41 91888 c:\windows\system32\FNTCACHE.DAT + 2010-07-07 02:29 . 2010-06-24 12:22 12800 c:\windows\system32\dllcache\xpshims.dll - 2010-07-07 02:29 . 2010-05-06 10:41 12800 c:\windows\system32\dllcache\xpshims.dll + 2007-10-10 23:55 . 2010-06-24 12:21 55296 c:\windows\system32\dllcache\msfeedsbs.dll - 2007-10-10 23:55 . 2010-05-06 10:41 55296 c:\windows\system32\dllcache\msfeedsbs.dll + 2007-08-13 23:54 . 2010-06-24 12:21 25600 c:\windows\system32\dllcache\jsproxy.dll - 2007-08-13 23:54 . 2010-05-06 10:41 25600 c:\windows\system32\dllcache\jsproxy.dll + 2010-08-11 00:02 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2183461-IE8\xpshims.dll + 2010-08-11 00:02 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2183461-IE8\msfeedsbs.dll + 2010-08-11 00:02 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2183461-IE8\jsproxy.dll + 2010-08-11 00:00 . 2008-04-14 00:11 80384 c:\windows\$NtUninstallKB982665$\iccvid.dll + 2010-08-11 00:00 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982665\update\spcustom.dll + 2010-08-11 00:00 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982665\spmsg.dll + 2010-06-17 14:02 . 2010-06-17 14:02 80384 c:\windows\$hf_mig$\KB982665\SP3QFE\iccvid.dll + 2010-08-11 00:03 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB982214\update\spcustom.dll + 2010-08-11 00:03 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB982214\spmsg.dll + 2010-08-11 00:00 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB981997\update\spcustom.dll + 2010-08-11 00:00 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB981997\spmsg.dll + 2010-08-11 00:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB981852\update\spcustom.dll + 2010-08-10 22:56 . 2010-06-18 06:28 16896 c:\windows\$hf_mig$\KB981852\update\mpsyschk.dll + 2010-08-11 00:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB981852\spmsg.dll + 2010-08-11 00:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB980436\update\spcustom.dll + 2010-08-11 00:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB980436\spmsg.dll + 2010-08-03 22:07 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2286198\update\spcustom.dll + 2010-08-03 22:07 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2286198\spmsg.dll + 2010-08-11 00:02 . 2009-05-26 09:01 26488 c:\windows\$hf_mig$\KB2183461-IE8\update\spcustom.dll + 2010-08-11 00:02 . 2009-05-26 09:01 17272 c:\windows\$hf_mig$\KB2183461-IE8\spmsg.dll + 2010-08-10 22:56 . 2010-06-24 12:24 12800 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\xpshims.dll + 2010-08-10 22:56 . 2010-06-24 12:24 55296 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\msfeedsbs.dll + 2010-08-10 22:56 . 2010-06-24 12:24 25600 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\jsproxy.dll + 2010-08-11 00:02 . 2010-02-22 14:23 26488 c:\windows\$hf_mig$\KB2160329\update\spcustom.dll + 2010-08-11 00:02 . 2010-02-22 14:23 17272 c:\windows\$hf_mig$\KB2160329\spmsg.dll + 2010-08-11 00:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2115168\update\spcustom.dll + 2010-08-11 00:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2115168\spmsg.dll + 2010-08-11 00:02 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2079403\update\spcustom.dll + 2010-08-11 00:02 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2079403\spmsg.dll - 2001-08-18 12:00 . 2010-05-06 10:41 206848 c:\windows\system32\occache.dll + 2001-08-18 12:00 . 2010-06-24 12:22 206848 c:\windows\system32\occache.dll + 2001-08-18 12:00 . 2010-06-24 12:22 611840 c:\windows\system32\mstime.dll - 2001-08-18 12:00 . 2010-05-06 10:41 611840 c:\windows\system32\mstime.dll + 2007-08-13 23:54 . 2010-06-24 12:21 599040 c:\windows\system32\msfeeds.dll - 2007-08-13 23:54 . 2010-05-06 10:41 599040 c:\windows\system32\msfeeds.dll + 2001-08-18 12:00 . 2010-06-24 12:21 184320 c:\windows\system32\iepeers.dll - 2001-08-18 12:00 . 2010-05-06 10:41 184320 c:\windows\system32\iepeers.dll + 2001-08-18 12:00 . 2010-06-24 12:21 387584 c:\windows\system32\iedkcs32.dll - 2001-08-18 12:00 . 2010-05-06 10:41 387584 c:\windows\system32\iedkcs32.dll + 2001-08-18 12:00 . 2010-06-23 12:08 173056 c:\windows\system32\ie4uinit.exe - 2001-08-18 12:00 . 2010-05-05 13:30 173056 c:\windows\system32\ie4uinit.exe + 2007-08-13 23:54 . 2010-06-24 12:22 916480 c:\windows\system32\dllcache\wininet.dll - 2007-08-13 23:54 . 2010-05-06 10:41 916480 c:\windows\system32\dllcache\wininet.dll + 2008-10-16 01:55 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys + 2008-12-05 06:54 . 2010-06-30 12:31 149504 c:\windows\system32\dllcache\schannel.dll - 2007-08-13 23:44 . 2010-05-06 10:41 206848 c:\windows\system32\dllcache\occache.dll + 2007-08-13 23:44 . 2010-06-24 12:22 206848 c:\windows\system32\dllcache\occache.dll - 2007-08-13 23:54 . 2010-05-06 10:41 611840 c:\windows\system32\dllcache\mstime.dll + 2007-08-13 23:54 . 2010-06-24 12:22 611840 c:\windows\system32\dllcache\mstime.dll + 2007-10-10 23:55 . 2010-06-24 12:21 599040 c:\windows\system32\dllcache\msfeeds.dll - 2007-10-10 23:55 . 2010-05-06 10:41 599040 c:\windows\system32\dllcache\msfeeds.dll - 2010-07-07 02:29 . 2010-05-06 10:41 247808 c:\windows\system32\dllcache\ieproxy.dll + 2010-07-07 02:29 . 2010-06-24 12:21 247808 c:\windows\system32\dllcache\ieproxy.dll - 2007-08-13 23:54 . 2010-05-06 10:41 184320 c:\windows\system32\dllcache\iepeers.dll + 2007-08-13 23:54 . 2010-06-24 12:21 184320 c:\windows\system32\dllcache\iepeers.dll + 2010-07-07 02:29 . 2010-06-24 12:21 743424 c:\windows\system32\dllcache\iedvtool.dll - 2010-07-07 02:29 . 2010-05-06 10:41 743424 c:\windows\system32\dllcache\iedvtool.dll - 2007-08-13 23:39 . 2010-05-06 10:41 387584 c:\windows\system32\dllcache\iedkcs32.dll + 2007-08-13 23:39 . 2010-06-24 12:21 387584 c:\windows\system32\dllcache\iedkcs32.dll - 2007-08-13 23:39 . 2010-05-05 13:30 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2007-08-13 23:39 . 2010-06-23 12:08 173056 c:\windows\system32\dllcache\ie4uinit.exe + 2010-08-11 00:02 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2183461-IE8\wininet.dll + 2010-08-11 00:02 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2183461-IE8\spuninst\updspapi.dll + 2010-08-11 00:02 . 2009-05-26 09:01 231288 c:\windows\ie8updates\KB2183461-IE8\spuninst\spuninst.exe + 2010-08-11 00:02 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2183461-IE8\occache.dll + 2010-08-11 00:02 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2183461-IE8\mstime.dll + 2010-08-11 00:02 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2183461-IE8\msfeeds.dll + 2010-08-11 00:02 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2183461-IE8\ieproxy.dll + 2010-08-11 00:02 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2183461-IE8\iepeers.dll + 2010-08-11 00:02 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2183461-IE8\iedvtool.dll + 2010-08-11 00:02 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2183461-IE8\iedkcs32.dll + 2010-08-11 00:02 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2183461-IE8\ie4uinit.exe + 2010-08-11 00:00 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982665$\spuninst\updspapi.dll + 2010-08-11 00:00 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982665$\spuninst\spuninst.exe + 2010-08-11 00:03 . 2009-12-31 16:50 353792 c:\windows\$NtUninstallKB982214$\srv.sys + 2010-08-11 00:03 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB982214$\spuninst\updspapi.dll + 2010-08-11 00:03 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB982214$\spuninst\spuninst.exe + 2010-08-11 00:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB981997$\spuninst\updspapi.dll + 2010-08-11 00:00 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB981997$\spuninst\spuninst.exe + 2010-08-11 00:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB981852$\spuninst\updspapi.dll + 2010-08-11 00:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB981852$\spuninst\spuninst.exe + 2010-08-11 00:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980436$\spuninst\updspapi.dll + 2010-08-11 00:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980436$\spuninst\spuninst.exe + 2010-08-11 00:02 . 2009-06-25 08:25 147456 c:\windows\$NtUninstallKB980436$\schannel.dll + 2010-08-03 22:07 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2286198$\spuninst\updspapi.dll + 2010-08-03 22:07 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2286198$\spuninst\spuninst.exe + 2010-08-11 00:02 . 2010-02-22 14:23 382840 c:\windows\$NtUninstallKB2160329$\spuninst\updspapi.dll + 2010-08-11 00:02 . 2010-02-22 14:23 231288 c:\windows\$NtUninstallKB2160329$\spuninst\spuninst.exe + 2010-08-11 00:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2115168$\spuninst\updspapi.dll + 2010-08-11 00:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2115168$\spuninst\spuninst.exe + 2010-08-11 00:02 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB2079403$\spuninst\updspapi.dll + 2010-08-11 00:02 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2079403$\spuninst\spuninst.exe + 2010-08-11 00:00 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982665\update\updspapi.dll + 2010-08-11 00:00 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982665\update\update.exe + 2010-08-11 00:00 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982665\spuninst.exe + 2010-08-11 00:03 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB982214\update\updspapi.dll + 2010-08-11 00:03 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB982214\update\update.exe + 2010-08-11 00:03 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB982214\spuninst.exe + 2010-08-10 22:56 . 2010-06-21 14:18 354304 c:\windows\$hf_mig$\KB982214\SP3QFE\srv.sys + 2010-08-11 00:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB981997\update\updspapi.dll + 2010-08-11 00:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB981997\update\update.exe + 2010-08-11 00:00 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB981997\spuninst.exe + 2010-08-11 00:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB981852\update\updspapi.dll + 2010-08-11 00:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB981852\update\update.exe + 2010-08-11 00:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB981852\spuninst.exe + 2010-08-11 00:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB980436\update\updspapi.dll + 2010-08-11 00:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB980436\update\update.exe + 2010-08-11 00:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB980436\spuninst.exe + 2010-06-30 12:23 . 2010-06-30 12:23 149504 c:\windows\$hf_mig$\KB980436\SP3QFE\schannel.dll + 2010-08-03 22:07 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2286198\update\updspapi.dll + 2010-08-03 22:07 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2286198\update\update.exe + 2010-08-03 22:07 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2286198\spuninst.exe + 2010-08-11 00:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2183461-IE8\update\updspapi.dll + 2010-08-11 00:02 . 2009-05-26 09:01 755576 c:\windows\$hf_mig$\KB2183461-IE8\update\update.exe + 2010-08-11 00:02 . 2009-05-26 09:01 231288 c:\windows\$hf_mig$\KB2183461-IE8\spuninst.exe + 2010-08-10 22:56 . 2010-06-24 12:24 919040 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\wininet.dll + 2010-08-10 22:56 . 2010-06-24 12:24 206848 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\occache.dll + 2010-08-10 22:56 . 2010-06-24 12:24 611840 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mstime.dll + 2010-08-10 22:56 . 2010-06-24 12:24 599040 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\msfeeds.dll + 2010-08-10 22:56 . 2010-06-24 12:24 247808 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\ieproxy.dll + 2010-08-10 22:56 . 2010-06-24 12:24 184320 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iepeers.dll + 2010-08-10 22:56 . 2010-06-24 12:24 743424 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iedvtool.dll + 2010-08-10 22:56 . 2010-06-24 12:24 387584 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iedkcs32.dll + 2010-08-10 22:56 . 2010-06-23 11:30 173056 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\ie4uinit.exe + 2010-08-11 00:02 . 2010-02-22 14:23 382840 c:\windows\$hf_mig$\KB2160329\update\updspapi.dll + 2010-08-11 00:02 . 2010-02-22 14:23 755576 c:\windows\$hf_mig$\KB2160329\update\update.exe + 2010-08-11 00:02 . 2010-02-22 14:23 231288 c:\windows\$hf_mig$\KB2160329\spuninst.exe + 2010-08-11 00:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2115168\update\updspapi.dll + 2010-08-11 00:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2115168\update\update.exe + 2010-08-11 00:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2115168\spuninst.exe + 2010-08-11 00:02 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB2079403\update\updspapi.dll + 2010-08-11 00:02 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2079403\update\update.exe + 2010-08-11 00:02 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2079403\spuninst.exe + 2001-08-18 12:00 . 2010-06-24 12:22 1210368 c:\windows\system32\urlmon.dll + 2001-08-18 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll - 2001-08-18 12:00 . 2010-02-16 14:08 2146304 c:\windows\system32\ntoskrnl.exe + 2001-08-18 12:00 . 2010-04-27 13:59 2146304 c:\windows\system32\ntoskrnl.exe - 2001-08-17 13:48 . 2010-02-16 13:25 2024448 c:\windows\system32\ntkrnlpa.exe + 2001-08-17 13:48 . 2010-04-27 13:05 2024448 c:\windows\system32\ntkrnlpa.exe + 2001-08-18 12:00 . 2010-06-24 12:22 5951488 c:\windows\system32\mshtml.dll + 2007-08-13 23:34 . 2010-06-24 12:21 1986560 c:\windows\system32\iertutil.dll + 2008-10-16 01:55 . 2010-06-23 13:44 1851904 c:\windows\system32\dllcache\win32k.sys + 2007-08-13 23:54 . 2010-06-24 12:22 1210368 c:\windows\system32\dllcache\urlmon.dll + 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll - 2009-04-17 15:40 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe + 2009-04-17 15:40 . 2010-04-28 02:25 2189952 c:\windows\system32\dllcache\ntoskrnl.exe - 2009-04-17 15:40 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-04-17 15:40 . 2010-04-27 13:05 2024448 c:\windows\system32\dllcache\ntkrpamp.exe + 2009-02-07 23:02 . 2010-04-27 13:05 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe - 2009-02-07 23:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe + 2009-04-17 15:40 . 2010-04-27 13:59 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe - 2009-04-17 15:40 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe + 2007-06-26 06:08 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll - 2007-06-26 06:08 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll + 2007-08-13 23:54 . 2010-06-24 12:22 5951488 c:\windows\system32\dllcache\mshtml.dll + 2010-03-11 05:15 . 2010-06-18 13:36 3558912 c:\windows\system32\dllcache\moviemk.exe - 2010-03-11 05:15 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe + 2007-10-10 23:55 . 2010-06-24 12:21 1986560 c:\windows\system32\dllcache\iertutil.dll + 2010-08-11 00:02 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2183461-IE8\urlmon.dll + 2010-08-11 00:02 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2183461-IE8\mshtml.dll + 2010-08-11 00:02 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2183461-IE8\iertutil.dll + 2009-04-17 15:40 . 2010-04-28 02:25 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2009-04-17 15:40 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe - 2009-04-17 15:40 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-04-17 15:40 . 2010-04-27 13:05 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe + 2009-02-07 23:02 . 2010-04-27 13:05 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe - 2009-02-07 23:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe + 2009-04-17 15:40 . 2010-04-27 13:59 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe - 2009-04-17 15:40 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe + 2010-08-11 00:00 . 2009-10-23 15:28 3558912 c:\windows\$NtUninstallKB981997$\moviemk.exe + 2010-08-11 00:02 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntoskrnl.exe + 2010-08-11 00:02 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrpamp.exe + 2010-08-11 00:02 . 2010-02-16 13:25 2024448 c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe + 2010-08-11 00:02 . 2010-02-16 14:08 2146304 c:\windows\$NtUninstallKB981852$\ntkrnlmp.exe + 2010-08-03 22:07 . 2008-06-17 19:02 8461312 c:\windows\$NtUninstallKB2286198$\shell32.dll + 2010-08-11 00:02 . 2010-05-02 05:22 1851264 c:\windows\$NtUninstallKB2160329$\win32k.sys + 2010-08-11 00:02 . 2009-07-31 04:35 1172480 c:\windows\$NtUninstallKB2079403$\msxml3.dll + 2010-08-10 22:54 . 2010-06-18 13:43 3558912 c:\windows\$hf_mig$\KB981997\SP3QFE\moviemk.exe + 2010-08-10 22:56 . 2010-04-27 13:50 2190080 c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe + 2010-08-10 22:56 . 2010-04-27 13:14 2024448 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrpamp.exe + 2010-04-28 11:14 . 2010-04-28 11:14 2066944 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe + 2010-08-10 22:56 . 2010-04-27 13:54 2146304 c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlmp.exe + 2010-07-27 06:28 . 2010-07-27 06:28 8463360 c:\windows\$hf_mig$\KB2286198\SP3QFE\shell32.dll + 2010-08-10 22:56 . 2010-06-24 12:24 1211904 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\urlmon.dll + 2010-08-10 22:56 . 2010-06-24 12:24 5954560 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\mshtml.dll + 2010-08-10 22:56 . 2010-06-24 12:24 1987072 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\iertutil.dll + 2010-06-24 02:14 . 2010-06-24 02:14 1861120 c:\windows\$hf_mig$\KB2160329\SP3QFE\win32k.sys + 2010-06-14 07:39 . 2010-06-14 07:39 1172480 c:\windows\$hf_mig$\KB2079403\SP3QFE\msxml3.dll + 2009-10-07 02:40 . 2010-08-03 18:09 35962312 c:\windows\system32\MRT.exe + 2007-08-13 23:54 . 2010-06-24 21:51 11077120 c:\windows\system32\ieframe.dll + 2007-10-10 23:55 . 2010-06-24 21:51 11077120 c:\windows\system32\dllcache\ieframe.dll + 2010-08-11 00:02 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2183461-IE8\ieframe.dll + 2010-08-10 22:56 . 2010-06-24 12:24 11079168 c:\windows\$hf_mig$\KB2183461-IE8\SP3QFE\ieframe.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-25 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-25 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-25 114688] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "SoundMan"="SOUNDMAN.EXE" [2005-07-25 90112] "AlcWzrd"="ALCWZRD.EXE" [2005-07-25 2806272] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gateway\\HPA\\gwmenu.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S0 eoagmo;eoagmo; [x] . Contents of the 'Scheduled Tasks' folder 2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.woodtv.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-09 23:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1464) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-09-09 23:14:00 ComboFix-quarantined-files.txt 2010-09-10 03:13 ComboFix2.txt 2010-07-16 21:25 ComboFix3.txt 2010-07-14 00:18 ComboFix4.txt 2009-10-29 02:22 ComboFix5.txt 2010-09-10 03:06 Pre-Run: 81,597,104,128 bytes free Post-Run: 81,602,310,144 bytes free - - End Of File - - C10A9F2313E87B310CE09A2A6C586018

Here ya go.... DDS (Ver_10-03-17.01) - NTFSx86 Run by Jake at 20:36:42.67 on Tue 09/07/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.85 [GMT -4:00] ============== Running Processes =============== C:\windows\system32\svchost -k DcomLaunch svchost.exe C:\windows\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\System32\svchost.exe -k imgsvc C:\WINDOWS\System32\igfxpers.exe C:\windows\SOUNDMAN.EXE C:\windows\ALCWZRD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Jake\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.woodtv.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: Search panel: {47d0c870-58ad-2348-4d10-52dd14e2d3e3} - c:\windows\system32\dyfxwpuhkxq.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199661946853 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxdev.dll ============= SERVICES / DRIVERS =============== S0 eoagmo;eoagmo; [x] =============== Created Last 30 ================ ==================== Find3M ==================== 2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll 2009-09-28 23:17:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009092820090929\index.dat ============= FINISH: 20:37:19.23 =============== Attach.zip

Maniac - I apologize for the delayed response. I have had a lot of "life issues" come up up in the past few days and I simply don't have any time to trouble-shoot my computer for at least another week or 2. I do need to get it taken care of eventually, but now its just impossible. Is there a way to postpone this for a while and then come back to it?

OK, well, good news and bad news. Bad news is that I tried that and it didn't work to install the recovery console. Good news is that I tried my internet and it works now. So, I dunno, is there anything else I need to do now? Do I need to download Java again, or is this too soon?

Ok, I don't have the CD - is there another way to install the recovery console?

Here's the new log after following those instructions ComboFix 10-07-15.05 - Jake 07/16/2010 17:19:14.10.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.177 [GMT -4:00] Running from: c:\documents and settings\Jake\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Jake\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2010-06-16 to 2010-07-16 ))))))))))))))))))))))))))))))) . 2010-07-14 00:10 . 2010-07-14 00:18 -------- d-----w- C:\Combo-Fix 2010-07-13 23:37 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2010-07-07 03:57 . 2010-07-07 03:57 -------- d-----w- c:\windows\ie8updates 2010-07-07 02:29 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-07-07 02:29 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-07-07 02:29 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-30 00:45 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-30 00:45 . 2010-06-30 00:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-30 00:45 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-27 20:09 . 2010-06-27 20:09 -------- d-sh--w- c:\documents and settings\Jake\IECompatCache 2010-06-21 00:36 . 2010-06-27 23:26 -------- d-----w- c:\documents and settings\Jake\Application Data\MSN6 2010-06-21 00:36 . 2010-06-21 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-07 02:26 . 2001-08-18 12:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-07-05 19:52 . 2008-03-30 22:46 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-14 14:31 . 2008-01-06 22:29 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe 2010-05-26 22:48 . 2010-05-26 22:48 503808 ----a-w- c:\documents and settings\Jake\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-58490de6-n\msvcp71.dll 2010-05-26 22:48 . 2010-05-26 22:48 499712 ----a-w- c:\documents and settings\Jake\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-58490de6-n\jmc.dll 2010-05-26 22:48 . 2010-05-26 22:48 348160 ----a-w- c:\documents and settings\Jake\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-58490de6-n\msvcr71.dll 2010-05-19 11:43 . 2009-07-12 16:24 -------- d-----w- c:\documents and settings\Jake\Application Data\Azureus 2010-05-19 11:15 . 2010-05-19 11:15 8463808 ----a-w- c:\documents and settings\Jake\Application Data\Azureus\tmp\AZU3479439676045922178.tmp\Vuze_4.4.0.4_win32.exe 2010-05-18 01:06 . 2008-01-07 00:26 -------- d-----w- c:\documents and settings\Jake\Application Data\Apple Computer 2010-05-08 16:13 . 2010-05-08 16:13 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-05-06 10:41 . 2001-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2001-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2001-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-04-25 94208] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-04-25 77824] "Persistence"="c:\windows\System32\igfxpers.exe" [2005-04-25 114688] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "SoundMan"="SOUNDMAN.EXE" [2005-07-25 90112] "AlcWzrd"="ALCWZRD.EXE" [2005-07-25 2806272] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gateway\\HPA\\gwmenu.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S0 eoagmo;eoagmo; [x] . Contents of the 'Scheduled Tasks' folder 2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.woodtv.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-16 17:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3112) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-07-16 17:25:31 ComboFix-quarantined-files.txt 2010-07-16 21:25 ComboFix2.txt 2010-07-14 00:18 ComboFix3.txt 2009-10-29 02:22 ComboFix4.txt 2009-10-28 00:37 ComboFix5.txt 2010-07-16 21:17 Pre-Run: 81,609,281,536 bytes free Post-Run: 81,646,166,016 bytes free - - End Of File - - B3339353E0AFCBC3F060C582375C9856

OK, not sure if it went through - here it is again just in case combofixlog.txt

OK, sorry for the wait - I've been really busy with work lately. Anyway, attached is the ComboFix Log

Hey - just letting you know that I haven't had a chance to do this yet and I will be out of town all weekend. I should have this completed by Sunday or Monday night. Thanks and have a good weekend!

Here ya go! FYI: It appears as if my IP address came back - but it still won't connect. 22:25:08:937 2868 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 22:25:08:937 2868 ================================================================================ 22:25:08:937 2868 SystemInfo: 22:25:08:937 2868 OS Version: 5.1.2600 ServicePack: 3.0 22:25:08:937 2868 Product type: Workstation 22:25:08:937 2868 ComputerName: JAKE-FRXTA9G0LG 22:25:08:937 2868 UserName: Jake 22:25:08:937 2868 Windows directory: C:\windows 22:25:08:937 2868 System windows directory: C:\windows 22:25:08:937 2868 Processor architecture: Intel x86 22:25:08:937 2868 Number of processors: 2 22:25:08:937 2868 Page size: 0x1000 22:25:08:937 2868 Boot type: Normal boot 22:25:08:937 2868 ================================================================================ 22:25:09:578 2868 Initialize success 22:25:09:578 2868 22:25:09:578 2868 Scanning Services ... 22:25:09:812 2868 Raw services enum returned 289 services 22:25:09:812 2868 22:25:09:812 2868 Scanning Drivers ... 22:25:10:218 2868 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys 22:25:10:250 2868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys 22:25:10:281 2868 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys 22:25:10:312 2868 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys 22:25:10:359 2868 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys 22:25:10:406 2868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys 22:25:10:421 2868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys 22:25:10:453 2868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys 22:25:10:484 2868 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys 22:25:10:515 2868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys 22:25:10:546 2868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys 22:25:10:562 2868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys 22:25:10:593 2868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys 22:25:10:609 2868 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys 22:25:10:656 2868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys 22:25:10:703 2868 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys 22:25:10:718 2868 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys 22:25:10:750 2868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys 22:25:10:781 2868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys 22:25:10:796 2868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys 22:25:10:812 2868 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\windows\system32\DRIVERS\e100b325.sys 22:25:10:843 2868 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys 22:25:10:859 2868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys 22:25:10:875 2868 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys 22:25:10:890 2868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys 22:25:10:921 2868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys 22:25:10:937 2868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys 22:25:10:937 2868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys 22:25:10:953 2868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\Drivers\GEARAspiWDM.sys 22:25:10:968 2868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys 22:25:11:015 2868 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\windows\system32\drivers\HdAudio.sys 22:25:11:046 2868 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys 22:25:11:078 2868 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys 22:25:11:109 2868 HSFHWBS2 (b6b0721a86e51d141ec55c3cc1ca5686) C:\windows\system32\DRIVERS\HSFHWBS2.sys 22:25:11:156 2868 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\windows\system32\DRIVERS\HSF_DPV.sys 22:25:11:171 2868 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys 22:25:11:234 2868 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys 22:25:11:265 2868 ialm (d95eb1c9b3a5c2f6fdeab05dd03736fe) C:\windows\system32\DRIVERS\ialmnt5.sys 22:25:11:281 2868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\drivers\Imapi.sys 22:25:11:406 2868 IntcAzAudAddService (1265393299a72ada509f5973040bb93f) C:\windows\system32\drivers\RtkHDAud.sys 22:25:11:453 2868 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys 22:25:11:500 2868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys 22:25:11:515 2868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys 22:25:11:546 2868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys 22:25:11:578 2868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys 22:25:11:593 2868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys 22:25:11:609 2868 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys 22:25:11:625 2868 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys 22:25:11:640 2868 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys 22:25:11:671 2868 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\windows\system32\drivers\klmd.sys 22:25:11:687 2868 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys 22:25:11:718 2868 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys 22:25:11:750 2868 mdmxsdk (e246a32c445056996074a397da56e815) C:\windows\system32\DRIVERS\mdmxsdk.sys 22:25:11:765 2868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys 22:25:11:781 2868 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys 22:25:11:796 2868 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys 22:25:11:828 2868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys 22:25:11:843 2868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys 22:25:11:859 2868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys 22:25:11:890 2868 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys 22:25:11:906 2868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys 22:25:11:937 2868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys 22:25:11:953 2868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys 22:25:11:968 2868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys 22:25:12:000 2868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys 22:25:12:015 2868 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys 22:25:12:031 2868 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys 22:25:12:046 2868 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys 22:25:12:062 2868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys 22:25:12:078 2868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys 22:25:12:093 2868 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\windows\system32\drivers\NDProxy.sys 22:25:12:093 2868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys 22:25:12:109 2868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys 22:25:12:140 2868 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys 22:25:12:140 2868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys 22:25:12:171 2868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys 22:25:12:203 2868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys 22:25:12:218 2868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys 22:25:12:234 2868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys 22:25:12:234 2868 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys 22:25:12:250 2868 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\DRIVERS\parport.sys 22:25:12:265 2868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys 22:25:12:296 2868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys 22:25:12:296 2868 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys 22:25:12:328 2868 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys 22:25:12:343 2868 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys 22:25:12:406 2868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys 22:25:12:421 2868 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\windows\system32\DRIVERS\processr.sys 22:25:12:437 2868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys 22:25:12:453 2868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys 22:25:12:500 2868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys 22:25:12:515 2868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys 22:25:12:531 2868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys 22:25:12:531 2868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys 22:25:12:546 2868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys 22:25:12:562 2868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys 22:25:12:578 2868 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys 22:25:12:593 2868 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys 22:25:12:625 2868 SCDEmu (f441ba47bd8610cb9536965bd7d1f943) C:\windows\system32\drivers\SCDEmu.sys 22:25:12:656 2868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys 22:25:12:671 2868 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys 22:25:12:687 2868 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\DRIVERS\serial.sys 22:25:12:718 2868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys 22:25:12:750 2868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys 22:25:12:765 2868 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys 22:25:12:781 2868 Srv (89220b427890aa1dffd1a02648ae51c3) C:\windows\system32\DRIVERS\srv.sys 22:25:12:796 2868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys 22:25:12:812 2868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys 22:25:12:843 2868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys 22:25:12:890 2868 Tcpip (f7d9aefbe77212423c97ee23a258f339) C:\windows\system32\DRIVERS\tcpip.sys 22:25:12:890 2868 Suspicious file (Forged): C:\windows\system32\DRIVERS\tcpip.sys. Real md5: f7d9aefbe77212423c97ee23a258f339, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d 22:25:12:890 2868 File "C:\windows\system32\DRIVERS\tcpip.sys" infected by TDSS rootkit ... 22:25:13:078 2868 Backup copy found, using it.. 22:25:13:093 2868 will be cured on next reboot 22:25:13:140 2868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys 22:25:13:171 2868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys 22:25:13:203 2868 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys 22:25:13:250 2868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys 22:25:13:328 2868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys 22:25:13:359 2868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys 22:25:13:375 2868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys 22:25:13:390 2868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys 22:25:13:406 2868 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys 22:25:13:421 2868 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS 22:25:13:437 2868 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys 22:25:13:453 2868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys 22:25:13:468 2868 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys 22:25:13:484 2868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys 22:25:13:500 2868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys 22:25:13:546 2868 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\windows\system32\DRIVERS\HSF_CNXT.sys 22:25:13:593 2868 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys 22:25:13:593 2868 Reboot required for cure complete.. 22:25:13:953 2868 Cure on reboot scheduled successfully 22:25:13:953 2868 22:25:13:953 2868 Completed 22:25:13:953 2868 22:25:13:953 2868 Results: 22:25:13:953 2868 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 22:25:13:953 2868 File objects infected / cured / cured on reboot: 1 / 0 / 1 22:25:13:953 2868 22:25:13:953 2868 KLMD(ARK) unloaded successfully

OK, here are the logs. I'll check back soon. Thanks! MBAM LOG: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/5/2010 4:06:46 PM mbam-log-2010-07-05 (16-06-46).txt Scan type: Quick scan Objects scanned: 109104 Time elapsed: 4 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS LOG: DDS (Ver_10-03-17.01) - NTFSx86 Run by Jake at 16:07:59.28 on Mon 07/05/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.241 [GMT -4:00] ============== Running Processes =============== C:\windows\system32\svchost -k DcomLaunch svchost.exe svchost.exe svchost.exe C:\windows\Explorer.EXE C:\windows\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\System32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\igfxpers.exe C:\windows\SOUNDMAN.EXE C:\windows\ALCWZRD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\windows\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Jake\Desktop\dds.pif ============== Pseudo HJT Report =============== uStart Page = hxxp://www.woodtv.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: Search panel: {47d0c870-58ad-2348-4d10-52dd14e2d3e3} - c:\windows\system32\dyfxwpuhkxq.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dPolicies-explorer: NoSetActiveDesktop = 1 (0x1) dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199661946853 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Notify: igfxcui - igfxdev.dll ============= SERVICES / DRIVERS =============== S0 eoagmo;eoagmo; [x] =============== Created Last 30 ================ 2010-06-30 01:59:03 0 ----a-w- c:\documents and settings\jake\defogger_reenable 2010-06-30 00:45:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-30 00:45:20 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-30 00:45:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-27 20:09:51 0 d-sh--w- c:\documents and settings\jake\IECompatCache ==================== Find3M ==================== 2010-06-21 01:33:39 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-09-28 23:17:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009092820090929\index.dat ============= FINISH: 16:09:05.51 =============== JAVA RA Log: JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Oct 27 20:48:51 2009 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ ------------------------------------ Finished reporting. JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Jul 05 16:00:43 2010 Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500} ------------------------------------ Finished reporting.