Internet Re-direct virus

[G D J]

I originally posted this on the general forum. Below are my logs. I also included an attachment with 3 bitmaps. These are examples of the errors that I am continually getting via Visual Studio's JIT debugger. Thank you, Gary

------------------------------------------------------------------------------------

Last Monday, I was infected with a virus. It started out as the virus that says that you have a certain number of viruses and you need to install an anti-virus program. I do not recall exactly what the message was but I think it was Internet Security 2010.

I updated and ran Malwarebytes' Anti-Malware. I found several viruses and succesfully removed them. I thought I was good. As I continued to do work on my computer, I would get Visual Studio's Just In Time debugger coming up with various errors. It seems I still have something running in the background. I have Symantec installed through work. At one point in time, it stopped the hacktool.rootkit virus. I tried Microsoft Security Essentials as well.

I am stuck in a cycle, all scans run without finding errors, I try to go back to using my computer and do internet searches. I get re-directed and typically the VS JIT debugger comes up, eventually Symantec or Security Essentials catches something. (I understand it is not good to have both) I run scans again and typically come up clean.

My diagnosis is that the internet search virus is causing my problems. At first it was just Google but now looks to be Bing. Any help would be greatly appreciated.

----------------------------------------------------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86

Run by Gary at 21:32:52.62 on Tue 03/09/2010

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.343 [GMT -6:00]

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\CrashPlan\CrashPlanService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\vssvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program Files\CrashPlan\CrashPlanTray.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Documents and Settings\Gary\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig?hl=en

uSearch Bar =

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll

BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll

TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://pbskids.org/barney/children/games/manners_game.html"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\crashp~1.lnk - c:\program files\crashplan\CrashPlanTray.exe

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab

DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://photos.walmart.com/WalmartOutlookImport.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://www.shockwave.com/content/dinerdash2/sis/DinerDash2.1.0.0.67.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146102134078

DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab

DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/html - {ae420702-5d42-49a7-bb3f-dbfa1df03954} -

Notify: igfxcui - igfxdev.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 ddbcba.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]

R2 CrashPlanService;CrashPlan Backup Service;c:\program files\crashplan\CrashPlanService.exe [2009-8-20 152064]

R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-3 102448]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100309.009\naveng.sys [2010-3-9 84912]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100309.009\navex15.sys [2010-3-9 1324720]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-12 135664]

S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]

============== File Associations ===============

regfile=regedit.exe "%1" %*

scrfile="%1" %*

=============== Created Last 30 ================

2010-03-10 03:11:52 0 ----a-w- c:\documents and settings\gary\defogger_reenable

2010-03-10 02:38:46 0 d-----w- C:\mbam

2010-03-03 22:55:35 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-03-03 22:49:05 0 d-----w- c:\program files\Microsoft Security Essentials

2010-03-03 05:32:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-03 05:32:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-03 05:32:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-03 03:20:14 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-03-03 03:20:14 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-03-03 03:19:55 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-03-03 03:19:55 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

2010-03-02 01:53:09 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-03-02 01:53:09 552 ----a-w- c:\windows\system32\d3d8caps.dat

2010-03-02 00:04:00 120 ----a-w- c:\windows\Mhepur.dat

2010-03-02 00:04:00 0 ----a-w- c:\windows\Xbivifemeyudaf.bin

==================== Find3M ====================

2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys

2009-12-31 15:33:06 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe

2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe

2009-12-18 13:04:09 161792 ------w- c:\windows\system32\dllcache\ieakui.dll

2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe

2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe

2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll

2006-07-06 18:55:33 774144 ----a-w- c:\program files\RngInterstitial.dll

2006-04-19 03:07:56 56 --sh--r- c:\windows\system32\8F9B2099A6.sys

2006-04-19 03:07:57 6580 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-09-07 18:16:36 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 21:35:05.04 ===============

Malwarebytes' Anti-Malware 1.44

Database version: 3845

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

3/9/2010 9:25:01 PM

mbam-log-2010-03-09 (21-25-01).txt

Scan type: Quick Scan

Objects scanned: 140992

Time elapsed: 25 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ark.zip

VS_JIT_1.zip

[deltalima]

Hi G D J,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  
• The fixes are specific to your problem and should only be used for this issue on this machine.
  
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  
• If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  
• It's often worth reading through these instructions and printing them for ease of reference.
  
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  
• Please reply to this thread. Do not start a new topic.
  

multiple Anti Virus programs

• You are operating your computer with multiple Anti Virus programs running in memory at once:
  
• Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  
• Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  
• Please remove Microsoft Security Essentials and keep the Symantec installed through work
  

TDSSKiller

• Download the file TDSSKiller.zip and save it on your desktop
  
• Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop
  
• Next double-click the tdsskiller Folder on your desktop.
  
• Next right-click on tdsskiller.exe and click Copy then Paste it directly on to your Desktop.
  
• Highlight and copy the text in the codebox below.
  

  "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"

  
  

• Click Start, click Run... and paste the text above into the Open: line and click OK.
  
• Wait for the scan and disinfection process to be over.
  
• Open tdskiller.txt on your desktop and post the contents in your next reply
  

[G D J]

Hi deltalima,

I went ahead and un-installed Security Essentials. I had planned on removing after the virus was cleaned up. It was beneficial when I initially got the virus.

I ran the tdsskiller.exe. It said it cleaned up C:\WINDOWS\system32\drivers\atapi.sys. Unfortunately, I ran it a second time which overwrote the output that mentioned the clean up. Below are the results from running it a second time.

It does look like my problems are better. I am no longer getting re-directed on internet searches. We did not end up using the computer very much tonight so it was not a great test. I will continue to monitor over the next few days and let you know. Thank you so much for your assistance!

Gary

17:29:18:875 2488 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20

17:29:18:875 2488 ================================================================================

17:29:18:875 2488 SystemInfo:

17:29:18:875 2488 OS Version: 5.1.2600 ServicePack: 3.0

17:29:18:875 2488 Product type: Workstation

17:29:18:875 2488 ComputerName: E1505

17:29:18:875 2488 UserName: Gary

17:29:18:875 2488 Windows directory: C:\WINDOWS

17:29:18:875 2488 Processor architecture: Intel x86

17:29:18:875 2488 Number of processors: 2

17:29:18:875 2488 Page size: 0x1000

17:29:18:875 2488 Boot type: Normal boot

17:29:18:875 2488 ================================================================================

17:29:18:890 2488 UnloadDriverW: NtUnloadDriver error 2

17:29:18:890 2488 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

17:29:18:906 2488 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system

17:29:18:906 2488 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

17:29:18:906 2488 wfopen_ex: Trying to KLMD file open

17:29:18:906 2488 wfopen_ex: File opened ok (Flags 2)

17:29:18:906 2488 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software

17:29:18:906 2488 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

17:29:18:906 2488 wfopen_ex: Trying to KLMD file open

17:29:18:906 2488 wfopen_ex: File opened ok (Flags 2)

17:29:18:906 2488 Initialize success

17:29:18:906 2488

17:29:18:906 2488 Scanning Services ...

17:29:19:500 2488 GetAdvancedServicesInfo: Raw services enum returned 397 services

17:29:19:500 2488

17:29:19:500 2488 Scanning Kernel memory ...

17:29:19:500 2488 Devices to scan: 4

17:29:19:500 2488

17:29:19:500 2488 Driver Name: Disk

17:29:19:500 2488 IRP_MJ_CREATE : F7683BB0

17:29:19:500 2488 IRP_MJ_CREATE_NAMED_PIPE : 804F4562

17:29:19:500 2488 IRP_MJ_CLOSE : F7683BB0

17:29:19:500 2488 IRP_MJ_READ : F767DD1F

17:29:19:500 2488 IRP_MJ_WRITE : F767DD1F

17:29:19:500 2488 IRP_MJ_QUERY_INFORMATION : 804F4562

17:29:19:500 2488 IRP_MJ_SET_INFORMATION : 804F4562

17:29:19:500 2488 IRP_MJ_QUERY_EA : 804F4562

17:29:19:500 2488 IRP_MJ_SET_EA : 804F4562

17:29:19:500 2488 IRP_MJ_FLUSH_BUFFERS : F767E2E2

17:29:19:500 2488 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562

17:29:19:500 2488 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562

17:29:19:500 2488 IRP_MJ_DIRECTORY_CONTROL : 804F4562

17:29:19:500 2488 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562

17:29:19:500 2488 IRP_MJ_DEVICE_CONTROL : F767E3BB

17:29:19:500 2488 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7681F28

17:29:19:500 2488 IRP_MJ_SHUTDOWN : F767E2E2

17:29:19:500 2488 IRP_MJ_LOCK_CONTROL : 804F4562

17:29:19:500 2488 IRP_MJ_CLEANUP : 804F4562

17:29:19:500 2488 IRP_MJ_CREATE_MAILSLOT : 804F4562

17:29:19:500 2488 IRP_MJ_QUERY_SECURITY : 804F4562

17:29:19:500 2488 IRP_MJ_SET_SECURITY : 804F4562

17:29:19:500 2488 IRP_MJ_POWER : F767FC82

17:29:19:500 2488 IRP_MJ_SYSTEM_CONTROL : F768499E

17:29:19:500 2488 IRP_MJ_DEVICE_CHANGE : 804F4562

17:29:19:500 2488 IRP_MJ_QUERY_QUOTA : 804F4562

17:29:19:500 2488 IRP_MJ_SET_QUOTA : 804F4562

17:29:19:531 2488 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

17:29:19:531 2488

17:29:19:531 2488 Driver Name: Disk

17:29:19:531 2488 IRP_MJ_CREATE : F7683BB0

17:29:19:531 2488 IRP_MJ_CREATE_NAMED_PIPE : 804F4562

17:29:19:531 2488 IRP_MJ_CLOSE : F7683BB0

17:29:19:531 2488 IRP_MJ_READ : F767DD1F

17:29:19:531 2488 IRP_MJ_WRITE : F767DD1F

17:29:19:531 2488 IRP_MJ_QUERY_INFORMATION : 804F4562

17:29:19:531 2488 IRP_MJ_SET_INFORMATION : 804F4562

17:29:19:531 2488 IRP_MJ_QUERY_EA : 804F4562

17:29:19:531 2488 IRP_MJ_SET_EA : 804F4562

17:29:19:531 2488 IRP_MJ_FLUSH_BUFFERS : F767E2E2

17:29:19:531 2488 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562

17:29:19:531 2488 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562

17:29:19:531 2488 IRP_MJ_DIRECTORY_CONTROL : 804F4562

17:29:19:531 2488 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562

17:29:19:531 2488 IRP_MJ_DEVICE_CONTROL : F767E3BB

17:29:19:531 2488 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7681F28

17:29:19:531 2488 IRP_MJ_SHUTDOWN : F767E2E2

17:29:19:531 2488 IRP_MJ_LOCK_CONTROL : 804F4562

17:29:19:531 2488 IRP_MJ_CLEANUP : 804F4562

17:29:19:531 2488 IRP_MJ_CREATE_MAILSLOT : 804F4562

17:29:19:531 2488 IRP_MJ_QUERY_SECURITY : 804F4562

17:29:19:531 2488 IRP_MJ_SET_SECURITY : 804F4562

17:29:19:531 2488 IRP_MJ_POWER : F767FC82

17:29:19:531 2488 IRP_MJ_SYSTEM_CONTROL : F768499E

17:29:19:531 2488 IRP_MJ_DEVICE_CHANGE : 804F4562

17:29:19:531 2488 IRP_MJ_QUERY_QUOTA : 804F4562

17:29:19:531 2488 IRP_MJ_SET_QUOTA : 804F4562

17:29:19:531 2488 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

17:29:19:531 2488

17:29:19:531 2488 Driver Name: Disk

17:29:19:531 2488 IRP_MJ_CREATE : F7683BB0

17:29:19:531 2488 IRP_MJ_CREATE_NAMED_PIPE : 804F4562

17:29:19:531 2488 IRP_MJ_CLOSE : F7683BB0

17:29:19:531 2488 IRP_MJ_READ : F767DD1F

17:29:19:531 2488 IRP_MJ_WRITE : F767DD1F

17:29:19:531 2488 IRP_MJ_QUERY_INFORMATION : 804F4562

17:29:19:531 2488 IRP_MJ_SET_INFORMATION : 804F4562

17:29:19:531 2488 IRP_MJ_QUERY_EA : 804F4562

17:29:19:531 2488 IRP_MJ_SET_EA : 804F4562

17:29:19:531 2488 IRP_MJ_FLUSH_BUFFERS : F767E2E2

17:29:19:531 2488 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562

17:29:19:531 2488 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562

17:29:19:531 2488 IRP_MJ_DIRECTORY_CONTROL : 804F4562

17:29:19:531 2488 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562

17:29:19:531 2488 IRP_MJ_DEVICE_CONTROL : F767E3BB

17:29:19:531 2488 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7681F28

17:29:19:531 2488 IRP_MJ_SHUTDOWN : F767E2E2

17:29:19:531 2488 IRP_MJ_LOCK_CONTROL : 804F4562

17:29:19:531 2488 IRP_MJ_CLEANUP : 804F4562

17:29:19:531 2488 IRP_MJ_CREATE_MAILSLOT : 804F4562

17:29:19:531 2488 IRP_MJ_QUERY_SECURITY : 804F4562

17:29:19:531 2488 IRP_MJ_SET_SECURITY : 804F4562

17:29:19:531 2488 IRP_MJ_POWER : F767FC82

17:29:19:531 2488 IRP_MJ_SYSTEM_CONTROL : F768499E

17:29:19:531 2488 IRP_MJ_DEVICE_CHANGE : 804F4562

17:29:19:531 2488 IRP_MJ_QUERY_QUOTA : 804F4562

17:29:19:531 2488 IRP_MJ_SET_QUOTA : 804F4562

17:29:19:546 2488 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

17:29:19:546 2488

17:29:19:546 2488 Driver Name: atapi

17:29:19:546 2488 IRP_MJ_CREATE : F74AA6F2

17:29:19:546 2488 IRP_MJ_CREATE_NAMED_PIPE : 804F4562

17:29:19:546 2488 IRP_MJ_CLOSE : F74AA6F2

17:29:19:546 2488 IRP_MJ_READ : 804F4562

17:29:19:546 2488 IRP_MJ_WRITE : 804F4562

17:29:19:546 2488 IRP_MJ_QUERY_INFORMATION : 804F4562

17:29:19:546 2488 IRP_MJ_SET_INFORMATION : 804F4562

17:29:19:546 2488 IRP_MJ_QUERY_EA : 804F4562

17:29:19:546 2488 IRP_MJ_SET_EA : 804F4562

17:29:19:546 2488 IRP_MJ_FLUSH_BUFFERS : 804F4562

17:29:19:546 2488 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562

17:29:19:546 2488 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562

17:29:19:546 2488 IRP_MJ_DIRECTORY_CONTROL : 804F4562

17:29:19:546 2488 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562

17:29:19:562 2488 IRP_MJ_DEVICE_CONTROL : F74AA712

17:29:19:562 2488 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A6852

17:29:19:562 2488 IRP_MJ_SHUTDOWN : 804F4562

17:29:19:562 2488 IRP_MJ_LOCK_CONTROL : 804F4562

17:29:19:562 2488 IRP_MJ_CLEANUP : 804F4562

17:29:19:562 2488 IRP_MJ_CREATE_MAILSLOT : 804F4562

17:29:19:562 2488 IRP_MJ_QUERY_SECURITY : 804F4562

17:29:19:562 2488 IRP_MJ_SET_SECURITY : 804F4562

17:29:19:562 2488 IRP_MJ_POWER : F74AA73C

17:29:19:562 2488 IRP_MJ_SYSTEM_CONTROL : F74B1336

17:29:19:562 2488 IRP_MJ_DEVICE_CHANGE : 804F4562

17:29:19:562 2488 IRP_MJ_QUERY_QUOTA : 804F4562

17:29:19:562 2488 IRP_MJ_SET_QUOTA : 804F4562

17:29:19:593 2488 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1

17:29:19:593 2488

17:29:19:593 2488 Completed

17:29:19:593 2488

17:29:19:593 2488 Results:

17:29:19:593 2488 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

17:29:19:593 2488 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

17:29:19:593 2488 File objects infected / cured / cured on reboot: 0 / 0 / 0

17:29:19:593 2488

17:29:19:593 2488 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system

17:29:19:593 2488 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software

17:29:19:593 2488 KLMD(ARK) unloaded successfully

[deltalima]

Hi G D J,

It said it cleaned up C:\WINDOWS\system32\drivers\atapi.sys

That's what we needed, don't worry about the log.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
  
• Under Output, ensure that Minimal Output is selected.
  
• Under Extra Registry section, select Use SafeList.
  
• Click the Scan All Users checkbox.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened
    
  • Extras.txt <-- Will be minimized
    

  [*]Please post the contents of these 2 Notepad files in your next reply.

[G D J]

Hi deltalima,

OTL.txt

OTL logfile created on: 3/11/2010 4:40:12 PM - Run 1

OTL by OldTimer - Version 3.1.36.1 Folder = C:\Documents and Settings\Gary\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 514.00 Mb Available Physical Memory | 51.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 49.80 Gb Total Space | 20.77 Gb Free Space | 41.71% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: E1505

Current User Name: Gary

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)

PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

PRC - C:\WINDOWS\system32\dlcccoms.exe ( )

PRC - C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Gary\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (CrashPlanService) -- C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)

SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)

SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)

SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100311.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100311.002\NAVENG.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)

DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)

DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (APL531) -- C:\WINDOWS\system32\drivers\ov550i.sys (Omnivision Technologies, Inc.)

DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)

DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)

DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (SDDMI2) -- C:\WINDOWS\system32\ddmi2.sys (Gteko Ltd.)

DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en

IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{CE4C0AA0-0F51-426A-86B6-5C2DD8F2CDB8}: C:\Documents and Settings\Gary\Local Settings\Application Data\{CE4C0AA0-0F51-426A-86B6-5C2DD8F2CDB8} [2010/03/01 18:03:58 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)

O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)

O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)

O3 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()

O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)

O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe File not found

O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe File not found

O4 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\4.0 ( File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)

O15 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-454084849-1184975054-2855387566-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v46/scrab...rabblecubes.cab (ScrabbleCubes Control)

O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://photos.walmart.com/WalmartOutlookImport.cab (Snapfish Outlook Import ActiveX Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/share...GamesLoader.cab (FunGamesLoader Object)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)

O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://www.shockwave.com/content/dinerdash...h2.1.0.0.67.cab (CPlayFirstDinerDash2Control Object)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1146102134078 (MUWebControl Class)

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX27.cab (Groove Control)

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)

O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab (FujifilmUploader Class)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 207.206.192.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O30 - LSA: Authentication Packages - (ddbcba.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: mpnoedit - (C:\WINDOWS\system32\extroute.dll) - C:\WINDOWS\System32\extroute.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/03/11 16:36:17 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe

[2010/03/10 22:10:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010/03/10 21:25:44 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010/03/09 20:38:46 | 000,000,000 | ---D | C] -- C:\mbam

[2010/03/08 11:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2010/03/04 16:56:02 | 009,758,152 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gary\My Documents\windows-kb890830-v3.4.exe

[2010/03/03 22:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer

[2010/03/03 21:28:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2010/03/03 20:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\PCHealth

[2010/03/03 16:55:35 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010/03/03 16:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

[2010/03/03 16:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/03/03 16:47:52 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gary\My Documents\mssefullinstall-x86fre-en-us-xp.exe

[2010/03/02 23:32:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/03/02 23:32:47 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/03/02 23:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/03/02 23:20:27 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gary\My Documents\mbam-setup.exe

[2010/03/02 21:20:14 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys

[2010/03/02 21:20:14 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys

[2010/03/02 21:19:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys

[2010/03/02 21:19:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys

[2010/03/02 17:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010/03/01 19:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/03/01 19:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010/03/01 18:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/03/01 18:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\{CE4C0AA0-0F51-426A-86B6-5C2DD8F2CDB8}

[2010/02/11 20:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp

[2010/02/04 20:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\IsolatedStorage

[2010/02/03 09:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\IsolatedStorage

[2010/01/21 05:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2010/01/12 19:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009/09/21 09:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/09/21 09:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009/09/19 14:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft

[2009/07/06 20:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\SupportSoft

[2009/05/05 20:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google

[2007/12/07 21:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple

[2007/02/02 10:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help

[2007/02/02 10:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help

[2006/12/18 07:07:43 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2006/12/18 06:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2006/07/06 12:55:39 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

[2006/04/11 20:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall

[2006/04/04 09:59:36 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll

[2006/04/04 09:59:36 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll

[2006/04/04 09:59:36 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll

[2006/04/04 09:59:36 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll

[2006/04/04 09:59:36 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll

[2006/04/04 09:59:34 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll

[2006/04/04 09:59:34 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll

[2006/04/04 09:59:34 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll

[2006/04/04 09:59:34 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/11 16:36:25 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe

[2010/03/11 15:59:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/11 07:47:12 | 000,494,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/03/11 07:47:12 | 000,091,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/03/11 07:47:11 | 000,594,176 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/03/10 22:13:08 | 000,000,637 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/03/10 21:41:39 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Gary\NTUSER.DAT

[2010/03/10 17:59:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/10 17:25:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/10 17:25:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/10 17:25:37 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/10 17:23:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Gary\ntuser.ini

[2010/03/03 22:32:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/03/03 16:48:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/03 14:08:02 | 009,758,152 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gary\My Documents\windows-kb890830-v3.4.exe

[2010/03/03 14:02:16 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gary\My Documents\mssefullinstall-x86fre-en-us-xp.exe

[2010/03/03 09:56:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Mhepur.dat

[2010/03/03 06:47:33 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Wireless Network Connection.lnk

[2010/03/03 00:11:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Xbivifemeyudaf.bin

[2010/03/02 23:45:33 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Microsoft Office Word 2003.lnk

[2010/03/02 23:32:53 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/02 23:20:27 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Gary\My Documents\mbam-setup.exe

[2010/03/02 23:10:56 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\IconCache.db

[2010/03/02 08:41:35 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Internet Explorer.lnk

[2010/03/01 22:16:48 | 000,015,614 | -HS- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\14hGVx3q3cgvXYLJ0iWn4V0Bjh4J8

[2010/03/01 20:26:26 | 000,015,100 | -HS- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\jlPN1nND50253

[2010/03/01 19:53:09 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/03/01 13:54:04 | 000,001,842 | -H-- | M] () -- C:\Documents and Settings\Gary\My Documents\Default.rdp

[2010/02/24 22:20:38 | 000,013,913 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\gary pic.JPG

[2010/02/24 22:16:26 | 000,017,118 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\test.jpg

[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010/02/24 07:33:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/02/22 22:13:40 | 016,419,657 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\2-22-10 6AM.mp3

[2010/02/19 09:23:51 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk

[2010/02/15 10:31:17 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Volunteer Wish List 2010.xls

[2010/02/11 20:54:46 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2010/02/10 16:56:26 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2010/02/09 21:53:16 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Book1.xls

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 06:15:21 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys

[2010/03/03 06:47:33 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Wireless Network Connection.lnk

[2010/03/02 23:32:53 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/03/02 21:19:01 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\glchvt.dat

[2010/03/02 08:41:35 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Internet Explorer.lnk

[2010/03/01 20:15:04 | 000,014,190 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\jlPN1nND50253

[2010/03/01 20:11:18 | 000,015,614 | -HS- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\14hGVx3q3cgvXYLJ0iWn4V0Bjh4J8

[2010/03/01 20:07:32 | 000,015,100 | -HS- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\jlPN1nND50253

[2010/03/01 19:53:16 | 000,014,480 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\jlPN1nND50253

[2010/03/01 19:53:09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/03/01 19:53:09 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/03/01 19:45:18 | 000,443,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/03/01 18:04:00 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mhepur.dat

[2010/03/01 18:04:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xbivifemeyudaf.bin

[2010/02/24 22:19:13 | 000,013,913 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\gary pic.JPG

[2010/02/24 22:16:26 | 000,017,118 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\test.jpg

[2010/02/22 22:13:38 | 016,419,657 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\2-22-10 6AM.mp3

[2010/02/15 10:31:17 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\Volunteer Wish List 2010.xls

[2009/03/25 14:57:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2009/02/02 15:13:19 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2008/08/29 21:51:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI

[2007/02/18 19:10:07 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys

[2006/06/07 14:00:25 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\bbbconfig.dat

[2006/04/17 21:11:55 | 000,006,580 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2006/04/17 21:11:55 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\8F9B2099A6.sys

[2006/04/17 21:05:06 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/04/17 20:54:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI

[2006/04/12 20:50:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2006/04/10 20:43:20 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\fusioncache.dat

[2006/04/04 10:50:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/04/04 10:38:31 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/04/04 10:34:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/04/04 10:30:43 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

[2006/04/04 09:59:36 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll

[2006/04/04 09:59:36 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll

[2006/04/04 09:59:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll

[2006/04/04 09:59:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll

[2006/04/04 09:59:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll

[2006/04/04 09:59:34 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll

[2006/04/04 09:59:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll

[2006/04/04 09:59:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll

[2006/04/04 09:59:34 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll

[2006/04/04 09:59:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll

[2006/04/04 09:58:46 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2006/04/04 09:58:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2006/04/04 09:58:16 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2006/04/04 09:58:04 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005/08/02 13:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini

[2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:40520FC3

< End of report >

Extras.txt

OTL Extras logfile created on: 3/11/2010 4:40:12 PM - Run 1

OTL by OldTimer - Version 3.1.36.1 Folder = C:\Documents and Settings\Gary\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 514.00 Mb Available Physical Memory | 51.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 49.80 Gb Total Space | 20.77 Gb Free Space | 41.71% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: E1505

Current User Name: Gary

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\av.exe File not found

[HKEY_USERS\S-1-5-21-454084849-1184975054-2855387566-1006\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" %*

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Speed\Speed.exe" = C:\Program Files\Speed\Speed.exe:*:Enabled:Speed -- File not found

"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"D:\Modem Firmware Recovery\gtrecovery.exe" = D:\Modem Firmware Recovery\gtrecovery.exe:*:Enabled:GT Critical Recovery Utility -- File not found

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\CrashPlan\CrashPlanService.exe" = C:\Program Files\CrashPlan\CrashPlanService.exe:*:Enabled:CrashPlan -- (CrashPlan)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"C:\DOCUME~1\Gary\LOCALS~1\Temp\0.6534080367952899.exe" = [string data over 1000 bytes]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04ABA9CD-45B8-483D-8444-F75289232022}" = Cabbage Patch Kids - Where's My Pony

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{2E520590-7E0F-450F-A11B-CC2C02E550B1}" = TurboTax 2008 wiaiper

"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3262493A-5C05-45BC-BB3A-5DC2B5EBB803}" = CrashPlan

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{37A66FA0-EAA2-012B-AD79-000000000000}" = TurboTax 2009 wiaiper

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005

"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon

"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7

"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package

"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86

"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer

"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003

"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32

"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper

"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport

"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2

"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C94C253C-069F-4C02-8E5B-C1D056827643}" = Wal-Mart Digital Photo Manager

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{D56401D6-E356-4CA5-97A3-024D666F5E5C}" = ArcSoft PhotoImpression 6

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp

"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009

"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes

"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic

"3DGroove" = 3D Groove Playback Engine

"A80599FB-C344-4F78-B69C-A7B5FC5047C5" = Digby's Donuts

"ACE/Agent for Windows NT" = RSA ACE/Agent for Windows

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CAL" = Canon Camera Access Library

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"Canon MOV Decoder" = Canon MOV Decoder

"Canon MOV Encoder" = Canon MOV Encoder

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"CSCLIB" = Canon Camera Support Core Library

"D5568B1C-FE34-4C0F-9F6D-FBA680D6BB69" = Crystal Maze

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"Dell Game Console" = Dell Game Console

"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924

"EmeraldQFE2" = Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

"ESPNMotion" = ESPNMotion

"F346023B-4BB1-4541-B9D6-A4DEA1B61035" = Lemonade Tycoon 2

"Google Chrome" = Google Chrome

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX

"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1

"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX

"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OVT Scanner" = Uninstall OVT Scanner

"PUBLISHERR" = Microsoft Office Publisher 2007 Trial

"Reader Rabbit Preschool" = Reader Rabbit Preschool

"RealArcade 1.2" = RealArcade

"RealPlayer 6.0" = RealPlayer Basic

"RemoteCaptureDC" = Canon Utilities RemoteCapture DC

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"Sandlot Games Client Services_is1" = Sandlot Games Client Services

"StreetPlugin" = Learn2 Player (Uninstall Only)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"The Weather Channel Desktop" = The Weather Channel Desktop

"TurboTax 2008" = TurboTax 2008

"TurboTax 2009" = TurboTax 2009

"TurboTax Deluxe 2007" = TurboTax Deluxe 2007

"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006

"UnityWebPlayer" = Unity Web Player

"Upromise TurboSaver" = Upromise TurboSaver (remove only)

"ViewpointMediaPlayer" = Viewpoint Media Player

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WildTangent CDA" = WildTangent Web Driver

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"WT007176" = Garden Dreams

"WT007825" = JEOPARDY

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Zoombinis Island Odyssey" = Zoombinis Island Odyssey

"Zoombinis Logical Journey" = Zoombinis Logical Journey

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 3/10/2010 3:50:28 PM | Computer Name = E1505 | Source = crypt32 | ID = 131077

Description = Failed auto update retrieval of third-party root certificate from:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>

with error: This network connection does not exist.

Error - 3/10/2010 3:50:28 PM | Computer Name = E1505 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 3/10/2010 3:50:28 PM | Computer Name = E1505 | Source = crypt32 | ID = 131077

Description = Failed auto update retrieval of third-party root certificate from:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>

with error: This network connection does not exist.

Error - 3/10/2010 3:50:28 PM | Computer Name = E1505 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 3/10/2010 3:50:28 PM | Computer Name = E1505 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 3/10/2010 6:20:18 PM | Computer Name = E1505 | Source = Symantec AntiVirus | ID = 16711726

Description = Security Risk Found!Risk: Bloodhound.Exploit.288 in File: C:\Documents

and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F2GI4Z1J\newplayer[1].pdf

by: Auto-Protect scan. Action: Clean failed : Delete failed. Action Description:

The file was left unchanged.

Error - 3/10/2010 6:20:42 PM | Computer Name = E1505 | Source = Symantec AntiVirus | ID = 16711685

Description = Risk Found!Risk: Bloodhound.Exploit.288 in File: C:\Documents and

Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F2GI4Z1J\newplayer[1].pdf

by: Auto-Protect scan. Action: Clean failed : Delete failed : Access denied.

Action Description: The file was left unchanged.

Error - 3/10/2010 6:20:42 PM | Computer Name = E1505 | Source = Symantec AntiVirus | ID = 16711731

Description = Security Risk Found!Risk: Bloodhound.Exploit.288 in File: C:\Documents

and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F2GI4Z1J\newplayer[1].pdf

by: Auto-Protect scan. Action: Clean failed : Delete failed : Access denied.

Action Description: The file was left unchanged.

Error - 3/10/2010 7:11:39 PM | Computer Name = E1505 | Source = MPSampleSubmission | ID = 5000

Description =

Error - 3/11/2010 12:30:16 AM | Computer Name = E1505 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting

module unknown, version 0.0.0.0, fault address 0x60b47930.

[ System Events ]

Error - 3/10/2010 12:32:11 AM | Computer Name = E1505 | Source = Microsoft Antimalware | ID = 2001

Description =

Error - 3/10/2010 12:32:11 AM | Computer Name = E1505 | Source = Microsoft Antimalware | ID = 2001

Description =

Error - 3/10/2010 12:32:11 AM | Computer Name = E1505 | Source = Microsoft Antimalware | ID = 2001

Description =

Error - 3/10/2010 4:59:35 AM | Computer Name = E1505 | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

Error - 3/10/2010 4:59:35 AM | Computer Name = E1505 | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

Error - 3/10/2010 5:00:32 AM | Computer Name = E1505 | Source = Service Control Manager | ID = 7001

Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery

Service service which failed to start because of the following error: %%1058

Error - 3/10/2010 5:00:32 AM | Computer Name = E1505 | Source = Service Control Manager | ID = 7001

Description = The Media Center Extender Service service depends on the SSDP Discovery

Service service which failed to start because of the following error: %%1058

Error - 3/10/2010 7:25:51 PM | Computer Name = E1505 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 3/10/2010 7:27:35 PM | Computer Name = E1505 | Source = Service Control Manager | ID = 7001

Description = The Canon Camera Access Library 8 service depends on the SSDP Discovery

Service service which failed to start because of the following error: %%1058

Error - 3/10/2010 7:27:35 PM | Computer Name = E1505 | Source = Service Control Manager | ID = 7001

Description = The Media Center Extender Service service depends on the SSDP Discovery

Service service which failed to start because of the following error: %%1058

< End of report >

Thanks

[deltalima]

Hi G D J,

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     
     

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply and also let me know how your computer is running now.

[G D J]

deltalima,

Here are the results from the latest scan. Everything came up clean. We have not had any problems since atapi.sys was cleaned up. I will let you know what we see over the next few days. Thanks

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, March 12, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, March 11, 2010 20:13:02

Records in database: 3769658

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

Scan statistics:

Objects scanned: 105222

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 04:25:32

No threats found. Scanned area is clean.

Selected area has been scanned.

[deltalima]

Hi G D J,

TFC

• Please download TFC to your desktop,
  
• Save any unsaved work. TFC will close all open application windows.
  
• Double-click TFC.exe to run the program.
  
• Click the Start button in the bottom left of TFC
  
• If prompted, click "Yes" to reboot.
  

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.

• Download the latest version of Java Runtime Environment (JRE) 6 Here
  
• Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
  
• Click the orange Download JRE button to the right
  
• Select the Windows platform from the dropdown menu
  
• Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  
• Click on the link to download Windows Offline Installation & save the file to your desktop
  
• Close any programs you may have running - especially your web browser
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions
  
• Reboot your computer once all Java components are removed
  
• Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version
  

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.

All versions numbered lower than 9.3 are vulnerable.

• Go HERE , UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  
• After it completes the Installation, close the Download Manager.
  

Run OTL Script

• Double-click OTL.exe to start the program.
  
• Copy and Paste the following code into the textbox. Do not include the word Code
  

  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
  "FirstRunDisabled" = 0
  "AntiVirusOverride" = 0
  "FirewallOverride" = 0

  
  

• Then click the Run Fix button at the top.
  
• Click .
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
  

[G D J]

deltalima,

I updated the Java runtime and Adobe. I am actually an application developer but tend to neglect maintenance of my home PC. Here is the OTL registry update. The PC is running with no problems.

Gary

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | 0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | 0 /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride" | 0 /E : value set successfully!

OTL by OldTimer - Version 3.1.36.1 log created on 03122010_201252

[deltalima]

Hi G D J,

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Delete the TDSSKiller icon, folder and log from your desktop.

Clean up with OTL

• Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  
• Close all other programs apart from OTL as this step will require a reboot
  
• On the OTL main screen, press the CleanUp! button
  
• Say Yes to the prompt and then allow the program to reboot your computer.
  

Create a new, clean System Restore point which you can use in case of future system problems:

• Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  
• Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  
• Now remove old, infected System Restore points:
  
• Next click Start >> Run and type cleanmgr in the box and press OK
  
• Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  
• Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  
• Press OK and Yes to confirm
  

Update your AntiVirus Software and keep your other programs up-to-date

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office

Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software
  

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!