So...where do we go from here?

Jeff,

Like I said your going to have to transfer these programs by disk to the infected one by either a CD or a USB Thumb drive.


Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.




1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)


Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.







Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract the file and run it.
Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
Please post the content of the TDSSKiller log

Thanks again...I'll have to wait until morning to try it, but I'll post what you asked. I truly appreciate your help!

Running now...will let you know. Thanks for your help and Merry Christmas!
:present:

Ok, I have downloaded the rkills to a thumb drive and been running them on the infected computer. I have been running the rkill.exe several times, but keep getting the same messages. The first one that comes up is a "Security Warning" that tell sme "The application can not be executed. The file ssu.exe is infected. Do you want to activate your antivirus softweare now?". I don't click on anything until I get the second error message that tells me "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item".

I have tried both double clicking the rkill icon on the drive and also right-clicking and choosing "Run As". I can't do it as Administrator, however, because this computer was given to me several months ago. I have no idea what the Adminisrator password is.

Any thoughts?

One last thing...just happened. I continued trying to run the rkill and the computer froze up. It sat for about 15 minutes until I rebooted. When I did, I was having the same security alerts and such. Just FYI...trying to give you any and all info.

Hi,

Your computer sounds like it has some very serious infections, just so you know sometimes it could be best just to format and reinstall windows. This would insure that everything is running properly and that the virus is gone. This is your call if you want to lean in that direction, but after some attempts at cleaning that may fail it may be your only option.


You can try running TDSSKiller in Safemode, actually your can try and run any of these programs in Safemode. If your being redirected and cant access the download then you will need to download them to a known clean computer and transfer them by disk to the infected one.


To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)



Please download exeHelper (http://www.raktor.net/exeHelper/exeHelper.com) to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).




Now try TDSSKiller again.

Thanks for this, Ken. Will try when I return from vacation. Regarding the reformatting, will this wipe the computer back to "factory"? Are there any leftover traces when this is done? Is it safe for me to try to download files to thumbdrive to reload later?

I'm really not worried about it from a file standpoint...there's nothing on there that I can't recreate. I got this computer from a friend some time ago and my plan was to give it to my daughter for school. I don't have the original disc...is it still possible to reformat without it?

Well, at this point I don't know what your infected with, there are threats that will infected a thumb drive.

As far as reformatting, if you reformat your drive all will be gone, you will just have basically a blank disk, if you don't have your windows CD or a Recovery CD then you cant reinstall windows.

Some computers come with a recovery console pre installed, dont know if you have one. If you go to My Computer and look at your drives, it may show D: as a RC.

This is something we dont do here, we just do malware removal so I would have to link you to one of our other windows forums for help in that area.

As far as vacation, forum policy, if no reply in 3 days the thread is closed, you will just have to start a new topic and if I miss it one of our able bodied staff will pick it up.

This is all that came up in the exehelper log

exeHelper by Raktor
Build 20100414
Run at 21:48:11 on 01/02/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

I have also run the rkill without having the computer connected to the modem and have not seen the warnings coming uo any more. However, I am also not able to connect to the Internet any longer. Following is what I get when I run the rkill now...and it seems I can ONLY run it when the Internet cable is not connected.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 01/02/2011 at 22:51:52.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

Processes terminated by Rkill or while it was running:



Rkill completed on 01/02/2011 at 22:51:55.

Reboot your system and see if you can connect to the internet.

Without any logs its hard to say what your infected with. Download TDSSKiller from a known clean computer and transfer it by disk to the infected one and run it, post the log.


Same for this one.

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Will do. Away again until Friday night...posting to keep thread alive. I'll do this on Saturday when I return. Once again, I appreciate your help and patience. :thanks:

TDSSKiller Log Requested

2011/01/10 08:23:42.0487 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/10 08:23:42.0487 ================================================================================
2011/01/10 08:23:42.0487 SystemInfo:
2011/01/10 08:23:42.0487
2011/01/10 08:23:42.0487 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/10 08:23:42.0487 Product type: Workstation
2011/01/10 08:23:42.0487 ComputerName: HOME
2011/01/10 08:23:42.0487 UserName: George Barboza
2011/01/10 08:23:42.0487 Windows directory: C:\WINDOWS
2011/01/10 08:23:42.0487 System windows directory: C:\WINDOWS
2011/01/10 08:23:42.0487 Processor architecture: Intel x86
2011/01/10 08:23:42.0487 Number of processors: 1
2011/01/10 08:23:42.0487 Page size: 0x1000
2011/01/10 08:23:42.0487 Boot type: Normal boot
2011/01/10 08:23:42.0487 ================================================================================
2011/01/10 08:23:53.0034 Initialize success
2011/01/10 08:23:56.0643 ================================================================================
2011/01/10 08:23:56.0643 Scan started
2011/01/10 08:23:56.0643 Mode: Manual;
2011/01/10 08:23:56.0643 ================================================================================
2011/01/10 08:23:58.0190 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/10 08:23:58.0331 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/10 08:23:58.0534 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/01/10 08:23:58.0674 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/10 08:23:58.0815 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/10 08:23:58.0971 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/01/10 08:23:59.0628 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/10 08:23:59.0768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/10 08:23:59.0971 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/10 08:24:00.0112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/10 08:24:00.0268 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/10 08:24:00.0424 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/10 08:24:00.0659 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/10 08:24:00.0799 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/10 08:24:00.0924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/10 08:24:01.0237 CO_Mon (ca8eb7b73ac3bab1f8760a7583122a00) C:\WINDOWS\system32\Drivers\CO_Mon.sys
2011/01/10 08:24:01.0596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/10 08:24:01.0768 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/10 08:24:01.0956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/10 08:24:02.0081 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/10 08:24:02.0221 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/10 08:24:02.0456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/10 08:24:02.0612 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/10 08:24:02.0799 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/10 08:24:02.0956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/10 08:24:03.0081 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/10 08:24:03.0221 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/10 08:24:03.0378 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/10 08:24:03.0549 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/10 08:24:03.0674 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/10 08:24:03.0799 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/10 08:24:03.0940 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/01/10 08:24:04.0143 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/10 08:24:04.0378 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/10 08:24:04.0503 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/10 08:24:04.0690 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/10 08:24:04.0831 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/10 08:24:05.0081 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/10 08:24:05.0206 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/10 08:24:05.0393 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/10 08:24:05.0690 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/10 08:24:05.0831 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/10 08:24:05.0956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/10 08:24:06.0081 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/10 08:24:06.0221 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/10 08:24:06.0346 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/10 08:24:06.0487 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/10 08:24:06.0690 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/10 08:24:06.0893 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/10 08:24:07.0081 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/10 08:24:07.0268 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/10 08:24:07.0440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/10 08:24:07.0737 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/01/10 08:24:07.0878 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/10 08:24:08.0034 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/10 08:24:08.0174 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/10 08:24:08.0331 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/10 08:24:08.0456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/10 08:24:08.0768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/10 08:24:08.0909 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/10 08:24:09.0081 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/10 08:24:09.0206 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/10 08:24:09.0331 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/10 08:24:09.0440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/10 08:24:09.0581 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/10 08:24:09.0721 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/10 08:24:09.0831 N100 (c7eb926899ff4575b630087ea4c7af61) C:\WINDOWS\system32\DRIVERS\n100325.sys
2011/01/10 08:24:09.0971 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/10 08:24:10.0081 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/10 08:24:10.0190 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/10 08:24:10.0315 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/10 08:24:10.0440 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/10 08:24:10.0581 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/10 08:24:10.0753 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/10 08:24:10.0940 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/10 08:24:11.0081 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/10 08:24:11.0268 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/10 08:24:11.0378 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/10 08:24:11.0503 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/10 08:24:11.0643 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/10 08:24:11.0784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/10 08:24:11.0893 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/10 08:24:12.0003 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/10 08:24:12.0174 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/10 08:24:12.0456 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/10 08:24:13.0018 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/10 08:24:13.0143 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/10 08:24:13.0268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/10 08:24:13.0409 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/10 08:24:13.0815 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/10 08:24:13.0940 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/10 08:24:14.0096 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/10 08:24:14.0221 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/10 08:24:14.0331 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/10 08:24:14.0456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/10 08:24:14.0596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/10 08:24:14.0737 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/10 08:24:14.0893 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/10 08:24:15.0034 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/01/10 08:24:15.0221 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/10 08:24:15.0362 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/10 08:24:15.0487 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/10 08:24:15.0628 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/10 08:24:15.0753 Sftfs (92d1002b9ace530f37f256d3d58e5867) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
2011/01/10 08:24:15.0924 Sftplay (5eb49d97a281c3e71b23c66b13a24a6d) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
2011/01/10 08:24:16.0065 Sftredir (e8192208cc8cf24b3a81774c8078259c) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
2011/01/10 08:24:16.0174 Sftvol (f21569a5e0f9e9cf6e32819e08abfa2d) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
2011/01/10 08:24:16.0409 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
2011/01/10 08:24:16.0643 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/10 08:24:16.0815 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/10 08:24:16.0956 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/10 08:24:17.0081 SSFMONM (362f131c87633c6d021441b835c2cebc) C:\WINDOWS\system32\Drivers\SSFMONM.SYS
2011/01/10 08:24:17.0159 SSHRMD (d7e2f6c09300cb295edafcef84a53a5e) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
2011/01/10 08:24:17.0221 SSIDRV (de67dd27b8053e4d40a7bd979643bd1c) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
2011/01/10 08:24:17.0378 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/10 08:24:17.0487 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/10 08:24:17.0878 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/10 08:24:18.0018 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/10 08:24:18.0174 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/10 08:24:18.0284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/10 08:24:18.0424 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/10 08:24:18.0643 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/10 08:24:18.0862 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/10 08:24:19.0034 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/10 08:24:19.0143 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/10 08:24:19.0268 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/10 08:24:19.0393 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/10 08:24:19.0518 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/10 08:24:19.0643 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/10 08:24:19.0784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/10 08:24:19.0893 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/10 08:24:20.0081 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/10 08:24:20.0253 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/10 08:24:20.0409 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/10 08:24:20.0690 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/10 08:24:20.0862 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/10 08:24:20.0987 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/10 08:24:21.0065 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/10 08:24:21.0128 ================================================================================
2011/01/10 08:24:21.0128 Scan finished
2011/01/10 08:24:21.0128 ================================================================================
2011/01/10 08:24:21.0159 Detected object count: 1
2011/01/10 08:24:30.0956 \HardDisk0 - will be cured after reboot
2011/01/10 08:24:30.0956 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/10 08:25:58.0174 Deinitialize success

OTL logfile created on: 1/10/2011 8:52:53 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.59 Gb Free Space | 74.60% Space Free | Partition Type: NTFS
Drive E: | 488.00 Mb Total Space | 271.05 Mb Free Space | 55.54% Space Free | Partition Type: FAT

Computer Name: HOME | User Name: George Barboza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (SafeList) ==========

MOD - E:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WRConsumerService) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (SSIDRV) -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSFMONM) -- C:\WINDOWS\system32\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD) -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (Sftredir) -- C:\WINDOWS\system32\drivers\Sftredirxp.sys (Microsoft Corporation)
DRV - (Sftvol) -- C:\WINDOWS\system32\drivers\Sftvolxp.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\WINDOWS\system32\drivers\Sftplayxp.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\WINDOWS\system32\drivers\Sftfsxp.sys (Microsoft Corporation)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (N100) -- C:\WINDOWS\system32\drivers\n100325.sys (Compaq Computer Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://echo.entertainment.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59274

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/09/03 13:25:07 | 000,000,000 | ---D | M]

[2008/09/02 10:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Barboza\Application Data\Mozilla\Extensions
[2010/07/10 17:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George Barboza\Application Data\Mozilla\Firefox\Profiles\zwptel38.default\extensions
[2009/08/11 12:17:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\George Barboza\Application Data\Mozilla\Firefox\Profiles\zwptel38.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/10 17:52:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\George Barboza\Application Data\Mozilla\Firefox\Profiles\zwptel38.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/02 16:36:37 | 000,000,000 | ---D | M] ("BitDefender QuickScanner") -- C:\Documents and Settings\George Barboza\Application Data\Mozilla\Firefox\Profiles\zwptel38.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/08/11 23:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/25 19:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR
[2010/04/25 19:57:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/25 19:57:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2005/04/27 15:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/12/21 15:35:48 | 000,000,707 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [{E441DBD4-9B12-4E72-2F00-C2B924233F30}] C:\Documents and Settings\George Barboza\Application Data\Diytb\hiqoh.exe File not found
O4 - HKCU..\Run: [aydcdgqx] C:\Documents and Settings\George Barboza\Local Settings\Temp\dyekuhmoe\cpeildcaffm.exe ()
O4 - HKCU..\Run: [CyberDefender Registry Cleaner] C:\Program Files\CyberDefender\Registry Cleaner\CDregclean.exe File not found
O4 - HKCU..\Run: [JP595IR86O] C:\DOCUME~1\GEORGE~1\LOCALS~1\Temp\Vkl.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://entertainment.webex.com/client/T27L10NSP11EP5/training/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\George Barboza\Application Data\hotfix.exe) - C:\Documents and Settings\George Barboza\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - C:\WINDOWS\System32\cryptnet32.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\George Barboza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\George Barboza\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (indows.common-controls_6595b641) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/14 14:35:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{46abfafa-779f-11de-9c74-000bcd2e84c3}\Shell - "" = AutoRun
O33 - MountPoints2\{46abfafa-779f-11de-9c74-000bcd2e84c3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46abfafa-779f-11de-9c74-000bcd2e84c3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5cc4e1af-62fa-11dc-93b7-e40a6c83ac99}\Shell - "" = AutoRun
O33 - MountPoints2\{5cc4e1af-62fa-11dc-93b7-e40a6c83ac99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5cc4e1af-62fa-11dc-93b7-e40a6c83ac99}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5cc4e1b0-62fa-11dc-93b7-e40a6c83ac99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5cc4e1b0-62fa-11dc-93b7-e40a6c83ac99}\Shell\Open(0)\command - "" = Recycled\ctfmon.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\EasySuite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/10 08:22:50 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\George Barboza\Desktop\TDSSKiller.exe
[2010/12/21 07:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2010/12/21 07:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/12/21 07:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/12/21 07:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George Barboza\Application Data\TP
[2010/12/15 10:08:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2007/12/15 19:26:12 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 08:49:00 | 000,000,216 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/01/10 08:46:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/10 08:46:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/10 08:44:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/01/10 08:31:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2011/01/10 08:28:59 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/10 08:28:35 | 000,297,952 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2011/01/10 08:28:26 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/01/10 08:28:26 | 000,000,012 | ---- | M] () -- C:\WINDOWS\System32\crt.dat
[2011/01/10 08:27:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/01/10 08:27:45 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\dll.dll
[2011/01/10 08:27:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/10 08:22:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/01/10 08:11:31 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2011/01/10 08:11:31 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/01/03 11:22:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/01/03 11:22:37 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2011/01/03 11:22:36 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/01/02 21:50:02 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2011/01/02 21:35:14 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\exeHelper.com
[2011/01/02 21:16:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/01/02 21:16:43 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/01/02 20:36:38 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/12/25 00:42:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/12/25 00:42:09 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/12/25 00:01:52 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/12/23 11:25:40 | 000,780,283 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\rkill.exe
[2010/12/21 15:34:04 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/12/21 11:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/12/21 10:44:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/12/21 10:44:17 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/12/21 10:12:29 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/12/21 09:42:56 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/12/21 09:28:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/12/21 09:28:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/12/21 09:28:53 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/12/21 09:28:53 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/12/21 07:36:15 | 000,466,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/21 07:36:15 | 000,079,804 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/12/21 07:05:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/12/21 07:05:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/12/21 07:05:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/12/21 07:05:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/12/21 07:05:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/12/21 07:05:35 | 000,278,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/20 17:32:27 | 000,388,087 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\CB Prize Report 121410.xls
[2010/12/20 16:51:52 | 000,039,083 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\Arcola Elementary School.JPG
[2010/12/20 14:36:15 | 000,061,263 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\Spotsy Cty Foudation letter to schools Fall 2010.pdf
[2010/12/20 14:33:14 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\PWCty Foundation letter Fall 2010.doc
[2010/12/18 19:47:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/12/18 19:47:04 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/12/18 19:47:04 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/12/18 19:47:04 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/12/18 19:47:04 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/12/17 15:35:12 | 000,064,038 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\ArcolaDragon_color_outlined.JPG
[2010/12/17 10:08:52 | 000,096,256 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\Retail Locations Verification[1].doc
[2010/12/16 12:21:52 | 002,997,791 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\Arcola Preview[1].pdf
[2010/12/16 11:34:35 | 001,792,512 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\Store Audit form K-O.xls
[2010/12/16 11:33:51 | 004,306,944 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\Store Audit form A-C.xls
[2010/12/16 10:33:09 | 002,773,914 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\Legacy Preview 12-16[1].pdf
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\George Barboza\Desktop\TDSSKiller.exe
[2010/12/16 09:33:57 | 001,627,136 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\Kilmer Detail Report 092010.xls
[2010/12/16 09:33:02 | 000,011,882 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\Jeff's 10FACP Updates(1).xlsx
[2010/12/15 16:14:23 | 000,818,688 | ---- | M] () -- C:\Documents and Settings\George Barboza\Desktop\Jeff Elliott Collection Tracker 12-15-10.xls
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/10 08:28:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2011/01/02 21:37:29 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\exeHelper.com
[2011/01/02 21:37:19 | 000,780,283 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\rkill.exe
[2010/12/20 17:32:23 | 000,388,087 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\CB Prize Report 121410.xls
[2010/12/20 16:51:52 | 000,039,083 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\Arcola Elementary School.JPG
[2010/12/20 14:36:15 | 000,061,263 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\Spotsy Cty Foudation letter to schools Fall 2010.pdf
[2010/12/20 14:33:13 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\PWCty Foundation letter Fall 2010.doc
[2010/12/17 15:35:11 | 000,064,038 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\ArcolaDragon_color_outlined.JPG
[2010/12/17 10:08:51 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\Retail Locations Verification[1].doc
[2010/12/16 15:23:27 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\Wendy Payback Schedule.xls
[2010/12/16 12:21:52 | 002,997,791 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\Arcola Preview[1].pdf
[2010/12/16 11:34:34 | 001,792,512 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\Store Audit form K-O.xls
[2010/12/16 11:33:47 | 004,306,944 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\Store Audit form A-C.xls
[2010/12/16 10:33:08 | 002,773,914 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\Legacy Preview 12-16[1].pdf
[2010/12/16 09:33:01 | 000,011,882 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\Jeff's 10FACP Updates(1).xlsx
[2010/12/15 16:14:23 | 000,818,688 | ---- | C] () -- C:\Documents and Settings\George Barboza\Desktop\Jeff Elliott Collection Tracker 12-15-10.xls
[2010/12/06 16:38:39 | 000,297,952 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010/12/06 16:38:39 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\dll.dll
[2010/12/06 16:38:37 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\cryptnet32.dll
[2010/11/15 19:26:16 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/11/04 07:39:38 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\George Barboza\Application Data\start
[2010/11/04 07:38:21 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\George Barboza\Application Data\completescan
[2010/11/02 07:03:11 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\George Barboza\Application Data\install
[2010/11/02 06:17:48 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\George Barboza\Application Data\dkfjasdfshd.bat
[2009/09/11 15:17:48 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2009/03/14 12:29:44 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2008/12/26 19:47:43 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/12/26 05:52:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UltimateBuddy.INI
[2007/10/08 05:14:00 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\George Barboza\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/18 21:54:41 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/09/14 16:00:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/14 15:31:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/09/14 14:27:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/09/03 13:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/09/02 12:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/09/14 16:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Geek Squad
[2010/03/05 14:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark
[2010/11/05 14:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/02 12:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/11/15 19:23:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E15A1CA7-D908-4C28-ADCF-C23723A9D28D}
[2008/09/02 12:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\eBay
[2010/11/05 10:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\Ecicha
[2008/09/14 16:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\funkitron
[2009/10/02 10:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\Juniper Networks
[2010/11/15 17:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\Keynote Systems
[2008/02/16 10:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\Leadertech
[2009/11/08 12:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\QuickScan
[2008/02/16 09:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\RegSweep
[2010/12/21 07:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\TP
[2009/12/21 15:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\Uniblue
[2010/12/20 16:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\webex
[2009/12/11 21:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\Windows Desktop Search
[2010/02/24 20:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George Barboza\Application Data\Windows Search
[2011/01/02 20:36:38 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/12/21 10:12:29 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/01/10 08:11:31 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/12/18 19:47:04 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/12/21 07:05:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/12/03 16:19:55 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/09 06:54:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/01/02 21:16:43 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/12/06 06:38:20 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/01/03 11:22:36 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/11/09 06:54:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/09 06:54:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/12/25 00:42:09 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/11/09 06:54:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/11/09 06:54:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/11/09 04:14:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/11/09 05:14:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/11/09 06:54:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/11/09 06:14:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/12/21 09:28:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/01/10 08:27:50 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/12/21 09:28:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/12/21 10:44:17 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/12/21 11:18:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/12/18 19:47:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/11/09 06:54:48 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/12/21 07:05:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/11/16 06:26:15 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2011/01/02 21:16:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/12/06 06:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2011/01/03 11:22:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/12/25 00:42:09 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/11/09 06:54:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/11/09 04:44:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/09 06:54:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/11/09 06:54:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/11/09 04:31:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/11/09 05:31:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/12/18 19:47:04 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/12/21 09:28:53 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2011/01/10 08:31:00 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/12/21 09:42:56 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/12/21 10:44:17 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2011/01/10 08:11:31 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/11/09 05:44:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/12/18 19:47:04 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/12/21 07:05:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/12/21 07:05:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/12/21 15:34:04 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/12/21 07:05:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/12/21 07:05:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/12/21 07:05:48 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/12/03 16:19:55 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/11/16 06:26:15 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2011/01/02 21:50:02 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/12/18 19:47:04 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/01/03 11:22:37 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/12/25 00:01:52 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/12/21 09:28:53 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/01/10 08:44:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/11/09 03:30:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job
[2010/12/08 11:37:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
[2007/12/22 07:26:17 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
[2011/01/10 08:28:26 | 000,000,306 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/01/10 08:49:00 | 000,000,216 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/01/10 08:22:00 | 000,000,258 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A121498D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF1BA808

< End of report >

Ken, Thanks again for all your help! Hopefully these last three posts are what you are looking for, but please let me know if I missed something. I noticed that the OTL was set for past 30 days...should we go back further?


OTL Extras logfile created on: 1/10/2011 8:52:53 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 55.59 Gb Free Space | 74.60% Space Free | Partition Type: NTFS
Drive E: | 488.00 Mb Total Space | 271.05 Mb Free Space | 55.54% Space Free | Partition Type: FAT

Computer Name: HOME | User Name: George Barboza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00100409-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 SR-1
"{00110409-78E1-11D2-B60F-006097C998E7}" = Microsoft Excel 2000 SR-1
"{00130409-78E1-11D2-B60F-006097C998E7}" = Microsoft PowerPoint 2000 SR-1
"{00170409-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KeynoteConnector" = Keynote Connector
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PokerStars" = PokerStars
"Webroot Software" = Webroot Software
"WET7Cable" = Windows Easy Transfer for Windows 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2011 9:11:32 AM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/10/2011 9:11:32 AM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/10/2011 9:11:33 AM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/10/2011 9:11:33 AM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/10/2011 9:14:25 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 1/10/2011 9:14:25 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/10/2011 9:27:55 AM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/10/2011 9:27:55 AM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/10/2011 9:27:55 AM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/10/2011 9:27:55 AM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 1/2/2011 11:24:39 PM | Computer Name = HOME | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 1/2/2011 11:27:06 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The Application Virtualization Client service hung on starting.

Error - 1/2/2011 11:27:06 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%1070

Error - 1/2/2011 11:27:06 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/2/2011 11:47:36 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Webroot Spy Sweeper Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/3/2011 12:23:48 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/3/2011 12:48:15 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = The Webroot Spy Sweeper Engine service terminated unexpectedly. It
has done this 1 time(s).

Error - 1/10/2011 9:12:34 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 1/10/2011 9:14:06 AM | Computer Name = HOME | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/10/2011 9:28:56 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >

Your Hard disk was infected with a Rootkit, make sure you rebooted after TDSSKiller for the fix to take effect.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

I can't continue thanking you enough, Ken. My computer is already up and running without issue even before getting your reply here. I will do what you have suggested above and post, but after doing TDSSKiller and rebooting, I had Internet capability again. I ran my Spysweeper (by Webroot) program and was able to quarantine the malware and other "threats". Running the Combofix program and will post again. :D:

ComboFix 11-01-10.04 - 01/10/2011 18:49:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.305 [GMT -5:00]
Running from: c:\documents and settings\George Barboza\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Microsoft
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
c:\documents and settings\George Barboza\Application Data\Diytb\hiqoh.exe
c:\documents and settings\George Barboza\Application Data\RegSweep
c:\documents and settings\George Barboza\Application Data\RegSweep\Log\2008 Feb 18 - 01_10_57 PM_187.log
c:\documents and settings\George Barboza\Application Data\RegSweep\Log\2008 Feb 18 - 01_11_01 PM_984.log
c:\documents and settings\George Barboza\Application Data\RegSweep\Log\2008 Feb 18 - 02_01_40 PM_437.log
c:\documents and settings\George Barboza\Application Data\RegSweep\Log\2008 Feb 18 - 02_01_45 PM_203.log
c:\documents and settings\George Barboza\Application Data\RegSweep\Log\2008 Feb 18 - 07_22_04 PM_656.log
c:\documents and settings\George Barboza\Application Data\RegSweep\Log\2008 Feb 18 - 07_22_09 PM_593.log
c:\documents and settings\George Barboza\Application Data\RegSweep\Log\2008 Feb 18 - 09_43_03 AM_781.log
c:\documents and settings\George Barboza\Application Data\RegSweep\Log\2008 Feb 18 - 09_43_08 AM_765.log
c:\documents and settings\George Barboza\Application Data\RegSweep\Registry Backups\2008-02-16_09-47-52.reg
c:\documents and settings\George Barboza\Favorites\Thumbs.db
c:\program files\RegSweep
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At49.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At50.job
c:\windows\Tasks\At51.job
c:\windows\Tasks\At52.job
c:\windows\Tasks\At53.job
c:\windows\Tasks\At54.job
c:\windows\Tasks\At55.job
c:\windows\Tasks\At56.job
c:\windows\Tasks\At57.job
c:\windows\Tasks\At58.job
c:\windows\Tasks\At59.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At60.job
c:\windows\Tasks\At61.job
c:\windows\Tasks\At62.job
c:\windows\Tasks\At63.job
c:\windows\Tasks\At64.job
c:\windows\Tasks\At65.job
c:\windows\Tasks\At66.job
c:\windows\Tasks\At67.job
c:\windows\Tasks\At68.job
c:\windows\Tasks\At69.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At70.job
c:\windows\Tasks\At71.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2010-12-21 20:14 . 2010-12-21 20:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-12-21 19:55 . 2010-12-21 19:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-12-21 12:39 . 2011-01-11 00:03 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client
2010-12-21 12:35 . 2010-12-21 12:35 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2010-12-21 12:34 . 2010-12-21 12:59 -------- d-----w- c:\documents and settings\George Barboza\Application Data\TP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 20:53 . 2010-12-06 21:38 26112 ----a-w- c:\windows\system32\dll.dll
2010-11-22 20:27 . 2009-08-17 15:36 288768 ----a-w- c:\documents and settings\gmr\gmr.exe
2010-11-05 15:58 . 2010-11-02 11:17 237 ----a-w- c:\documents and settings\George Barboza\Application Data\dkfjasdfshd.bat
2007-12-16 00:24 . 2007-12-16 00:26 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-06-21 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-06-21 126976]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-27 122368]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2010-11-16 1286960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-5 323646]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [12/2/2009 10:23 PM 483688]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [11/15/2010 7:26 PM 45072]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [11/15/2010 7:23 PM 3066528]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211304]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [12/2/2009 10:23 PM 209768]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 10:24 AM 135664]
S3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\drivers\n100325.sys [9/14/2007 3:11 PM 128000]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ sysagent
.
Contents of the 'Scheduled Tasks' folder

2011-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:24]

2011-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 15:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://echo.entertainment.com/
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{E441DBD4-9B12-4E72-2F00-C2B924233F30} - c:\documents and settings\George Barboza\Application Data\Diytb\hiqoh.exe
HKCU-Run-CyberDefender Registry Cleaner - c:\program files\CyberDefender\Registry Cleaner\CDregclean.exe
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
AddRemove-Adobe Digital Editions - c:\documents and settings\George Barboza\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions2x0\digitaleditions2x0.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 19:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2092)
c:\windows\system32\WININET.dll
c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-01-10 19:13:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-11 00:13

Pre-Run: 59,371,413,504 bytes free
Post-Run: 60,220,178,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 47A6AB443AF7DDDC5C0AA71F1CE8745A

There stiill are a few bad files on your system, run Malwarebytes and lets see if there removed.


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5511

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/13/2011 8:36:36 AM
mbam-log-2011-01-13 (08-36-36).txt

Scan type: Quick scan
Objects scanned: 166798
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OW1T3CYG7T (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\george barboza\application data\dkfjasdfshd.bat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\george barboza\application data\microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.

Great

You do realize I am helping you while digging my car out of 20" of snow

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.



Let me know how your system is running now and if ESET does not find anything you will be good to go

I did not get a log that I could download...maybe did something wrong? But, it did not find anything other than a couple of system32 issues that were removed by the program. My system is running beautifully with no problems at all. If you would like me to run the ESET scan again and see if I get a log, I will. Otherwise, you have been wonderful to work with and I can't thank you enough for your help!

Wish I could help you dig out!

Yep, just read the town paper and we got over 18" and maybe more next week :sad:

No need for a new ESET log.





How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)




Safe Surfn
Ken

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.