Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus unable to run tdss


  • This topic is locked This topic is locked
4 replies to this topic

#1 melaniemm1981

melaniemm1981

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 30 June 2011 - 12:05 PM

i have the redirect virus and I was able to download the tdss rootkill program but it wont run when i click on it and it wont run directly from the cmd prompt


DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 21:11:02 on 2011-06-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.451 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NetSupport\NetSupport Manager\client32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\WINDOWS\system32\ptumlcmsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Popup-Blocker Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\documents and settings\owner\desktop\net zero\netzero\qsacc\X1IEBHO.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [BHR] c:\program files\zamaan's software\browser hijack retaliator 4.5\BHR.exe
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: Display All Images with Full Quality - c:\documents and settings\owner\desktop\net zero\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\documents and settings\owner\desktop\net zero\netzero\qsacc\appres.dll/227
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: lensec.com\mail
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 66.174.95.44 66.174.92.14
TCP: Interfaces\{F0510867-06EB-4AF8-93E9-6FF1856FBEE3} : DhcpNameServer = 66.174.95.44 66.174.92.14
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-31 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-31 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-31 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-3-4 61960]
R2 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2004-9-5 254050]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-6-7 106496]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2011-6-20 59664]
R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2011-6-20 168208]
R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2011-6-20 168208]
R3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\PTUMLNET.sys [2011-6-20 80912]
R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2011-6-20 168848]
R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\PTUMLRMNET.sys [2011-6-20 59920]
R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2011-6-20 168208]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2004-9-5 108400]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2004-3-30 118106]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2010-3-4 33024]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2010-3-4 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2010-3-4 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2010-3-4 59904]
.
=============== Created Last 30 ================
.
2011-06-27 22:31:20 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-22 14:40:31 570128 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.DLL
2011-06-22 14:40:31 3584 ----a-w- c:\program files\common files\microsoft shared\dao\comcat.dll
2011-06-22 14:40:31 203976 ----a-w- c:\windows\system32\richtx32.ocx
2011-06-22 14:40:31 1338880 ----a-w- c:\program files\common files\microsoft shared\dao\shdocvw.dll
2011-06-22 14:40:31 132880 ----a-w- c:\windows\system32\MSINET.OCX
2011-06-20 18:01:48 -------- d-----w- c:\documents and settings\all users\application data\WEngineLite
2011-06-20 17:59:50 59920 ----a-w- c:\windows\system32\drivers\PTUMLRMNET.sys
2011-06-20 17:59:50 168208 ----a-w- c:\windows\system32\drivers\PTUMLVsp.sys
2011-06-20 17:59:50 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2011-06-20 17:59:49 80912 ----a-w- c:\windows\system32\drivers\PTUMLNET.sys
2011-06-20 17:59:49 168848 ----a-w- c:\windows\system32\drivers\PTUMLNVsp.sys
2011-06-20 17:59:48 59664 ----a-w- c:\windows\system32\drivers\PTUMLBUS.sys
2011-06-20 17:59:48 168208 ----a-w- c:\windows\system32\drivers\PTUMLMdm.sys
2011-06-20 17:59:48 168208 ----a-w- c:\windows\system32\drivers\PTUMLCVsp.sys
2011-06-20 17:19:18 415232 ----a-w- c:\windows\system32\ptumlmcp64.dll
2011-06-20 17:19:18 266240 ----a-w- c:\windows\system32\ptumlmcp.dll
2011-06-20 17:19:18 112128 ----a-w- c:\windows\system32\ptumlqmi64.dll
2011-06-20 17:19:18 110592 ----a-w- c:\windows\system32\ptumlqmi.dll
2011-06-20 17:19:17 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2011-06-16 13:26:02 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-08 13:59:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-07 14:34:58 -------- d-----w- c:\windows\ie8updates
2011-06-07 14:17:51 -------- d-----w- c:\program files\MSXML 4.0
2011-06-07 14:08:36 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-06-07 14:08:36 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-06-07 14:08:35 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-07 14:08:35 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-07 14:08:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-07 14:08:34 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-06-07 14:08:32 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-06-07 14:01:51 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-07 13:59:02 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-06-07 13:58:18 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-06-07 13:58:18 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2011-06-07 13:58:18 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-07 13:52:39 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-07 13:51:04 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-07 13:50:01 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-06-07 13:39:49 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-07 13:28:21 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-07 13:28:19 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-06-07 13:28:19 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-06-07 13:25:06 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-06-07 13:21:16 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-06-07 13:16:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-06-07 13:05:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-06-07 13:05:06 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-06-07 13:03:41 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-06-07 13:02:37 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-06-07 13:02:29 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-06-07 13:00:44 -------- d-----w- c:\windows\system32\PreInstall
2011-06-07 12:31:01 106496 ----a-w- c:\windows\system32\ptumlcmsvc.exe
2011-06-07 01:40:32 -------- d-----w- c:\windows\ServicePackFiles
2011-06-07 01:38:21 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2011-06-07 01:37:11 19569 ----a-w- c:\windows\002663_.tmp
2011-06-07 01:34:12 -------- d-----w- c:\windows\EHome
2011-06-06 18:28:43 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-06-06 18:27:48 -------- d-----w- c:\documents and settings\owner\application data\Verizon Wireless
2011-06-06 13:51:39 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-06 13:51:16 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-06 13:50:52 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-06 13:50:52 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-06 13:50:52 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-06 13:50:52 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-06 13:50:52 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-06 13:50:52 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-06 13:50:52 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-06 13:50:52 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-06 13:50:52 -------- dc----w- C:\ada542978c9aaa9953aca055bb82
2011-06-06 13:47:46 -------- d-----w- c:\program files\MSXML 6.0
2011-06-05 23:50:29 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-06-05 23:50:21 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 23:50:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-05 23:50:15 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 23:50:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-05 23:48:01 -------- d-----w- c:\documents and settings\owner\application data\Avira
.
==================== Find3M ====================
.
2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 21:17:41.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:24 PM

Posted 03 July 2011 - 04:43 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 melaniemm1981

melaniemm1981
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 05 July 2011 - 09:10 AM

this reply is to sweet tech
here are the results of rootkit unhooker
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xB2582000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 2187264 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF083000 C:\WINDOWS\System32\ati3duag.dll 2179072 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF712A000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF72E2000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 880640 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF7082000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7676000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF297000 C:\WINDOWS\System32\ativvaxx.dll 487424 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB227C000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xB23C7000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xEC04F000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB24D2000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB0F65000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF30E000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB06E4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF04A000 C:\WINDOWS\System32\ati2cqag.dll 233472 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 229376 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF724C000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF7794000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB1085000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7649000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAF980000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB2437000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF72A6000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB24AA000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB2300000 C:\WINDOWS\system32\DRIVERS\PTUMLCVsp.sys 163840 bytes (DEVGURU Co., LTD.(www.devguru.co.kr), USB Serial Port Device Driver (MSS Ver.3))
0xB2378000 C:\WINDOWS\system32\DRIVERS\PTUMLMdm.sys 163840 bytes (DEVGURU Co., LTD.(www.devguru.co.kr), USB Modem Device Driver (MSS Ver.3))
0xB2328000 C:\WINDOWS\system32\DRIVERS\PTUMLNVsp.sys 163840 bytes (DEVGURU Co., LTD.(www.devguru.co.kr), USB Serial Port Device Driver (MSS Ver.3))
0xB2350000 C:\WINDOWS\system32\DRIVERS\PTUMLVsp.sys 163840 bytes (DEVGURU Co., LTD.(www.devguru.co.kr), USB Serial Port Device Driver (MSS Ver.3))
0xB23A0000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xF705C000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xB2484000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB255E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF7282000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7229000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB2462000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF772C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7764000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xEC0DC000 C:\WINDOWS\system32\DRIVERS\vna.sys 110592 bytes (Check Point Software Technologies, -)
0xF762F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF774C000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB2264000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xAF9AB000 C:\WINDOWS\system32\DRIVERS\PTUMLNET.sys 98304 bytes (DEVGURU Co., LTD., USB Network Adapter Device Driver)
0xEC0AD000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB11D5000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0xF7703000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xEC0C5000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 94208 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xF7031000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB0CF8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7048000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF72CE000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB252B000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB22ED000 C:\WINDOWS\system32\DRIVERS\PTUMLRMNET.sys 77824 bytes (DEVGURU Co., LTD., USB Rmnet Device Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF771A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7783000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6F4A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF51AA000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7923000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7873000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF77E3000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7903000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF58B8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xEE9D6000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7933000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF44C2000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xEC157000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF77F3000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF4532000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF7843000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF4512000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF78E3000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF51DA000 C:\WINDOWS\system32\DRIVERS\PTUMLBUS.sys 53248 bytes (DEVGURU Co., LTD., USB Composite Device Driver (MSS Ver.3))
0xF7943000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7823000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7973000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF5908000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7913000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7813000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7963000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7803000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xEE9E6000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xEEA36000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB042F000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7833000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xEC197000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF78C3000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7983000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF5928000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF5918000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7B9B000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF4F6C000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF459A000 C:\WINDOWS\system32\drivers\pcisys.sys 32768 bytes (NetSupport Ltd, PCISYS Driver)
0xEC127000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7B93000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7BAB000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7A7B000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7BB3000 C:\WINDOWS\System32\Drivers\MxlW2k.SYS 28672 bytes (MusicMatch, Inc., MusicMatch Access Layer KMD)
0xF7A63000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7BCB000 C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS 28672 bytes (Smith Micro Inc., Smith Micro NDIS 5.0 Protocol Driver)
0xF7AD3000 C:\WINDOWS\System32\Drivers\sunkfilt.sys 28672 bytes (Alcor Micro Corp., SunkFilt)
0xF457A000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7B43000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7BBB000 C:\WINDOWS\system32\DRIVERS\gdihook5.sys 24576 bytes (NetSupport Ltd, PCI GDIHOOK5 Miniport Driver)
0xF4562000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF7BA3000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xECDFA000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF4F64000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7B8B000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF4F7C000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xECE02000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xF4F74000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7A6B000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xECE1A000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xECE0A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7BC3000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xEF61A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7CC7000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF7CDB000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEDF83000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF75FF000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7C83000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7BF3000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF3A0D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xEDF73000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB104D000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF73D9000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF75F7000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF3A05000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xEDF8B000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7CE3000 00000088 8192 bytes
0xF7D07000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF7D03000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7D45000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7D37000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D43000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7CE7000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7CE3000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7CF9000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7CFB000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D17000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xF7D7F000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7DA5000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7CE5000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E28000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7DEF000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7E6A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DAB000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x87357908 00000168 0 bytes
==============================================
>Stealth
==============================================
0x8732835C Unknown page with executable code, 3236 bytes
0x87327F6A Unknown thread object [ ETHREAD 0x872D1020 ] TID: 108, 600 bytes
0x87325FB5 Unknown page with executable code, 75 bytes

here are the results of OTL
OTL Extras logfile created on: 7/5/2011 9:57:47 AM - Run 2
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 396.99 Mb Available Physical Memory | 38.82% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.04 Gb Free Space | 92.77% Space Free | Partition Type: NTFS

Computer Name: MELANIE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking
"C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa
"C:\DOCUME~1\Owner\LOCALS~1\Temp\jcshzfk.exe" = C:\DOCUME~1\Owner\LOCALS~1\Temp\jcshzfk.exe:*:Enabled:Control
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\NetSupport\NetSupport Manager\client32.exe" = C:\Program Files\NetSupport\NetSupport Manager\client32.exe:*:Enabled:NetSupport Client -- (NetSupport Ltd)
"C:\Program Files\NetSupport\NetSupport Manager\PCICTLUI.EXE" = C:\Program Files\NetSupport\NetSupport Manager\PCICTLUI.EXE:*:Enabled:NetSupport Control -- (NetSupport Ltd)
"C:\Program Files\NetSupport\NetSupport Manager\pcideply.exe" = C:\Program Files\NetSupport\NetSupport Manager\pcideply.exe:*:Enabled:NetSupport Deploy -- (NetSupport Ltd)
"C:\Program Files\NetSupport\NetSupport Manager\PCISA.EXE" = C:\Program Files\NetSupport\NetSupport Manager\PCISA.EXE:*:Enabled:NetSupport Scripting Agent -- (NetSupport Ltd)
"C:\Program Files\NetSupport\NetSupport Manager\pciscrui.exe" = C:\Program Files\NetSupport\NetSupport Manager\pciscrui.exe:*:Enabled:NetSupport Script Editor -- (NetSupport Ltd)
"C:\Program Files\NetSupport\NetSupport Manager\runscrip.exe" = C:\Program Files\NetSupport\NetSupport Manager\runscrip.exe:*:Enabled:NetSupport Run Script -- (NetSupport Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D007CA9-64EE-4069-8CD2-D90EDFC046E3}" = ATI RADEON 9700 Dogs Screen Saver v1.1
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2C927BC2-D402-4781-97BD-920E415847A2}" = 6200Trb
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5B8B3C61-BDF7-4882-807E-A30AF1A64A9C}" = 6200
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6E9FF657-D09F-4B46-9FF6-56EA20D781C5}" = Verizon Wireless UML290 Firmware Updates
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9D11BA8B-E2D6-4ABA-8D82-BD024C8718A5}" = VZAccess Manager
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A0F13B93-1892-4C55-B709-995BBB730F33}" = ATI RADEON 9700 NPR Hatching Demo v1.1
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ADAF6BDD-EC42-4239-B191-FDE6FFD6E1D6}" = ATI RADEON 9700 Car Paint Demo v1.1
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B62D2A85-847F-4748-9B12-5DA6CE8EC8BA}" = ATI RADEON 9700 Moebius Strip Screen Saver v1.1
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cdf6c6e8-bc77-4d29-bc8d-7e89fdf8963f}" = Check Point SSL Network Extender
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF110019-D640-4252-9DD7-99C7CB684E9F}" = ATI RADEON 9700 Bacteria Screen Saver v1.1
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{DB6F07FF-A436-453a-B685-F6C1F4F09D22}" = PANTECH PC Card Software
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DDC93C2A-D96C-475A-8011-85C5EAE9A32C}" = Verizon Wireless UML290 Firmware Updates
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F5C46C94-B914-4438-96D6-AF3120A53C11}" = NetSupport Manager
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8B6FBC3-C28F-49D9-A00A-16283E9A1180}" = ATI RADEON 9700 Pipe Dream Demo v1.1
"{F8CA8A19-48E5-4510-BD5C-B148862D8439}" = 6200_Help
"{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}" = PANTECH UML290
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AltnetDM" = Peer Points Manager
"Amazon3" = Amazon3
"AOL Uninstaller" = AOL Uninstaller
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AXIS Media Control" = AXIS Media Control
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mr97310v_d627f051ae9bfa697d2ded113879197412f3f2b1" = Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 03/30/2004 2.0.0.0
"MSNINST" = MSN
"Need2FindBar Uninstall" =
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"P2P Networking" = P2P Networking
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"Playtime For Baby & Toddler" = Playtime For Baby & Toddler
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickBooks 2000" = QuickBooks Pro 2000
"QuickTime 3.0" = QuickTime 3.0
"Read4632.exe" = Reader Rabbit's Reading Ages 4-6
"RealPlayer 6.0" = RealPlayer Basic
"The ClueFinders® Reading Adventures Ages 9-12" = The ClueFinders® Reading Adventures Ages 9-12
"The Project" = The Project v1.1
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2011 5:52:22 PM | Computer Name = MELANIE | Source = Application Hang | ID = 1002
Description = Hanging application 16899876.exe, version 15.5.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/29/2011 8:13:57 PM | Computer Name = MELANIE | Source = Application Hang | ID = 1002
Description = Hanging application VZAccess Manager.exe, version 7.6.3.5, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/29/2011 9:21:12 PM | Computer Name = MELANIE | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15640, faulting module
gmer.exe, version 1.0.15.15640, fault address 0x0000c676.

Error - 7/1/2011 9:55:52 AM | Computer Name = MELANIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/1/2011 9:55:54 AM | Computer Name = MELANIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/1/2011 9:56:01 AM | Computer Name = MELANIE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/1/2011 9:56:40 AM | Computer Name = MELANIE | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/1/2011 9:24:03 PM | Computer Name = MELANIE | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x000269a9.

Error - 7/2/2011 8:12:51 AM | Computer Name = MELANIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00029f07.

Error - 7/3/2011 6:51:17 PM | Computer Name = MELANIE | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.0.1074, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/27/2011 5:54:29 PM | Computer Name = MELANIE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2011 5:54:29 PM | Computer Name = MELANIE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2011 5:54:29 PM | Computer Name = MELANIE | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 6/27/2011 6:41:02 PM | Computer Name = MELANIE | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 872a9b41, parameter3
ad5c7a78, parameter4 00000000.

Error - 6/28/2011 8:23:35 PM | Computer Name = MELANIE | Source = Dhcp | ID = 1002
Description = The IP address lease 10.172.53.2 for the Network Card with network
address 2C3068C96666 has been denied by the DHCP server 75.193.228.153 (The DHCP
Server sent a DHCPNACK message).

Error - 6/29/2011 5:42:14 PM | Computer Name = MELANIE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 6/29/2011 7:53:16 PM | Computer Name = MELANIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 6/29/2011 7:55:08 PM | Computer Name = MELANIE | Source = Dhcp | ID = 1002
Description = The IP address lease 10.174.27.162 for the Network Card with network
address 2C3068C96666 has been denied by the DHCP server 10.160.240.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/29/2011 8:15:04 PM | Computer Name = MELANIE | Source = Dhcp | ID = 1002
Description = The IP address lease 10.160.240.7 for the Network Card with network
address 2C3068C96666 has been denied by the DHCP server 10.172.114.85 (The DHCP
Server sent a DHCPNACK message).

Error - 7/1/2011 9:24:09 PM | Computer Name = MELANIE | Source = Service Control Manager | ID = 7034
Description = The DNS Client service terminated unexpectedly. It has done this
1 time(s).


< End of report >

OTL logfile created on: 7/5/2011 10:06:07 AM - Run 2
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.73 Mb Total Physical Memory | 406.61 Mb Available Physical Memory | 39.76% Memory free
2.40 Gb Paging File | 1.83 Gb Available in Paging File | 75.96% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 216.04 Gb Free Space | 92.77% Space Free | Partition Type: NTFS

Computer Name: MELANIE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2011/07/05 09:50:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/07/01 09:02:01 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/07/01 09:02:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/25 18:08:23 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/05/04 16:21:22 | 003,537,976 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
PRC - [2011/04/29 06:58:10 | 000,106,496 | ---- | M] (DEVGURU Co., LTD) -- C:\WINDOWS\system32\ptumlcmsvc.exe
PRC - [2010/12/13 09:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/26 12:15:10 | 000,030,128 | ---- | M] (NetSupport Ltd) -- C:\Program Files\NetSupport\NetSupport Manager\client32.exe
PRC - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2004/09/09 22:00:15 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/09/05 11:44:40 | 000,254,050 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
PRC - [2004/07/06 04:05:48 | 002,550,272 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2004/07/01 21:58:14 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/05/18 04:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2004/04/21 13:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2004/03/12 01:18:54 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2004/01/26 20:46:48 | 000,118,784 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2003/08/27 20:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/07/05 09:50:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/01 09:02:01 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/07/01 09:02:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/25 18:08:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/29 06:58:10 | 000,106,496 | ---- | M] (DEVGURU Co., LTD) [Auto | Running] -- C:\WINDOWS\system32\ptumlcmsvc.exe -- (ptumlcmsvc)
SRV - [2008/03/26 12:15:10 | 000,030,128 | ---- | M] (NetSupport Ltd) [Auto | Running] -- C:\Program Files\NetSupport\NetSupport Manager\client32.exe -- (Client32)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2004/11/02 17:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/09/05 11:44:40 | 000,254,050 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe -- (cpextender)
SRV - [2004/04/21 13:16:02 | 001,434,848 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/08/27 20:27:44 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/07/01 09:02:02 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/01 09:02:02 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/29 06:54:28 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTUMLVsp.sys -- (PTUMLVsp)
DRV - [2011/04/29 06:54:28 | 000,059,920 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTUMLRMNET.sys -- (PTUMLRMNET)
DRV - [2011/04/29 06:54:26 | 000,168,848 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTUMLNVsp.sys -- (PTUMLNVsp)
DRV - [2011/04/29 06:54:26 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTUMLMdm.sys -- (PTUMLMdm)
DRV - [2011/04/29 06:54:26 | 000,168,208 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTUMLCVsp.sys -- (PTUMLCVsp)
DRV - [2011/04/29 06:54:26 | 000,080,912 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTUMLNET.sys -- (PTUMLNET)
DRV - [2011/04/29 06:54:24 | 000,059,664 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PTUMLBUS.sys -- (PTUMLBUS)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/14 20:29:22 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/08/10 21:00:38 | 000,059,904 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/08/10 21:00:32 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/08/10 21:00:30 | 000,041,344 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/08/10 21:00:28 | 000,033,024 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2008/03/13 14:05:20 | 000,039,520 | ---- | M] (NetSupport Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pcisys.sys -- (PCISys)
DRV - [2008/03/13 14:05:14 | 000,031,328 | ---- | M] (NetSupport Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gdihook5.sys -- (gdihook5)
DRV - [2008/01/25 10:59:14 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/09/05 01:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2004/09/09 22:00:18 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/09 21:58:27 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/09/05 11:44:40 | 000,108,400 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vna.sys -- (VNA)
DRV - [2004/07/18 08:11:26 | 000,768,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/07 02:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/18 01:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/18 01:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/18 01:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/30 12:29:36 | 000,118,106 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
DRV - [2004/03/22 21:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 21:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/18 01:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2003/01/11 03:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 09:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com

IE - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)



O1 HOSTS File: ([2011/06/27 20:25:36 | 000,435,276 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14981 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Popup-Blocker Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - File not found
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\WebBrowser: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BHR] File not found
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003..\Run: [SpybotSD TeaTimer] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O15 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..Trusted Domains: lensec.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.174.95.44 66.174.92.14
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/03 17:10:11 | 000,000,627 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/09/09 21:47:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a62a6a74-9eb1-11e0-bc26-54554344520d}\Shell - "" = AutoRun
O33 - MountPoints2\{a62a6a74-9eb1-11e0-bc26-54554344520d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a62a6a74-9eb1-11e0-bc26-54554344520d}\Shell\AutoRun\command - "" = L:\KODAK_Software_Downloader.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2011/07/05 09:50:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/29 21:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2011/06/29 21:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\logs
[2011/06/29 21:11:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/06/29 21:10:47 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/06/29 19:03:55 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\killer.com.exe
[2011/06/29 18:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/29 18:49:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[2011/06/27 18:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/06/24 18:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ghgfhdf
[2011/06/22 10:40:31 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2011/06/22 10:40:31 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
[2011/06/20 14:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2011/06/20 13:59:50 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll
[2011/06/20 13:59:50 | 000,168,208 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMLVsp.sys
[2011/06/20 13:59:50 | 000,059,920 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMLRMNET.sys
[2011/06/20 13:59:49 | 000,168,848 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMLNVsp.sys
[2011/06/20 13:59:49 | 000,080,912 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMLNET.sys
[2011/06/20 13:59:48 | 000,168,208 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMLMdm.sys
[2011/06/20 13:59:48 | 000,168,208 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\PTUMLCVsp.sys
[2011/06/20 13:59:48 | 000,059,664 | ---- | C] (DEVGURU Co., LTD.) -- C:\WINDOWS\System32\drivers\PTUMLBUS.sys
[2011/06/20 13:19:18 | 000,415,232 | ---- | C] (DEVGURU Co., LTD) -- C:\WINDOWS\System32\ptumlmcp64.dll
[2011/06/20 13:19:18 | 000,266,240 | ---- | C] (DEVGURU Co., LTD) -- C:\WINDOWS\System32\ptumlmcp.dll
[2011/06/20 13:19:18 | 000,112,128 | ---- | C] (DEVGURU Co., LTD) -- C:\WINDOWS\System32\ptumlqmi64.dll
[2011/06/20 13:19:18 | 000,110,592 | ---- | C] (DEVGURU Co., LTD) -- C:\WINDOWS\System32\ptumlqmi.dll
[2011/06/20 13:19:17 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2011/06/20 10:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows XP Repair
[2011/06/16 09:26:02 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/14 11:23:57 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/08 09:59:52 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/07 10:34:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/07 10:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/07 10:08:36 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/06/07 10:08:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/06/07 10:08:34 | 001,991,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/06/07 10:08:34 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/06/07 10:08:32 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/06/07 10:01:51 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/06/07 09:59:02 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/06/07 09:58:18 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/06/07 09:58:18 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2011/06/07 09:58:18 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/06/07 09:52:39 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/06/07 09:51:04 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/06/07 09:50:01 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/06/07 09:39:49 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/06/07 09:28:21 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/06/07 09:28:19 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/06/07 09:28:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/06/07 09:25:06 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/06/07 09:21:16 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2011/06/07 09:06:28 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/06/07 09:06:28 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011/06/07 09:06:27 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/06/07 09:06:27 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/06/07 09:03:41 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/06/07 09:02:37 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/06/07 09:02:29 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/06/07 09:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/06/07 09:00:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/07 08:31:01 | 000,106,496 | ---- | C] (DEVGURU Co., LTD) -- C:\WINDOWS\System32\ptumlcmsvc.exe
[2011/06/06 21:54:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/06 21:42:49 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/06/06 21:42:49 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/06/06 21:42:47 | 001,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe2.dll
[2011/06/06 21:42:47 | 001,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmoe2.dll
[2011/06/06 21:42:47 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmoe.dll
[2011/06/06 21:42:47 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmod.dll
[2011/06/06 21:42:46 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpdxm.dll
[2011/06/06 21:42:46 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/06/06 21:42:46 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2011/06/06 21:42:45 | 004,886,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2011/06/06 21:42:45 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll
[2011/06/06 21:42:45 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidx.dll
[2011/06/06 21:42:45 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll
[2011/06/06 21:42:44 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2011/06/06 21:42:44 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsnsv.dll
[2011/06/06 21:42:43 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2011/06/06 21:42:43 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll
[2011/06/06 21:42:43 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2011/06/06 21:42:43 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll
[2011/06/06 21:42:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2011/06/06 21:42:43 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2011/06/06 21:42:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2011/06/06 21:42:34 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/06/06 21:42:34 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/06/06 21:42:34 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/06/06 21:42:34 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/06/06 21:42:34 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/06/06 21:42:34 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/06/06 21:42:33 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/06/06 21:42:33 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/06/06 21:42:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/06/06 21:42:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/06/06 21:42:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/06/06 21:42:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/06/06 21:42:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/06/06 21:42:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2011/06/06 21:42:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2011/06/06 21:42:33 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/06/06 21:42:32 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/06/06 21:42:32 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/06/06 21:42:32 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2011/06/06 21:42:32 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/06/06 21:42:32 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/06/06 21:42:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2011/06/06 21:42:32 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2011/06/06 21:42:32 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2011/06/06 21:42:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2011/06/06 21:42:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/06/06 21:42:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/06/06 21:42:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/06/06 21:42:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/06/06 21:42:30 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/06/06 21:42:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/06/06 21:42:30 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/06/06 21:42:30 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/06/06 21:42:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/06/06 21:42:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/06/06 21:42:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/06/06 21:42:29 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/06/06 21:42:29 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2011/06/06 21:42:29 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/06/06 21:42:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/06/06 21:42:29 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/06/06 21:42:29 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2011/06/06 21:42:29 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2011/06/06 21:42:29 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/06/06 21:42:29 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/06/06 21:42:28 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2011/06/06 21:42:28 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/06/06 21:42:28 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/06/06 21:42:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2011/06/06 21:42:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/06/06 21:42:28 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/06/06 21:42:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/06/06 21:42:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011/06/06 21:42:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/06/06 21:42:26 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2011/06/06 21:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/06/06 21:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/06/06 21:42:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/06 21:42:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/06/06 21:40:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/06 21:40:17 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll
[2011/06/06 21:40:16 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmv2clt.dll
[2011/06/06 21:40:16 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2011/06/06 21:40:16 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscp.dll
[2011/06/06 21:40:16 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmclien.dll
[2011/06/06 21:40:16 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2011/06/06 21:40:16 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blackbox.dll
[2011/06/06 21:40:16 | 000,262,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax
[2011/06/06 21:40:16 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnetobj.dll
[2011/06/06 21:40:16 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswmdm.dll
[2011/06/06 21:40:16 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4dmod.dll
[2011/06/06 21:40:16 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2011/06/06 21:40:16 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds32.ax
[2011/06/06 21:40:16 | 000,201,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsp.dll
[2011/06/06 21:40:16 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cewmdm.dll
[2011/06/06 21:40:16 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2011/06/06 21:40:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logagent.exe
[2011/06/06 21:40:16 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmstor.dll
[2011/06/06 21:40:16 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscds32.ax
[2011/06/06 21:40:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2011/06/06 21:40:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\laprxy.dll
[2011/06/06 21:40:16 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/06/06 21:40:15 | 002,940,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll
[2011/06/06 21:40:15 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMNetmgr.dll
[2011/06/06 21:40:15 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2011/06/06 21:40:15 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmod.dll
[2011/06/06 21:40:15 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmadmoe.dll
[2011/06/06 21:40:15 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmadmod.dll
[2011/06/06 21:40:15 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll
[2011/06/06 21:40:15 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmv8ds32.ax
[2011/06/06 21:40:15 | 000,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2011/06/06 21:40:15 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmasf.dll
[2011/06/06 21:40:15 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2011/06/06 21:40:15 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll
[2011/06/06 21:40:15 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll
[2011/06/06 21:40:15 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll
[2011/06/06 21:40:15 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2011/06/06 21:40:15 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmlog.dll
[2011/06/06 21:40:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmps.dll
[2011/06/06 21:40:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll
[2011/06/06 21:40:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll
[2011/06/06 21:40:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll
[2011/06/06 21:40:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx
[2011/06/06 21:40:14 | 002,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\WMVCore.dll
[2011/06/06 21:40:14 | 000,809,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmod.dll
[2011/06/06 21:40:14 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvds32.ax
[2011/06/06 21:38:21 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2011/06/06 21:38:21 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2011/06/06 21:38:21 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2011/06/06 21:38:21 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2011/06/06 21:38:21 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2011/06/06 21:38:21 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2011/06/06 21:38:21 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2011/06/06 21:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/06/06 21:38:20 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/06/06 21:38:20 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/06/06 21:38:20 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/06/06 21:38:20 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/06/06 21:38:20 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/06/06 21:38:20 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/06/06 21:38:20 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/06/06 21:38:20 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/06/06 21:38:20 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/06/06 21:38:20 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/06/06 21:38:20 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/06/06 21:38:20 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/06/06 21:38:20 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/06/06 21:38:20 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/06/06 21:38:20 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/06/06 21:38:20 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/06/06 21:38:20 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/06/06 21:38:20 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/06/06 21:38:20 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/06/06 21:38:19 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/06/06 21:38:19 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/06/06 21:38:19 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2011/06/06 21:38:19 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2011/06/06 21:38:19 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2011/06/06 21:38:19 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2011/06/06 21:38:19 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2011/06/06 21:38:18 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2011/06/06 21:38:18 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2011/06/06 21:38:17 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/06/06 21:38:17 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2011/06/06 21:38:16 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/06/06 21:38:16 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/06/06 21:38:16 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/06/06 21:38:16 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2011/06/06 21:38:15 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2011/06/06 21:38:14 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/06/06 21:38:14 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/06/06 21:38:14 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/06/06 21:38:14 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/06/06 21:38:14 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/06/06 21:38:14 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2011/06/06 21:38:14 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/06/06 21:34:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/06 21:34:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/06/06 14:28:43 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/06/06 14:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Verizon Wireless
[2011/06/06 14:25:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2011/06/06 09:51:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/06/06 09:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/06/06 09:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/06/06 09:50:52 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2011/06/06 09:50:52 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2011/06/06 09:50:52 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2011/06/06 09:50:52 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2011/06/06 09:50:52 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2011/06/06 09:50:52 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2011/06/06 09:50:52 | 000,000,000 | ---D | C] -- C:\ada542978c9aaa9953aca055bb82
[2011/06/06 09:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/06/05 19:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/06/05 19:50:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/05 19:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/05 19:50:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/05 19:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/05 19:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2004/09/09 21:35:37 | 000,013,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2004/09/09 21:35:36 | 000,230,584 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/09/09 21:35:36 | 000,180,592 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/09/09 21:35:36 | 000,013,840 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2004/09/09 21:35:16 | 000,135,168 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2011/07/05 10:07:00 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Update Check (YOUR-5A7DA25F40-Owner).job
[2011/07/05 09:50:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/07/05 09:46:36 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/07/05 09:34:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/05 09:34:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/05 09:34:35 | 1072,480,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 09:34:26 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\pcisys.ntk
[2011/07/03 09:08:36 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/07/01 16:28:13 | 000,000,824 | ---- | M] () -- C:\WINDOWS\disney.ini
[2011/07/01 09:02:02 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/01 09:02:02 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/29 21:19:13 | 000,293,977 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/06/29 21:10:47 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/06/29 21:04:29 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/06/29 21:03:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/06/29 19:03:55 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\killer.com.exe
[2011/06/29 18:56:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 17:01:14 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/06/27 20:25:36 | 000,435,276 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/27 20:24:58 | 000,435,276 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110627-202536.backup
[2011/06/27 18:39:38 | 000,000,868 | ---- | M] () -- C:\WINDOWS\System32\pcimsg.err
[2011/06/27 18:31:28 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/22 11:07:47 | 000,133,844 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Orange%20County%20Staff%20Application.pdf
[2011/06/20 14:01:52 | 000,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2011/06/20 10:53:17 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~26009380
[2011/06/20 10:53:17 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~26009380r
[2011/06/20 10:53:11 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\26009380
[2011/06/17 20:21:20 | 000,441,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/17 20:21:20 | 000,071,176 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/16 21:16:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/16 09:31:10 | 000,824,460 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\coffeewood.jpg
[2011/06/14 11:10:20 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/13 10:02:08 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16703268
[2011/06/12 12:53:56 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18145060r
[2011/06/12 12:53:56 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18145060
[2011/06/12 12:53:40 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18145060
[2011/06/10 16:53:11 | 000,045,644 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\penguins.jpg
[2011/06/10 10:35:40 | 000,488,370 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\masters.pdf
[2011/06/09 07:41:55 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2011/06/08 09:59:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/07 10:39:19 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/06 21:56:07 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/06 21:55:33 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/06 21:55:33 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Media Player.lnk
[2011/06/06 21:37:46 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/06 14:29:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_PTUMLNET_01009.Wdf
[2011/06/06 14:28:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_PTUMLRMNET_01009.Wdf
[2011/06/06 14:28:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/06/05 22:28:42 | 000,284,223 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\label.xps
[2011/06/05 22:23:18 | 000,015,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\kitty.JPG
[2011/06/05 21:54:54 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\Shortcut to system32.lnk
[2011/05/30 18:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/23 18:27:41 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 09:46:36 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RKUnhookerLE.EXE
[2011/06/29 21:19:13 | 000,293,977 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2011/06/29 21:03:31 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2011/06/29 19:57:54 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/06/29 18:54:59 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/28 17:01:14 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16899876
[2011/06/28 09:03:55 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/28 09:03:53 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/28 09:03:52 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/06/28 09:03:51 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\MUSICMATCH Jukebox.lnk
[2011/06/28 09:03:50 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/28 09:03:49 | 000,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VZAccess Manager.lnk
[2011/06/28 09:03:48 | 000,001,847 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Home & Business 2007.lnk
[2011/06/28 09:03:47 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/06/28 09:03:46 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2011/06/28 09:03:44 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NetSupport Manager Control.lnk
[2011/06/28 09:03:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 09:03:42 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Viewer.lnk
[2011/06/28 09:03:41 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Director.lnk
[2011/06/28 09:03:40 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Image Zone.lnk
[2011/06/28 09:03:39 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/28 09:03:34 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2011/06/22 11:07:47 | 000,133,844 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Orange%20County%20Staff%20Application.pdf
[2011/06/20 10:53:17 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~26009380r
[2011/06/20 10:53:16 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~26009380
[2011/06/20 10:53:11 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\26009380
[2011/06/16 13:30:21 | 000,824,460 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\coffeewood.jpg
[2011/06/15 09:05:26 | 1072,480,256 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/13 10:02:08 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16703268
[2011/06/12 13:07:29 | 000,000,868 | ---- | C] () -- C:\WINDOWS\System32\pcimsg.err
[2011/06/12 12:53:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18145060r
[2011/06/12 12:53:55 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18145060
[2011/06/12 12:53:40 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18145060
[2011/06/10 16:53:07 | 000,045,644 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\penguins.jpg
[2011/06/10 10:35:40 | 000,488,370 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\masters.pdf
[2011/06/06 21:55:36 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Outlook Express.lnk
[2011/06/06 21:42:47 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/06/06 21:42:47 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/06/06 21:42:46 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/06/06 21:42:46 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/06/06 21:42:46 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/06/06 21:42:46 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/06/06 21:42:46 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/06/06 21:42:46 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/06/06 21:42:46 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/06/06 21:42:46 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/06/06 21:42:46 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/06/06 21:42:46 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/06/06 21:42:46 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/06/06 21:42:45 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/06/06 21:42:45 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/06/06 21:42:45 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/06/06 21:42:45 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/06/06 21:42:45 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/06/06 21:42:45 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/06/06 21:42:45 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/06/06 21:42:45 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/06/06 21:42:45 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/06/06 21:42:45 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/06/06 21:42:45 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/06/06 21:42:45 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/06/06 21:42:45 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/06/06 21:42:45 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/06/06 21:42:45 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/06/06 21:42:45 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/06/06 21:42:45 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/06/06 21:42:45 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/06/06 21:42:45 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/06/06 21:42:45 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/06/06 21:42:44 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/06/06 21:42:44 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/06/06 21:42:44 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/06/06 21:42:44 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/06/06 21:42:44 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/06/06 21:42:44 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/06/06 21:42:44 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/06/06 21:42:44 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/06/06 21:42:44 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/06/06 21:42:44 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/06/06 21:42:44 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/06/06 21:42:44 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/06/06 21:42:44 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/06/06 21:42:44 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/06/06 21:42:44 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/06/06 21:42:44 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/06/06 21:42:44 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/06/06 21:42:44 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/06/06 21:42:44 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/06/06 21:42:44 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/06/06 21:42:44 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/06/06 21:42:44 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/06/06 21:42:44 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/06/06 21:42:44 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/06/06 21:42:44 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/06/06 21:42:44 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/06/06 21:42:44 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/06/06 21:42:44 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/06/06 21:42:44 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/06/06 21:42:44 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/06/06 21:42:44 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/06/06 21:42:43 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/06/06 21:42:43 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/06/06 21:42:43 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/06/06 21:42:43 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/06/06 21:42:43 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/06/06 21:42:42 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/06/06 21:42:42 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/06/06 21:42:42 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/06/06 21:42:42 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/06/06 21:42:42 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/06/06 21:42:42 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/06/06 21:42:42 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/06/06 21:42:42 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/06/06 21:42:42 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/06/06 21:42:42 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/06/06 21:42:42 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/06/06 21:40:16 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2011/06/06 21:40:16 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2011/06/06 21:40:16 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2011/06/06 21:38:19 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/06/06 21:38:18 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/06/06 21:38:17 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/06/06 14:29:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_PTUMLNET_01009.Wdf
[2011/06/06 14:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_PTUMLRMNET_01009.Wdf
[2011/06/06 14:28:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/06/06 14:26:34 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Verizon Wireless UML290 Firmware Updates.lnk
[2011/06/05 22:28:37 | 000,284,223 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\label.xps
[2011/06/05 22:23:18 | 000,015,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\kitty.JPG
[2011/06/05 21:54:54 | 000,000,435 | ---- | C] () -- C:\WINDOWS\System32\Shortcut to system32.lnk
[2010/08/04 14:57:34 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2010/08/04 14:56:06 | 000,000,043 | ---- | C] () -- C:\WINDOWS\Tlcpromo.ini
[2010/03/10 14:12:06 | 000,036,918 | ---- | C] () -- C:\WINDOWS\System32\pcimsg.dll
[2010/03/10 14:12:06 | 000,020,542 | ---- | C] () -- C:\WINDOWS\System32\pcivdd.dll
[2009/06/17 14:21:06 | 000,000,591 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008/07/09 14:03:22 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/02/22 12:01:20 | 000,000,311 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/02/22 11:59:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/09/28 12:11:52 | 000,000,399 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/08/03 19:23:25 | 000,000,637 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2007/08/03 19:22:27 | 000,000,824 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/03/15 14:08:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2007/03/15 14:08:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2007/03/15 13:24:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\QBWCD.INI
[2007/03/15 13:23:50 | 000,006,838 | ---- | C] () -- C:\WINDOWS\Icoadb32.dat
[2006/11/27 16:05:57 | 000,000,026 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2006/03/01 21:06:52 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2005/11/23 09:03:30 | 000,000,026 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/09/22 20:30:36 | 000,000,504 | ---- | C] () -- C:\WINDOWS\EPSQ20.INI
[2005/04/15 19:04:21 | 000,000,680 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2005/04/10 18:11:20 | 000,000,804 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2005/04/10 18:09:59 | 000,000,160 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/04/10 18:04:09 | 000,000,139 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/04/10 17:47:55 | 000,000,045 | ---- | C] () -- C:\WINDOWS\STORYMKR.INI
[2005/04/10 09:13:17 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/04/09 10:00:20 | 000,104,265 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2005/04/09 10:00:20 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2005/02/14 19:16:51 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/12/23 12:49:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/23 12:06:09 | 000,003,486 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2004/09/27 15:34:56 | 000,000,482 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/20 10:04:07 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2004/09/20 09:59:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/20 09:59:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/09/20 09:59:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/09/20 09:59:22 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/09/20 09:59:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/09/20 09:59:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/09/20 09:58:34 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/09/20 09:58:33 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/09/20 09:57:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/09/20 09:56:43 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/09/11 19:58:11 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2004/09/11 19:58:11 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/09/11 19:58:11 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2004/09/11 19:58:11 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/09/10 15:27:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/09 21:59:23 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/09/09 21:52:24 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/09/09 21:49:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/09/09 21:46:16 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/09 21:35:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/09/09 21:35:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/09/09 21:35:16 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2004/09/09 21:35:16 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/09/09 21:35:14 | 000,000,982 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/09 21:35:14 | 000,000,495 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/09/09 21:34:52 | 000,441,432 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/09/09 21:34:52 | 000,071,176 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/09/09 14:42:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/09 14:41:22 | 000,284,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

< End of report >

thanks for all your help

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:24 PM

Posted 05 July 2011 - 01:34 PM

Hi melaniemm1981!

Do you recognize this folder?

[2011/06/24 18:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ghgfhdf


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    IE - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:8080
    O2 - BHO: (Popup-Blocker Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - File not found
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
    O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\WebBrowser: (no name) - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - No CLSID value found.
    O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
    O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - No CLSID value found.
    O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O3 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
    O4 - HKLM..\Run: [BHR] File not found
    O4 - HKU\S-1-5-21-675547699-2295356595-1090387191-1003..\Run: [SpybotSD TeaTimer] File not found
    O18 - Protocol\Filter\text/html - No CLSID value found
    O33 - MountPoints2\{a62a6a74-9eb1-11e0-bc26-54554344520d}\Shell - "" = AutoRun
    O33 - MountPoints2\{a62a6a74-9eb1-11e0-bc26-54554344520d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{a62a6a74-9eb1-11e0-bc26-54554344520d}\Shell\AutoRun\command - "" = L:\KODAK_Software_Downloader.exe
    [2011/06/20 10:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows XP Repair
    [2011/06/14 11:23:57 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.0.1200.exe
    [2011/06/28 17:01:14 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16899876
    [2011/06/27 20:24:58 | 000,435,276 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110627-202536.backup
    [2011/06/20 10:53:17 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~26009380
    [2011/06/20 10:53:17 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~26009380r
    [2011/06/20 10:53:11 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\26009380
    [2011/06/13 10:02:08 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16703268
    [2011/06/12 12:53:56 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18145060r
    [2011/06/12 12:53:56 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~18145060
    [2011/06/12 12:53:40 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18145060
    [2011/06/28 17:01:14 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16899876
    [2011/06/20 10:53:17 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~26009380r
    [2011/06/20 10:53:16 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~26009380
    [2011/06/20 10:53:11 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\26009380
    [2011/06/13 10:02:08 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16703268
    [2011/06/12 12:53:56 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18145060r
    [2011/06/12 12:53:55 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18145060
    [2011/06/12 12:53:40 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18145060
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\DOCUME~1\Owner\LOCALS~1\Temp\jcshzfk.exe"=-
    :Files
    C:\DOCUME~1\Owner\LOCALS~1\Temp\jcshzfk.exe
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



I would like you to run this tool for me - fixTDSS

Please download it to your Destkop and start the program.

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

After it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:24 PM

Posted 09 July 2011 - 12:43 PM

Due to lack of feedback this thread will now be closed. If you still require assistance, and would like to have your thread re-opened, please feel free to send me a Private Message (PM) being sure to include a link to your topic, and I'd be happy to re-open it.


Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users