Free Malware Removal Forum

by **FireItUp** » June 10th, 2011, 11:19 pm

I have Windows XP. It started with a fake scan of my computer saying it was going to crash, low internal memory, and asked me to download and run an update. I turned off the copmuter and ran Malwarebytes. It deleted a bunch of stuff. I then restored my computer back to a few days prior when everything was kosher. After I restarted, the prior problem was gone, but I had new issues.

All of my favorite websites are gone. I believe they are just hidden because when I tried to save new ones it would say they already existed. I later noticed that whole albums of pictures would appear to be there, but there were no pictures in the folders anymore. All of my music files are missing as well. My internet search functions(Google, Bing, Yahoo!, etc.) all don't work anymore. I get re-directed to a variety of other websites. I've had to come here in the past, and you guys are the best. I anxiously await your instructions and thanks in advance for the help!

The logs...

.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 22:00:34 on 2011-06-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.110 [GMT -5:00]
.
AV: Norton AntiVirus *Disabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\twain_32\ScanWiz5\SDII.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\gcdef32.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\system32\dsprop32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotsheet.com/
uSearch Page = hxxp://srch-us10.hpwis.com/
uDefault_Page_URL = hxxp://us10.hpwis.com/
uDefault_Search_URL = hxxp://srch-us10.hpwis.com/
uSearch Bar = hxxp://srch-us10.hpwis.com/
mSearch Bar = hxxp://srch-us10.hpwis.com/
uInternet Settings,ProxyOverride = localhost;*.local
BHO: {0f84fa30-2254-48dc-a38e-10566633c100} - c:\windows\system32\Audio3D32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: 50aeabc7: {90bb8867-7439-8011-d2b1-85e3a968eb4c} - c:\windows\system32\kbdsmsfi32.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton antivirus\NavShExt.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton antivirus\NavShExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RecordNow!]
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [BackupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [CamMonitor] c:\program files\hp\digital imaging\unload\hpqcmon.exe
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [LTMSG] LTMSG.exe 7
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [ccRegVfy] "c:\program files\common files\symantec shared\ccRegVfy.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSub.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe -logon
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\windows\twain_32\scanwiz5\SDII.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: SpSubLSP.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 8478425718
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/B ... ofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
TCP: Interfaces\{37D7F4DB-CE2D-4082-8953-9B05003A8364} : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\kbdsmsfi32.dll
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton antivirus\savrtpel.sys [2009-3-9 37000]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2009-3-9 255600]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2009-3-9 235120]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-7-22 266240]
R4 Apple Mobile Device32;Apple Mobile Device ;c:\windows\system32\dsprop32.exe [2011-6-9 772096]
S2 mrtRate;mrtRate; [x]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2009-3-9 87664]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-3-18 18560]
S3 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton antivirus\navapsvc.exe [2003-8-18 158376]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20030924.008\NAVENG.Sys [2003-10-14 67800]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20030924.008\NavEx15.Sys [2003-10-14 539576]
S3 SAVRT;SAVRT;c:\program files\norton antivirus\savrt.sys [2009-3-9 305288]
S3 SAVScan;SAVScan;c:\program files\norton antivirus\SAVScan.exe [2003-8-10 193816]
.
=============== Created Last 30 ================
.
2011-06-10 01:32:33 772096 ----a-w- c:\windows\system32\gcdef32.exe
2011-06-10 01:32:32 171008 ----a-w- c:\windows\system32\kbdsmsfi32.dll
2011-06-10 01:32:28 772096 ----a-w- c:\windows\system32\dsprop32.exe
2011-06-10 01:32:23 357888 ----a-w- c:\windows\system32\Audio3D32.dll
2011-06-10 01:32:20 772096 ----a-w- c:\documents and settings\owner\0.9154458141113709.exe
2011-05-19 12:41:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-19 12:41:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-19 04:48:11 0 ----a-w- c:\windows\Kvesalazah.bin
2011-05-19 04:48:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\{F9404854-DA84-4CB7-8DE2-CC7EF579CC21}
.
==================== Find3M ====================
.
.
============= FINISH: 22:03:01.87 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-11.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/7/2009 10:07:28 PM
System Uptime: 6/8/2011 4:44:57 PM (54 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Kamet2
Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2158/166mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 147 GiB total, 17.039 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.934 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
K: is CDROM ()
L: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP643: 3/13/2011 10:08:35 PM - System Checkpoint
RP644: 3/14/2011 10:12:03 PM - System Checkpoint
RP645: 3/16/2011 1:50:42 AM - System Checkpoint
RP646: 3/16/2011 3:00:18 AM - Software Distribution Service 3.0
RP647: 3/17/2011 3:23:50 AM - System Checkpoint
RP648: 3/18/2011 7:23:49 AM - System Checkpoint
RP649: 3/19/2011 11:24:54 AM - System Checkpoint
RP650: 3/20/2011 2:06:22 PM - System Checkpoint
RP651: 3/21/2011 5:25:52 PM - System Checkpoint
RP652: 3/22/2011 9:09:54 PM - System Checkpoint
RP653: 3/24/2011 12:37:56 AM - System Checkpoint
RP654: 3/24/2011 3:00:18 AM - Software Distribution Service 3.0
RP655: 3/25/2011 3:00:24 AM - Software Distribution Service 3.0
RP656: 3/26/2011 4:04:05 AM - System Checkpoint
RP657: 3/27/2011 8:03:54 AM - System Checkpoint
RP658: 3/28/2011 12:04:58 PM - System Checkpoint
RP659: 3/29/2011 4:05:00 PM - System Checkpoint
RP660: 3/30/2011 8:04:57 PM - System Checkpoint
RP661: 3/31/2011 8:09:11 PM - System Checkpoint
RP662: 4/2/2011 12:04:58 AM - System Checkpoint
RP663: 4/3/2011 4:03:45 AM - System Checkpoint
RP664: 4/4/2011 8:14:57 AM - System Checkpoint
RP665: 4/5/2011 12:04:50 PM - System Checkpoint
RP666: 4/6/2011 4:03:47 PM - System Checkpoint
RP667: 4/7/2011 4:04:53 PM - System Checkpoint
RP668: 4/8/2011 4:11:33 PM - System Checkpoint
RP669: 4/9/2011 8:13:10 PM - System Checkpoint
RP670: 4/11/2011 12:05:18 AM - System Checkpoint
RP671: 4/12/2011 4:05:19 AM - System Checkpoint
RP672: 4/13/2011 8:04:13 AM - System Checkpoint
RP673: 4/14/2011 12:05:19 PM - System Checkpoint
RP674: 4/15/2011 3:00:51 AM - Software Distribution Service 3.0
RP675: 4/16/2011 3:35:56 AM - System Checkpoint
RP676: 4/17/2011 7:35:37 AM - System Checkpoint
RP677: 4/18/2011 11:36:40 AM - System Checkpoint
RP678: 4/19/2011 3:36:40 PM - System Checkpoint
RP679: 4/20/2011 7:36:40 PM - System Checkpoint
RP680: 4/21/2011 8:08:25 PM - System Checkpoint
RP681: 4/22/2011 3:00:31 AM - Software Distribution Service 3.0
RP682: 4/23/2011 5:02:26 AM - System Checkpoint
RP683: 4/24/2011 9:02:26 AM - System Checkpoint
RP684: 4/25/2011 9:15:32 AM - System Checkpoint
RP685: 4/26/2011 1:07:05 PM - System Checkpoint
RP686: 4/27/2011 5:03:31 PM - System Checkpoint
RP687: 4/28/2011 3:00:25 AM - Software Distribution Service 3.0
RP688: 4/29/2011 5:02:27 AM - System Checkpoint
RP689: 4/30/2011 9:02:35 AM - System Checkpoint
RP690: 5/1/2011 1:03:37 PM - System Checkpoint
RP691: 5/2/2011 5:03:38 PM - System Checkpoint
RP692: 5/3/2011 9:03:40 PM - System Checkpoint
RP693: 5/5/2011 1:03:38 AM - System Checkpoint
RP694: 5/6/2011 5:02:32 AM - System Checkpoint
RP695: 5/7/2011 7:49:33 AM - System Checkpoint
RP696: 5/8/2011 11:26:25 AM - System Checkpoint
RP697: 5/9/2011 3:25:21 PM - System Checkpoint
RP698: 5/10/2011 3:30:59 PM - System Checkpoint
RP699: 5/11/2011 3:00:34 AM - Software Distribution Service 3.0
RP700: 5/12/2011 3:25:20 AM - System Checkpoint
RP701: 5/13/2011 3:26:25 AM - System Checkpoint
RP702: 5/14/2011 7:25:21 AM - System Checkpoint
RP703: 5/15/2011 11:26:25 AM - System Checkpoint
RP704: 5/16/2011 1:40:10 PM - System Checkpoint
RP705: 5/17/2011 1:41:14 PM - System Checkpoint
RP706: 5/18/2011 5:41:16 PM - System Checkpoint
RP707: 5/19/2011 7:37:15 AM - Restore Operation
RP708: 5/20/2011 7:47:01 AM - System Checkpoint
RP709: 5/21/2011 8:53:28 AM - System Checkpoint
RP710: 5/22/2011 2:27:52 PM - System Checkpoint
RP711: 5/23/2011 4:27:24 PM - System Checkpoint
RP712: 5/24/2011 8:27:22 PM - System Checkpoint
RP713: 5/26/2011 12:26:18 AM - System Checkpoint
RP714: 5/27/2011 4:26:23 AM - System Checkpoint
RP715: 5/28/2011 9:19:51 AM - System Checkpoint
RP716: 5/29/2011 12:21:20 PM - System Checkpoint
RP717: 5/30/2011 4:21:22 PM - System Checkpoint
RP718: 5/31/2011 6:15:54 PM - System Checkpoint
RP719: 6/1/2011 8:22:30 PM - System Checkpoint
RP720: 6/2/2011 11:19:33 PM - System Checkpoint
RP721: 6/4/2011 1:55:33 AM - System Checkpoint
RP722: 6/5/2011 5:54:29 AM - System Checkpoint
RP723: 6/6/2011 9:54:26 AM - System Checkpoint
RP724: 6/7/2011 9:55:34 AM - System Checkpoint
RP725: 6/8/2011 10:28:19 AM - System Checkpoint
RP726: 6/9/2011 12:49:30 PM - System Checkpoint
RP727: 6/10/2011 4:50:25 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
AiO_Scan
AIOMinimal
AiOSoftware
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft ShowBiz 2
ArtistScope Plugin IE 42
Bing Bar
Bing Rewards Client Installer
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bonjour
Bounce Symphony from Hewlett-Packard Desktops (remove only)
CC_ccStart
ccCommon
Colors, Shapes & More
Copy
Coupon Printer for Windows
CreativeProjects
Director
DocProc
Easy Internet Sign-up
Excavation from Hewlett-Packard Desktops (remove only)
Fax
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
hp deskjet 3600
HP Deskjet Preloaded Printer Drivers
HP Instant Support
HP Organize
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photo Creations
HP PSC & OfficeJet 3.0
HP Update
HPIZ311
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
iConcepts Music Express
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java(TM) 6 Update 23
KBD
KODAK EASYSHARE Gallery Upload ActiveX Control
KODAK Gallery Upload Software
LeapFrog Connect
LeapFrog Tag Plugin
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Malwarebytes' Anti-Malware
MediaCoder 0.7.2.4535
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft Works 7.0
MobileMe Control Panel
Move Media Player
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton Personal Firewall
Norton WMI Update
NVIDIA GART Driver
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
Palm
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
PrintScreen
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
QuickTime
Readme
RealPlayer
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Safari
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
SkinsHP2
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
SpamSubtract
Spelling Dictionaries Support For Adobe Reader 9
SymNet
toolkit
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
WebFldrs XP
WebReg
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
Zone Deluxe Games
.
==== Event Viewer Messages From Past Week ========
.
6/3/2011 9:51:25 AM, error: Service Control Manager [7034] - The SymWMI Service service terminated unexpectedly. It has done this 1 time(s).
6/3/2011 9:51:24 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SymWSC service.
6/3/2011 9:50:51 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/3/2011 9:50:51 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/3/2011 9:50:51 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

by **askey127** » June 13th, 2011, 3:40 pm

Checking your logs.
be back soon.

by **askey127** » June 13th, 2011, 4:01 pm

Hi FireItUp,
Please don't scan, remove or Install anything unless I ask, until we are through cleaning.
We will remove some unneeded programs, and some obsolete software that allowed your computer to become infected.
Later, we will replace some of them.
Please do each task in the order given. There is quite a bit here but it should go OK, just take one item at a time.
-------------------------------------------------------
Download and Run Unhide
New tool to fix files that were made hidden by the HDD Defrag rogues.
This program unhide.exe will attrib -h all files located on the computer's fixed disks.
Please note that this will unhide even those that are purposely hidden.
Will not touch files that are system files and meant to be hidden by Windows.

http://download.bleepingcomputer.com/grinler/unhide.exe
Save to your desktop and double click to run it.
-----------------------------------------------------------
Disable WinPatrol
- Right Click the 'Scotty Dog' icon in the system tray
- Click Options
- At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts
-Click the X to end program.
- Right Click the 'Scotty Dog' icon in the system tray again
- Click Exit Program
WinPatrol is now disabled and will not start at bootup.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
-----------------------------------------------------------
While you are uninstalling programs, don't do anything else, and don't surf the internet until this whole set of instructions is complete.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
If any removal fails, just proceed to the next.

Adobe Reader 9.1.2 <== this is obsolete and unsafe
Coupon Printer for Windows <== this will subject you to adware
Java 2 Runtime Environment, SE v1.4.2 <== this will get your computer infected
Java Auto Updater
Java(TM) 6 Update 23
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation) <== this will allow your computer to get infected by being out of date.
Norton AntiVirus Parent MSI
Norton Personal Firewall
Norton WMI Update
PC-Doctor for Windows

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------
Install Antivir
Double Click the Avira Antivir Installer you saved on your desktop, and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
IMPORTANT >> tell it to DELETE or QUARANTINE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
askey127

by **FireItUp** » June 15th, 2011, 8:07 am

Thanks for the help/ Here's the report...

Avira AntiVir Personal
Report file date: Tuesday, June 14, 2011 23:45

Scanning for 2767955 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : YOUR-FSYLY0JTWN

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/1/2011 22:07:43
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2011 22:07:57
LUKE.DLL : 10.0.3.2 104296 Bytes 4/1/2011 22:07:53
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 21:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 04:40:03
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 04:40:12
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 04:40:12
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 04:40:12
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 04:40:12
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 04:40:13
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 04:40:13
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 04:40:13
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 04:40:14
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 04:40:14
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 04:40:15
VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 04:40:16
VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 04:40:17
VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 04:40:18
VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 04:40:18
VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 04:40:20
VBASE019.VDF : 7.11.9.172 141824 Bytes 6/14/2011 04:40:21
VBASE020.VDF : 7.11.9.173 2048 Bytes 6/14/2011 04:40:21
VBASE021.VDF : 7.11.9.174 2048 Bytes 6/14/2011 04:40:21
VBASE022.VDF : 7.11.9.175 2048 Bytes 6/14/2011 04:40:21
VBASE023.VDF : 7.11.9.176 2048 Bytes 6/14/2011 04:40:21
VBASE024.VDF : 7.11.9.177 2048 Bytes 6/14/2011 04:40:22
VBASE025.VDF : 7.11.9.178 2048 Bytes 6/14/2011 04:40:22
VBASE026.VDF : 7.11.9.179 2048 Bytes 6/14/2011 04:40:22
VBASE027.VDF : 7.11.9.180 2048 Bytes 6/14/2011 04:40:22
VBASE028.VDF : 7.11.9.181 2048 Bytes 6/14/2011 04:40:22
VBASE029.VDF : 7.11.9.182 2048 Bytes 6/14/2011 04:40:23
VBASE030.VDF : 7.11.9.183 2048 Bytes 6/14/2011 04:40:23
VBASE031.VDF : 7.11.9.199 74752 Bytes 6/15/2011 04:40:24
Engineversion : 8.2.5.14
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/28/2011 21:15:27
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/15/2011 04:40:40
AESCN.DLL : 8.1.7.2 127349 Bytes 3/28/2011 21:15:27
AESBX.DLL : 8.2.1.34 323957 Bytes 6/15/2011 04:40:40
AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 17:21:38
AEPACK.DLL : 8.2.6.8 557430 Bytes 6/15/2011 04:40:37
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/15/2011 04:40:36
AEHEUR.DLL : 8.1.2.125 3543415 Bytes 6/15/2011 04:40:35
AEHELP.DLL : 8.1.17.2 246135 Bytes 6/15/2011 04:40:29
AEGEN.DLL : 8.1.5.6 401780 Bytes 6/15/2011 04:40:28
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/28/2011 21:15:19
AECORE.DLL : 8.1.21.1 196983 Bytes 6/15/2011 04:40:26
AEBB.DLL : 8.1.1.0 53618 Bytes 3/28/2011 21:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/28/2011 21:15:31
AVPREF.DLL : 10.0.0.0 44904 Bytes 4/1/2011 22:07:42
AVREP.DLL : 10.0.0.10 174120 Bytes 6/15/2011 04:40:42
AVREG.DLL : 10.0.3.2 53096 Bytes 4/1/2011 22:07:42
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/1/2011 22:07:43
AVARKT.DLL : 10.0.22.6 231784 Bytes 4/1/2011 22:07:38
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 4/1/2011 22:07:41
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/28/2011 21:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 3/28/2011 21:15:39
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 4/1/2011 22:07:58
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/28/2011 21:15:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, June 14, 2011 23:45

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '41' Module(s) have been scanned
Scan process 'dllhost.exe' - '62' Module(s) have been scanned
Scan process 'dllhost.exe' - '46' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '71' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'avgnt.exe' - '52' Module(s) have been scanned
Scan process 'sched.exe' - '57' Module(s) have been scanned
Scan process 'avshadow.exe' - '27' Module(s) have been scanned
Scan process 'avguard.exe' - '57' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '124' Module(s) have been scanned
Scan process 'alg.exe' - '36' Module(s) have been scanned
Scan process 'iPodService.exe' - '31' Module(s) have been scanned
Scan process 'SpamSub.exe' - '29' Module(s) have been scanned
Scan process 'BackWeb-137903.exe' - '79' Module(s) have been scanned
Scan process 'SDII.exe' - '26' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '47' Module(s) have been scanned
Scan process 'MEAutoDetect.exe' - '22' Module(s) have been scanned
Scan process 'ctfmon.exe' - '26' Module(s) have been scanned
Scan process 'MSMSGS.EXE' - '45' Module(s) have been scanned
Scan process 'CommandService.exe' - '24' Module(s) have been scanned
Scan process 'CSHelper.exe' - '17' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '73' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '36' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '19' Module(s) have been scanned
Scan process 'qttask.exe' - '20' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned
Scan process 'Monitor.exe' - '33' Module(s) have been scanned
Scan process 'realsched.exe' - '29' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '33' Module(s) have been scanned
Scan process 'hpztsb08.exe' - '21' Module(s) have been scanned
Scan process 'shwicon2k.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'LTMSG.exe' - '16' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '76' Module(s) have been scanned
Scan process 'VTTimer.exe' - '19' Module(s) have been scanned
Scan process 'KBD.EXE' - '48' Module(s) have been scanned
Scan process 'hphmon05.exe' - '26' Module(s) have been scanned
Scan process 'hpqcmon.exe' - '32' Module(s) have been scanned
Scan process 'Explorer.EXE' - '152' Module(s) have been scanned
Scan process 'spoolsv.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '166' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'lsass.exe' - '61' Module(s) have been scanned
Scan process 'services.exe' - '57' Module(s) have been scanned
Scan process 'winlogon.exe' - '67' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1736' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Spyhunter.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\Default User\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-11-05 23-40-35.txt
[DETECTION] Contains recognition pattern of the HTML/Exploit.Mhtml HTML script virus
C:\Documents and Settings\Default User\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-11-06 00-00-54.txt
[DETECTION] Contains recognition pattern of the HTML/Exploit.Mhtml HTML script virus
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\0\6685d300-47c559b5
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.A exploit
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\19\4575d713-66334979
[DETECTION] Is the TR/Dldr.Karagany.B.2 Trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\48\17aac0f0-12e601a6
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\58\67fa047a-523814e2
[0] Archive type: ZIP
[DETECTION] Is the TR/Horse.CSU Trojan
--> quote/Gmerrews.class
[DETECTION] Is the TR/Horse.CSU Trojan
--> quote/GReader.class
[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\58\67fa047a-5b1ca7f2
[0] Archive type: ZIP
[DETECTION] Is the TR/Horse.CSU Trojan
--> quote/Gmerrews.class
[DETECTION] Is the TR/Horse.CSU Trojan
--> quote/GReader.class
[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\58\67fa047a-65f299bf
[0] Archive type: ZIP
[DETECTION] Is the TR/Horse.CSU Trojan
--> quote/Gmerrews.class
[DETECTION] Is the TR/Horse.CSU Trojan
--> quote/GReader.class
[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\6\702d6a46-40d1a0ce
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.HQ Java virus
--> a02cca0dac6.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HQ Java virus
--> a2e33f4ffb1.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IJ Java virus
--> a711534f5ae.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IN Java virus
--> ae8e44dfc9f.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IR Java virus
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\6\702d6a46-5fe9024a
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.HQ Java virus
--> a02cca0dac6.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HQ Java virus
--> a2e33f4ffb1.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IJ Java virus
--> a711534f5ae.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IN Java virus
--> ae8e44dfc9f.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IR Java virus
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\6\702d6a46-767194bb
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.HQ Java virus
--> a02cca0dac6.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.HQ Java virus
--> a2e33f4ffb1.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IJ Java virus
--> a711534f5ae.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IN Java virus
--> ae8e44dfc9f.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.IR Java virus
C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache9208952209705633476.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Small.AH Java virus
--> google/gijupo.class
[DETECTION] Contains recognition pattern of the JAVA/Small.AH Java virus
--> google/jora.class
[DETECTION] Contains recognition pattern of the JAVA/Small.AG Java virus
--> google/kopler.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.KC Java virus
--> google/maria.class
[DETECTION] Contains recognition pattern of the JAVA/Small.AI Java virus
--> google/opeltur.class
[DETECTION] Contains recognition pattern of the JAVA/Small.AJ Java virus
C:\Program Files\Art Dept\IE\SetupHelper.dll
[0] Archive type: RSRC
[DETECTION] Is the TR/Agent.PQ Trojan
--> Object
[DETECTION] Is the TR/Agent.PQ Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP706\A0054811.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP706\A0054812.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP706\A0054817.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP706\A0054818.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP707\A0054857.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP707\A0054862.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP707\A0054866.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-11-05 23-40-35.txt
[DETECTION] Contains recognition pattern of the HTML/Exploit.Mhtml HTML script virus
C:\WINDOWS\system32\config\systemprofile\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-11-06 00-00-54.txt
[DETECTION] Contains recognition pattern of the HTML/Exploit.Mhtml HTML script virus
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\WINDOWS\system32\config\systemprofile\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-11-06 00-00-54.txt
[DETECTION] Contains recognition pattern of the HTML/Exploit.Mhtml HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '46ca04c6.qua'.
C:\WINDOWS\system32\config\systemprofile\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-11-05 23-40-35.txt
[DETECTION] Contains recognition pattern of the HTML/Exploit.Mhtml HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '5e5d2b62.qua'.
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP707\A0054866.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0c0f71d6.qua'.
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP707\A0054862.sys
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6a383e14.qua'.
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP707\A0054857.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2fbc132a.qua'.
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP706\A0054818.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '50a7214b.qua'.
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP706\A0054817.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1c1f0d01.qua'.
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP706\A0054812.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '60074d51.qua'.
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP706\A0054811.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d5d621c.qua'.
C:\Program Files\Art Dept\IE\SetupHelper.dll
[DETECTION] Is the TR/Agent.PQ Trojan
[NOTE] The file was moved to the quarantine directory under the name '547159db.qua'.
C:\Documents and Settings\Owner\Local Settings\Temp\jar_cache9208952209705633476.tmp
[DETECTION] Contains recognition pattern of the JAVA/Small.AJ Java virus
[NOTE] The file was moved to the quarantine directory under the name '382b75e8.qua'.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\6\702d6a46-767194bb
[DETECTION] Contains recognition pattern of the JAVA/Agent.HQ Java virus
[NOTE] The file was moved to the quarantine directory under the name '49d24c22.qua'.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\6\702d6a46-5fe9024a
[DETECTION] Contains recognition pattern of the JAVA/Agent.HQ Java virus
[NOTE] The file was moved to the quarantine directory under the name '47c87ce5.qua'.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\6\702d6a46-40d1a0ce
[DETECTION] Contains recognition pattern of the JAVA/Agent.HQ Java virus
[NOTE] The file was moved to the quarantine directory under the name '02e105a7.qua'.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\58\67fa047a-65f299bf
[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit
[NOTE] The file was moved to the quarantine directory under the name '0b9e0105.qua'.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\58\67fa047a-5b1ca7f2
[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit
[NOTE] The file was moved to the quarantine directory under the name '53df186c.qua'.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\58\67fa047a-523814e2
[DETECTION] Contains recognition pattern of the EXP/Java.Agent.F.6 exploit
[NOTE] The file was moved to the quarantine directory under the name '7f2b61a0.qua'.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\48\17aac0f0-12e601a6
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent Java virus
[NOTE] The file was moved to the quarantine directory under the name '41d2017a.qua'.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\19\4575d713-66334979
[DETECTION] Is the TR/Dldr.Karagany.B.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '22aa2a0a.qua'.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\0\6685d300-47c559b5
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-4452.A exploit
[NOTE] The file was moved to the quarantine directory under the name '047d6a14.qua'.
C:\Documents and Settings\Default User\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-11-06 00-00-54.txt
[DETECTION] Contains recognition pattern of the HTML/Exploit.Mhtml HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '36fc11e3.qua'.
C:\Documents and Settings\Default User\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-11-05 23-40-35.txt
[DETECTION] Contains recognition pattern of the HTML/Exploit.Mhtml HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '3cb93a9d.qua'.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Spyhunter.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '03be5ecc.qua'.

End of the scan: Wednesday, June 15, 2011 07:04
Used time: 2:45:45 Hour(s)

The scan has been done completely.

21219 Scanned directories
647477 Files were scanned
42 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
23 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
647434 Files not concerned
15083 Archives were scanned
0 Warnings
24 Notes
493498 Objects were scanned with rootkit scan
1 Hidden objects were found

by **askey127** » June 15th, 2011, 5:22 pm

FireItUp,
That is quite a few infected files.
Let's check for others.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware

As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab. Choose Check for Updates.
After the update have been completed, select the Settings tab, then the Scanner Settings tab
For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
Select to the Scanner tab.
Select Perform Quick scan, then click on Scan
When done, you will be prompted. Click OK. If Items are found, then click on Show Results
Check all items then click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply.

The log can also be found here:
1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
---------------------------------------------
Run a Scan with OTL

Download OTL to your desktop.
You can also download OTL from HERE
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, In the Standard Registry box, click All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
  as OTL (should be on your desktop).
- Make sure Notepad's Format, Wordwrap is unchecked.
- Please copy the contents of each of these files, one at a time, and post them in your next reply.
Use separate replies if you wish.

---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:

The log from malwarebytes
OTL.txt
Extras.txt

Please feel free to use separate replies.
The Extras.txt file will only show up the very first time you run OTL.

askey127

by **FireItUp** » June 15th, 2011, 10:48 pm

Here is the MB log. I'll post the others in a bit when I get a minute to run it...

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6865

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/15/2011 9:29:12 PM
mbam-log-2011-06-15 (21-29-12).txt

Scan type: Quick scan
Objects scanned: 178197
Time elapsed: 13 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\audio3d32.dll (Trojan.Tracur.PGen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0F84FA30-2254-48DC-A38E-10566633C100} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F84FA30-2254-48DC-A38E-10566633C100} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F84FA30-2254-48DC-A38E-10566633C100} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F84FA30-2254-48DC-A38E-10566633C100} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Apple Mobile Device32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\audio3d32.dll (Trojan.Tracur.PGen) -> Delete on reboot.
c:\WINDOWS\system32\dsprop32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gcdef32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\0.9154458141113709.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000d600c8ea1270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000d600c8ea1270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000d600c8ea1270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000d600c8ea1270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\Adobe\plugs\mmc223848078.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\0.4263983452486394.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

by **FireItUp** » June 15th, 2011, 11:15 pm

OTL.txt log...

OTL logfile created on: 6/15/2011 10:07:16 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 241.37 Mb Available Physical Memory | 53.94% Memory free
1.03 Gb Paging File | 0.71 Gb Available in Paging File | 69.05% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.14 Gb Total Space | 38.81 Gb Free Space | 26.38% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.93 Gb Free Space | 16.95% Space Free | Partition Type: FAT32

Computer Name: YOUR-FSYLY0JTWN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 22:04:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/12/12 01:18:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/22 21:02:23 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/14 05:44:29 | 000,374,104 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2004/10/22 12:53:06 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2003/10/11 00:26:40 | 000,016,384 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
PRC - [2003/08/14 21:11:32 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/07/14 19:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/07/07 18:50:08 | 000,557,056 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSub.exe
PRC - [2003/05/23 04:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/03/12 06:23:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2002/10/07 09:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
PRC - [2001/07/23 16:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

========== Modules (SafeList) ==========

MOD - [2011/06/15 22:04:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:12:05 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\security.dll
MOD - [2003/10/11 00:26:40 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/07/22 21:02:23 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/11/10 09:27:06 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/09/22 22:04:39 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/09/25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/09/03 11:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/03 01:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/08/13 22:50:36 | 000,039,648 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/07/30 04:15:00 | 000,126,348 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2003/07/30 04:15:00 | 000,013,006 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 01:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/19 03:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 FA 84 0F 54 22 DC 48 A3 8E 10 56 66 33 C1 00 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/05 21:58:54 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2002/08/29 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (50aeabc7) - {90BB8867-7439-8011-D2B1-85E3A968EB4C} - C:\WINDOWS\system32\kbdsmsfi32.dll (CrypKey Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe ( )
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8478425718 (WUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/B ... ofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdsmsfi32.dll) - C:\WINDOWS\system32\kbdsmsfi32.dll (CrypKey Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 () - http://sn139w.snt139.mail.live.com/mail/head
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 21:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{7e4dc822-0b97-11de-b804-000ea652c270}\Shell - "" = AutoRun
O33 - MountPoints2\{7e4dc822-0b97-11de-b804-000ea652c270}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e4dc822-0b97-11de-b804-000ea652c270}\Shell\AutoRun\command - "" = I:\ONSPCLCK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/15 22:04:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/14 23:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/06/14 23:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/06/14 23:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/06/14 23:38:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/06/14 23:38:08 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/14 23:38:08 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/14 23:38:08 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/06/14 23:38:08 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/06/14 23:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/06/14 23:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/06/10 22:00:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/06/10 22:00:04 | 000,607,249 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/06/09 20:32:32 | 000,171,008 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdsmsfi32.dll
[2011/05/19 07:40:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[2011/05/18 23:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{F9404854-DA84-4CB7-8DE2-CC7EF579CC21}
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 22:04:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/15 21:32:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/15 21:32:37 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/15 21:00:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/15 20:57:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/06/15 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/06/15 19:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/15 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/06/15 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/06/14 23:38:35 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/14 23:09:00 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2011/06/14 22:29:56 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\unhide.exe
[2011/06/14 21:32:34 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2011/06/10 22:00:05 | 000,607,249 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/06/09 20:32:33 | 000,000,106 | ---- | M] () -- C:\WINDOWS\System32\1517546725
[2011/06/09 20:32:32 | 000,171,008 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdsmsfi32.dll
[2011/06/08 16:45:39 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/19 07:43:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/19 06:06:18 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kqotodamujumuq.dat
[2011/05/19 01:56:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Kvesalazah.bin
[2011/05/18 23:47:55 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17555236r
[2011/05/18 23:47:55 | 000,000,120 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17555236
[2011/05/18 23:47:46 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17555236
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/14 23:38:35 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/14 23:08:57 | 052,676,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2011/06/14 22:52:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/14 22:29:56 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\unhide.exe
[2011/06/09 20:32:28 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\1517546725
[2011/05/18 23:48:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kvesalazah.bin
[2011/05/18 23:48:10 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Kqotodamujumuq.dat
[2011/05/18 23:47:55 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17555236r
[2011/05/18 23:47:54 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17555236
[2011/05/18 23:47:46 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17555236
[2011/02/23 00:38:07 | 000,052,700 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/22 22:30:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/09/22 22:18:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2009/07/22 21:02:23 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/03/31 01:21:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/09 22:56:03 | 000,053,248 | ---- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2009/03/08 01:24:22 | 000,000,137 | ---- | C] () -- C:\WINDOWS\REDEMUNINS.INI
[2008/12/10 01:34:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/24 11:15:51 | 000,000,545 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/01/19 13:10:05 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/04 20:18:52 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2007/09/16 00:00:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\ONSPCLCK.exe
[2004/10/28 21:55:34 | 000,235,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/23 12:22:12 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/04/25 13:25:03 | 000,007,434 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2004/04/25 13:24:45 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/03/21 22:47:56 | 000,074,643 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/07 01:15:04 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{7BDF8765-0F59-4E21-AD21-801459EA32F7}.dat
[2003/11/05 19:06:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/11/05 19:06:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/11/05 19:06:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/11/05 19:06:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/11/05 19:06:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/11/05 19:06:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/11/05 19:06:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/11/05 19:05:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/11/05 19:04:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/10/14 00:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 00:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/10/14 00:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/13 17:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/13 17:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/11 03:15:25 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003/10/11 00:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 00:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 00:26:40 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/10/11 00:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 00:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 00:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 00:18:34 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 00:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/10 23:30:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2003/10/10 23:30:06 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2003/10/10 23:30:06 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2003/10/10 23:12:25 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2003/10/10 23:12:25 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2003/10/10 22:47:15 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2003/10/10 22:47:15 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2003/10/10 22:39:27 | 000,014,676 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2003/10/10 22:39:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2003/10/10 22:31:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/10 22:25:30 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/10/10 22:23:54 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003/10/10 22:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/10/10 22:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/10/10 22:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/10 21:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/10 21:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/10 21:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/10 21:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/10 21:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/10 21:30:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/10/10 21:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/10 21:22:15 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/10/10 21:22:15 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/10/10 14:26:28 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/10 14:25:42 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/23 03:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/06 04:28:38 | 000,000,309 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/07/11 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/09/22 22:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/03/18 22:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2004/04/06 00:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/05/11 12:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/06/03 00:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/22 01:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/02/22 22:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/05 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/12/11 01:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Broad Intelligence
[2008/12/04 01:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2005/06/30 00:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files
[2009/09/22 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2003/10/14 00:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2009/03/08 23:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2005/06/30 01:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/02/25 23:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2009/03/08 01:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Redemption
[2003/10/11 00:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/12/27 16:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\School Zone Preferences
[2007/01/12 23:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2010/03/25 23:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2006/11/10 00:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TrojanHunter
[2008/01/01 22:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2008/12/10 01:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2011/06/15 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/15 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/06/15 20:57:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/06/15 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========

< End of report >

by **FireItUp** » June 15th, 2011, 11:17 pm

Extras.txt log...

OTL Extras logfile created on: 6/15/2011 10:07:16 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 241.37 Mb Available Physical Memory | 53.94% Memory free
1.03 Gb Paging File | 0.71 Gb Available in Paging File | 69.05% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.14 Gb Total Space | 38.81 Gb Free Space | 26.38% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.93 Gb Free Space | 16.95% Space Free | Partition Type: FAT32

Computer Name: YOUR-FSYLY0JTWN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\WINDOWS\system32\dsprop32.exe" = C:\WINDOWS\system32\dsprop32.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dsprop32.exe" = C:\WINDOWS\system32\dsprop32.exe:*:Enabled:Windows Update Service

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{32EF6F81-583E-4127-918D-D3768A8957C4}" = Palm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}" = hp deskjet 3600
"{822B325F-9CDD-4E78-87A2-35E6F0DDEEA2}" = HP Deskjet 1000 J110 series Product Improvement Study
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{939227BD-19D8-4684-8A04-31AC9F6A564C}" = Scan
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{CFD1B282-555D-494d-8231-4175C2AF08C2}" = PrintScreen
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{E4ABB302-9D82-4D18-83D5-AD1DFE786AA8}" = Unload
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ311
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}" = HP Deskjet 1000 J110 series Basic Device Software
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"ArtistScope Plugin IE 424.2.0.4" = ArtistScope Plugin IE 42
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BackWeb-137903 Uninstaller" = Updates from HP
"BFBCBAE3-8293-4215-9C4F-C2402C118EDB" = Otto from Hewlett-Packard Desktops (remove only)
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"C56C66C3-3462-4A3F-8661-9E18362A5E7C" = Excavation from Hewlett-Packard Desktops (remove only)
"Colors, Shapes & More" = Colors, Shapes & More
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DA44615A-C243-46A4-8E47-184CFF33CD38" = Five Card Frenzy from Hewlett-Packard Desktops (remove only)
"E28167F1-3F42-40C7-9119-1D5A97444F10" = Blackhawk Striker from Hewlett-Packard Desktops (remove only)
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"HP Photo Creations" = HP Photo Creations
"HPTOOLKIT" = toolkit
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MediaCoder" = MediaCoder 0.7.2.4535
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" =
"NVIDIA GART Driver" = NVIDIA GART Driver
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Photags Music Express" = iConcepts Music Express
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 12.0" = RealPlayer
"S3" = VIA/S3G Display Driver
"SpamSubtract" = SpamSubtract
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"UPCShell" = LeapFrog Connect
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2010 1:51:12 AM | Computer Name = YOUR-FSYLY0JTWN | Source = Application Error | ID = 1000
Description = Faulting application SymWSC.exe, version 2005.1.2.20, faulting module
WrapUM.dll, version 6.0.4.1001, fault address 0x000089b5.

[ System Events ]
Error - 6/15/2011 12:32:00 AM | Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%1058

Error - 6/15/2011 12:32:00 AM | Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%1058

Error - 6/15/2011 12:36:28 AM | Computer Name = YOUR-FSYLY0JTWN | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 6/15/2011 12:36:28 AM | Computer Name = YOUR-FSYLY0JTWN | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 6/15/2011 12:36:29 AM | Computer Name = YOUR-FSYLY0JTWN | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .

Error - 6/15/2011 10:33:05 PM | Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 6/15/2011 10:33:05 PM | Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM Video Capture (universal) service failed to start due
to the following error: %%1058

Error - 6/15/2011 10:33:05 PM | Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7000
Description = The nVidia WDM A/V Crossbar service failed to start due to the following
error: %%1058

Error - 6/15/2011 10:34:11 PM | Computer Name = YOUR-FSYLY0JTWN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
agp440 fasttx2k nv_agp SISAGP

Error - 6/15/2011 10:34:44 PM | Computer Name = YOUR-FSYLY0JTWN | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

< End of report >

by **askey127** » June 16th, 2011, 5:03 am

FireItUp,
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:

Code: Select all

:processes
killallprocesses

:OTL
[2011/05/18 23:48:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kvesalazah.bin
[2011/05/18 23:48:10 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Kqotodamujumuq.dat
[2011/05/18 23:47:55 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17555236r
[2011/05/18 23:47:54 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17555236
[2011/05/18 23:47:46 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17555236
[2011/05/18 23:48:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{F9404854-DA84-4CB7-8DE2-CC7EF579CC21}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 FA 84 0F 54 22 DC 48 A3 8E 10 56 66 33 C1 00 [binary data]
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dsprop32.exe" =-

:Files
C:\WINDOWS\system32\dsprop32.exe

:Commands
[PURITY]
[EMPTYTEMP]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered and reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

Code: Select all

:filefind
test_item.dll

:regfind
Zghypcxhle
64a459ec-cfeb-4618-87ad-0f68a5431683
XMLHTTP_UUID_Default

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:

OTL.txt
SystemLook.txt

Please feel free to use separate replies.

askey127

by **FireItUp** » June 17th, 2011, 1:10 am

OTL log...

OTL logfile created on: 6/16/2011 11:54:29 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 206.68 Mb Available Physical Memory | 46.19% Memory free
1.03 Gb Paging File | 0.58 Gb Available in Paging File | 55.93% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.14 Gb Total Space | 40.44 Gb Free Space | 27.49% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.93 Gb Free Space | 16.95% Space Free | Partition Type: FAT32

Computer Name: YOUR-FSYLY0JTWN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 22:04:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/12/12 01:18:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/22 21:02:23 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/14 05:44:29 | 000,374,104 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2004/10/22 12:53:06 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2003/10/11 00:26:40 | 000,016,384 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
PRC - [2003/08/14 21:11:32 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/07/14 19:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/07/07 18:50:08 | 000,557,056 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSub.exe
PRC - [2003/05/23 04:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/03/12 06:23:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2002/10/07 09:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
PRC - [2001/07/23 16:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

========== Modules (SafeList) ==========

MOD - [2011/06/15 22:04:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:12:05 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\security.dll
MOD - [2003/10/11 00:26:40 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/07/22 21:02:23 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/11/10 09:27:06 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/09/22 22:04:39 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/09/25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/09/03 11:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/03 01:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/08/13 22:50:36 | 000,039,648 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/07/30 04:15:00 | 000,126,348 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2003/07/30 04:15:00 | 000,013,006 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 01:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/19 03:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/05 21:58:54 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2002/08/29 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (50aeabc7) - {90BB8867-7439-8011-D2B1-85E3A968EB4C} - C:\WINDOWS\system32\kbdsmsfi32.dll (CrypKey Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe ( )
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8478425718 (WUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/B ... ofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdsmsfi32.dll) - C:\WINDOWS\system32\kbdsmsfi32.dll (CrypKey Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://sn139w.snt139.mail.live.com/mail/head
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 21:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{7e4dc822-0b97-11de-b804-000ea652c270}\Shell - "" = AutoRun
O33 - MountPoints2\{7e4dc822-0b97-11de-b804-000ea652c270}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e4dc822-0b97-11de-b804-000ea652c270}\Shell\AutoRun\command - "" = I:\ONSPCLCK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 23:34:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/15 22:04:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/14 23:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/06/14 23:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/06/14 23:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/06/14 23:38:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/06/14 23:38:08 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/14 23:38:08 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/14 23:38:08 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/06/14 23:38:08 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/06/14 23:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/06/14 23:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/06/10 22:00:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/06/10 22:00:04 | 000,607,249 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/06/09 20:32:32 | 000,171,008 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdsmsfi32.dll
[2011/05/19 07:40:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Recent
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/16 23:46:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/16 23:46:40 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 20:57:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/06/16 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/06/16 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/06/16 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/06/16 03:10:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 22:04:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/15 21:00:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/15 19:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/14 23:38:35 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/14 23:09:00 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2011/06/14 22:29:56 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\unhide.exe
[2011/06/14 21:32:34 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2011/06/10 22:00:05 | 000,607,249 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/06/09 20:32:33 | 000,000,106 | ---- | M] () -- C:\WINDOWS\System32\1517546725
[2011/06/09 20:32:32 | 000,171,008 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdsmsfi32.dll
[2011/06/08 16:45:39 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/19 07:43:04 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/14 23:38:35 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/14 23:08:57 | 052,676,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2011/06/14 22:52:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/14 22:29:56 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\unhide.exe
[2011/06/09 20:32:28 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\1517546725
[2011/02/23 00:38:07 | 000,052,700 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/22 22:30:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/09/22 22:18:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2009/07/22 21:02:23 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/03/31 01:21:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/09 22:56:03 | 000,053,248 | ---- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2009/03/08 01:24:22 | 000,000,137 | ---- | C] () -- C:\WINDOWS\REDEMUNINS.INI
[2008/12/10 01:34:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/24 11:15:51 | 000,000,545 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/01/19 13:10:05 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/04 20:18:52 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2007/09/16 00:00:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\ONSPCLCK.exe
[2004/10/28 21:55:34 | 000,235,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/23 12:22:12 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/04/25 13:25:03 | 000,007,434 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2004/04/25 13:24:45 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/03/21 22:47:56 | 000,074,643 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/07 01:15:04 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{7BDF8765-0F59-4E21-AD21-801459EA32F7}.dat
[2003/11/05 19:06:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/11/05 19:06:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/11/05 19:06:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/11/05 19:06:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/11/05 19:06:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/11/05 19:06:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/11/05 19:06:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/11/05 19:05:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/11/05 19:04:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/10/14 00:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 00:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/10/14 00:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/13 17:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/13 17:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/11 03:15:25 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003/10/11 00:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 00:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 00:26:40 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/10/11 00:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 00:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 00:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 00:18:34 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 00:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/10 23:30:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2003/10/10 23:30:06 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2003/10/10 23:30:06 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2003/10/10 23:12:25 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2003/10/10 23:12:25 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2003/10/10 22:47:15 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2003/10/10 22:47:15 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2003/10/10 22:39:27 | 000,014,676 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2003/10/10 22:39:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2003/10/10 22:31:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/10 22:25:30 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/10/10 22:23:54 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003/10/10 22:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/10/10 22:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/10/10 22:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/10 21:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/10 21:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/10 21:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/10 21:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/10 21:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/10 21:30:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/10/10 21:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/10 21:22:15 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/10/10 21:22:15 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/10/10 14:26:28 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/10 14:25:42 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/23 03:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/06 04:28:38 | 000,000,309 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/07/11 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/09/22 22:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/03/18 22:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2004/04/06 00:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/05/11 12:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/06/03 00:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/22 01:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/02/22 22:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/05 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/12/11 01:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Broad Intelligence
[2008/12/04 01:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2005/06/30 00:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files
[2009/09/22 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2003/10/14 00:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2009/03/08 23:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2005/06/30 01:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/02/25 23:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2009/03/08 01:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Redemption
[2003/10/11 00:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/12/27 16:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\School Zone Preferences
[2007/01/12 23:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2010/03/25 23:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2006/11/10 00:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TrojanHunter
[2008/01/01 22:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2008/12/10 01:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol
[2011/06/16 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/16 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/06/16 20:57:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/06/16 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========

< End of report >

by **FireItUp** » June 17th, 2011, 1:19 am

FYI FWIW...Everytime I restart my computer, I get a message saying backupnotify.exe has encountered a problem. Also, Avira has popped up 3 times today saying it had detected malware, and I clicked the remove button.

Here is the SystemLook log...

SystemLook 04.09.10 by jpshortstuff
Log created at 00:11 on 17/06/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "test_item.dll"
No files found.

========== regfind ==========

Searching for "Zghypcxhle"
No data found.

Searching for "64a459ec-cfeb-4618-87ad-0f68a5431683"
No data found.

Searching for "XMLHTTP_UUID_Default"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=""
[HKEY_USERS\S-1-5-21-3731388450-2102982688-2944448524-1003\Software\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=""

-= EOF =-

by **askey127** » June 17th, 2011, 12:49 pm

FireItUp,
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)

Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:

Code: Select all

:processes
killallprocesses

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
[2011/06/09 20:32:32 | 000,171,008 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\kbdsmsfi32.dll
[2006/11/10 00:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TrojanHunter
[2011/06/16 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/06/16 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/06/16 20:57:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/06/16 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered and reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
IMPORTANT >> tell it to DELETE or QUARANTINE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

So we will be looking for the newest OTL.txt file and the latest Avira log.
Also please tell me how it's running now.
askey127

by **FireItUp** » June 17th, 2011, 11:49 pm

I'm having some trouble running as an administrator in OTL. I right click and select "run as..." and it takes me to a login screen. I select the second option and enter "administrator", but I don't know the correct password to move any further.

by **askey127** » June 18th, 2011, 7:08 am

Sorry, my mistake.
Just double click OTL to run it. You don't need that right click stuff in Windows XP.

by **FireItUp** » June 19th, 2011, 11:57 pm

Latest OTL log...

OTL logfile created on: 6/19/2011 10:40:50 PM - Run 3
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 199.66 Mb Available Physical Memory | 44.62% Memory free
1.03 Gb Paging File | 0.61 Gb Available in Paging File | 59.05% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.14 Gb Total Space | 40.61 Gb Free Space | 27.60% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.93 Gb Free Space | 16.95% Space Free | Partition Type: FAT32

Computer Name: YOUR-FSYLY0JTWN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/15 22:04:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/12/12 01:18:43 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/22 21:02:23 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CSHelper.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/14 05:44:29 | 000,374,104 | ---- | M] () -- C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
PRC - [2004/10/22 12:53:06 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2003/10/11 00:26:40 | 000,016,384 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
PRC - [2003/08/19 10:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/08/14 21:11:32 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/07/14 19:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/07/07 18:50:08 | 000,557,056 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSub.exe
PRC - [2003/05/23 04:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/03/12 06:23:52 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
PRC - [2002/10/07 09:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
PRC - [2001/07/23 16:38:40 | 000,315,392 | ---- | M] () -- C:\WINDOWS\twain_32\ScanWiz5\SDII.exe

========== Modules (SafeList) ==========

MOD - [2011/06/15 22:04:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/10/11 00:26:40 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/07/22 21:02:23 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\CSHelper.exe -- (CSHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/11/10 09:27:06 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/09/22 22:04:39 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/09/25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/09/03 11:01:22 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/03 01:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/08/13 22:50:36 | 000,039,648 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/07/30 04:15:00 | 000,126,348 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvcap.sys -- (nvcap) nVidia WDM Video Capture (universal)
DRV - [2003/07/30 04:15:00 | 000,013,006 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nvxbar.sys -- (NVXBAR)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 01:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/06/19 03:59:00 | 000,140,800 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hotsheet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/05 21:58:54 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2002/08/29 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (50aeabc7) - {90BB8867-7439-8011-D2B1-85E3A968EB4C} - File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP View) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe ( )
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [RecordNow!] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microtek Scanner Finder.lnk = C:\WINDOWS\twain_32\ScanWiz5\SDII.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8478425718 (WUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/B ... ofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdsmsfi32.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://sn139w.snt139.mail.live.com/mail/head
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/10/10 21:32:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{7e4dc822-0b97-11de-b804-000ea652c270}\Shell - "" = AutoRun
O33 - MountPoints2\{7e4dc822-0b97-11de-b804-000ea652c270}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e4dc822-0b97-11de-b804-000ea652c270}\Shell\AutoRun\command - "" = I:\ONSPCLCK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 23:34:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/15 22:04:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/14 23:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/06/14 23:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/06/14 23:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/06/14 23:38:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/06/14 23:38:08 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/14 23:38:08 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/14 23:38:08 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/06/14 23:38:08 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/06/14 23:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/06/14 23:38:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/06/10 22:00:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/06/10 22:00:04 | 000,607,249 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/19 22:34:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 22:34:49 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/17 00:11:15 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2011/06/16 03:10:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 22:04:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/06/15 21:00:37 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/15 19:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/14 23:38:35 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/14 23:09:00 | 052,676,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2011/06/14 22:29:56 | 000,606,105 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\unhide.exe
[2011/06/14 21:32:34 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Word.lnk
[2011/06/10 22:00:05 | 000,607,249 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/06/09 20:32:33 | 000,000,106 | ---- | M] () -- C:\WINDOWS\System32\1517546725
[2011/06/08 16:45:39 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 00:11:15 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SystemLook.exe
[2011/06/14 23:38:35 | 000,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/14 23:08:57 | 052,676,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2011/06/14 22:52:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/14 22:29:56 | 000,606,105 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\unhide.exe
[2011/06/09 20:32:28 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\1517546725
[2011/02/23 00:38:07 | 000,052,700 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/22 22:30:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009/09/22 22:18:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2009/07/22 21:02:23 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2009/03/31 01:21:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/03/09 22:56:03 | 000,053,248 | ---- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2009/03/08 01:24:22 | 000,000,137 | ---- | C] () -- C:\WINDOWS\REDEMUNINS.INI
[2008/12/10 01:34:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/24 11:15:51 | 000,000,545 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2008/01/19 13:10:05 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/04 20:18:52 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2007/09/16 00:00:03 | 000,000,262 | ---- | C] () -- C:\WINDOWS\ONSPCLCK.exe
[2004/10/28 21:55:34 | 000,235,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/23 12:22:12 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/04/25 13:25:03 | 000,007,434 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2004/04/25 13:24:45 | 000,000,470 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2004/03/21 22:47:56 | 000,074,643 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/07 01:15:04 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{7BDF8765-0F59-4E21-AD21-801459EA32F7}.dat
[2003/11/05 19:06:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/11/05 19:06:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/11/05 19:06:56 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/11/05 19:06:51 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/11/05 19:06:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/11/05 19:06:24 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/11/05 19:06:24 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/11/05 19:05:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/11/05 19:04:36 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/10/14 00:41:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/14 00:40:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/10/14 00:24:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/10/13 17:52:52 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/10/13 17:52:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/10/11 03:15:25 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2003/10/11 00:31:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/10/11 00:29:24 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/10/11 00:26:40 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/10/11 00:24:47 | 000,030,203 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/10/11 00:24:29 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/10/11 00:23:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/10/11 00:18:34 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/11 00:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/10/10 23:30:11 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2003/10/10 23:30:06 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2003/10/10 23:30:06 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2003/10/10 23:12:25 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2003/10/10 23:12:25 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2003/10/10 22:47:15 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2003/10/10 22:47:15 | 000,028,884 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2003/10/10 22:39:27 | 000,014,676 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2003/10/10 22:39:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2003/10/10 22:31:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/10 22:25:30 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2003/10/10 22:23:54 | 000,126,348 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvcap.sys
[2003/10/10 22:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/10/10 22:22:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/10/10 22:05:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/10/10 21:56:51 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/10/10 21:56:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/10/10 21:56:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/10/10 21:35:14 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/10 21:33:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/10/10 21:30:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/10/10 21:22:28 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/10/10 21:22:15 | 000,381,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/10/10 21:22:15 | 000,053,436 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/10/10 14:26:28 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/10/10 14:25:42 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/23 03:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/06 04:28:38 | 000,000,309 | ---- | C] () -- C:\WINDOWS\hpfins01.dat
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/07/11 01:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/09/22 22:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/03/18 22:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2004/04/06 00:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/05/11 12:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/06/03 00:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/12/22 01:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/02/22 22:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/05 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2009/12/11 01:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Broad Intelligence
[2008/12/04 01:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2005/06/30 00:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files
[2009/09/22 22:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2003/10/14 00:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2009/03/08 23:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2005/06/30 01:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/02/25 23:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2009/03/08 01:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Redemption
[2003/10/11 00:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2007/12/27 16:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\School Zone Preferences
[2007/01/12 23:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2010/03/25 23:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2008/01/01 22:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2008/12/10 01:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol

========== Purity Check ==========

< End of report >

Free Malware Removal Forum

I feel violated and I'm offended. Please help!

I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Re: I feel violated and I'm offended. Please help!

Who is online