also @ TechSpot: Google, NASA join forces to build quantum computing laboratory

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Followed the 8 Steps for malware removal, posting results

Discussion in 'Virus and Malware Removal' started by mikmik12, Oct 12, 2010.

Page 3 of 4

mikmik12 Newcomer, in training Posts: 49

glad to hear you are feeling better.
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7B73000 \WINDOWS\system32\KDCOM.DLL
0xF7A83000 \WINDOWS\system32\BOOTVID.dll
0xF7544000 ACPI.sys
0xF7B75000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7533000 pci.sys
0xF7673000 isapnp.sys
0xF7C3B000 pciide.sys
0xF78F3000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7683000 MountMgr.sys
0xF7514000 ftdisk.sys
0xF78FB000 PartMgr.sys
0xF7903000 pavboot.sys
0xF7693000 VolSnap.sys
0xF74FC000 atapi.sys
0xF7435000 iaStor.sys
0xF76A3000 disk.sys
0xF76B3000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7415000 fltmgr.sys
0xF7403000 sr.sys
0xF73ED000 DRVMCDB.SYS
0xF76C3000 PxHelp20.sys
0xF73D6000 KSecDD.sys
0xF7349000 Ntfs.sys
0xF731C000 NDIS.sys
0xF7302000 Mup.sys
0xF7793000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6D3B000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6D27000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6CE6000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xF79FB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6CC2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A03000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6C9A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7A0B000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF77A3000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7BA3000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF77B3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77C3000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6C77000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A13000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7D97000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77D3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B3B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C60000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77E3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77F3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7A1B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C4F000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7803000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7A23000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7A2B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7813000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A33000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A3B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7BA5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BF1000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B47000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7833000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7853000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BA9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xAA070000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA04C000 \SystemRoot\system32\drivers\portcls.sys
0xF7893000 \SystemRoot\system32\drivers\drmk.sys
0xF7B23000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7BB5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CAC000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BB7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A53000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xF7A5B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A63000 \SystemRoot\System32\drivers\vga.sys
0xF7BB9000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BBB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A6B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A73000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B2F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA9FC9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA9F70000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9F22000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9EFA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF78B3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA9ED8000 \SystemRoot\System32\drivers\afd.sys
0xF78C3000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7A7B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA9EAD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9E3D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF78E3000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6BC4000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF76F3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA9E1B000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7BC1000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF7913000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF794B000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xF7713000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xA9D00000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF6BC0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6BB8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA9A91000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA88C6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C0D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7B2B000 \SystemRoot\System32\drivers\Dxapi.sys
0xA9BC1000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D98000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA8811000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA88FE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7D7D000 \SystemRoot\System32\DLA\DLADResM.SYS
0xA87F9000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA9BB9000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7C19000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xA8C8E000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xA8C86000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA87E3000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA87CC000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA8846000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA860F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7C39000 \SystemRoot\system32\DRIVERS\datunidr.sys
0xA8427000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8052000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8587000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7DFE000 \SystemRoot\System32\Drivers\HTTP.sys
0xBFF50000 \SystemRoot\System32\TSDDD.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xF7BE7000 \??\C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 69):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
680 csrss.exe
704 C:\WINDOWS\system32\winlogon.exe
752 C:\WINDOWS\system32\services.exe
764 C:\WINDOWS\system32\lsass.exe
992 C:\WINDOWS\system32\svchost.exe
1064 svchost.exe
1164 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1372 svchost.exe
1544 C:\WINDOWS\system32\spoolsv.exe
1596 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1688 svchost.exe
1736 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1756 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1776 C:\Program Files\Bonjour\mDNSResponder.exe
1816 C:\WINDOWS\system32\Brmfrmps.exe
1860 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
136 C:\Program Files\Java\jre6\bin\jqs.exe
204 C:\WINDOWS\system32\svchost.exe
212 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2024 unsecapp.exe
2032 alg.exe
440 wmiprvse.exe
3248 C:\WINDOWS\explorer.exe
3448 C:\WINDOWS\system32\hkcmd.exe
3480 C:\WINDOWS\system32\igfxsrvc.exe
3520 C:\WINDOWS\system32\igfxpers.exe
3648 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3680 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
3764 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3888 C:\WINDOWS\system32\svchost.exe
3900 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
4056 C:\Program Files\Brother\ControlCenter2\brctrcen.exe
452 C:\WINDOWS\RTHDCPL.EXE
472 C:\Program Files\Common Files\Java\Java Update\jusched.exe
928 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1124 C:\Program Files\iTunes\iTunesHelper.exe
108 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1060 C:\WINDOWS\system32\rundll32.exe
1700 C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
468 C:\WINDOWS\system32\ctfmon.exe
836 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
2232 C:\Program Files\iPod\bin\iPodService.exe
1500 csrss.exe
4024 C:\WINDOWS\system32\winlogon.exe
1288 explorer.exe
2896 igfxtray.exe
2932 hkcmd.exe
2964 igfxpers.exe
2904 issch.exe
3244 DrgToDsc.exe
2768 PDVDDXSrv.exe
2700 GoogleDesktop.exe
4036 pptd40nt.exe
2424 brctrcen.exe
3396 RTHDCPL.EXE
2604 jusched.exe
1520 igfxsrvc.exe
3064 iTunesHelper.exe
2160 avgnt.exe
1156 rundll32.exe
3196 ctfmon.exe
2304 GoogleDesktop.exe
3660 C:\Program Files\Internet Explorer\iexplore.exe
2020 C:\Program Files\Internet Explorer\iexplore.exe
168 C:\Documents and Settings\Mike\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HitachiHDS721616PLA380, Rev: P22OAB3A
PhysicalDrive1 Model Number: Maxtor2, Rev: 0344

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 1Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
RE: Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

still getting redirected on web searches...?

mikmik12, Oct 20, 2010

#41
crunchie Malware Helper Posts: 761
I have uploaded the first bootkit_remover tool that asked you to run.
Please see if you can run it following my previous instructions.
Attached Files:
- Bootkit_Remover.zip
  
  File size:
  
  42.6 KB
  
  Views:
  
  1
crunchie, Oct 21, 2010

#42
mikmik12 Newcomer, in training Posts: 49

nothing...just pulls up black screen with no other info

mikmik12, Oct 21, 2010

#43
crunchie Malware Helper Posts: 761

Do you have your Windows CD and is this system a dual boot with two physical drives?

crunchie, Oct 21, 2010

#44
mikmik12 Newcomer, in training Posts: 49

I can probably dig up the windows CD's hopefully...I don't think this is two physical drives. Just the hard drive and an external. There are two users that are separate...

mikmik12, Oct 22, 2010

#45

crunchie Malware Helper Posts: 761

The log is reading two physical drives here:

149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6

Drive0 looks ok but drive1 seems to be having the problem.

So this does not have two operating systems installed?

crunchie, Oct 22, 2010

#46

mikmik12 Newcomer, in training Posts: 49

no just the one. i have an external harddrive attatched but don't have two drives running? just the two log ons...

mikmik12, Oct 22, 2010

#47
mikmik12 Newcomer, in training Posts: 49

Anyway to figure out what that second drive is?

mikmik12, Oct 22, 2010

#48
crunchie Malware Helper Posts: 761
Just got a 2nd opinion and that MBR is fine.

Can you try this please:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.

Extract its contents to your desktop.

Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
crunchie, Oct 23, 2010

#49
mikmik12 Newcomer, in training Posts: 49

Here you go...

2010/10/23 12:18:14.0812 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/23 12:18:14.0812 ================================================================================
2010/10/23 12:18:14.0812 SystemInfo:
2010/10/23 12:18:14.0812
2010/10/23 12:18:14.0812 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/23 12:18:14.0812 Product type: Workstation
2010/10/23 12:18:14.0812 ComputerName: VOSTRO
2010/10/23 12:18:14.0812 UserName: Mike
2010/10/23 12:18:14.0812 Windows directory: C:\WINDOWS
2010/10/23 12:18:14.0812 System windows directory: C:\WINDOWS
2010/10/23 12:18:14.0812 Processor architecture: Intel x86
2010/10/23 12:18:14.0812 Number of processors: 2
2010/10/23 12:18:14.0812 Page size: 0x1000
2010/10/23 12:18:14.0812 Boot type: Normal boot
2010/10/23 12:18:14.0812 ================================================================================
2010/10/23 12:18:15.0765 Initialize success
2010/10/23 12:18:17.0968 ================================================================================
2010/10/23 12:18:17.0968 Scan started
2010/10/23 12:18:17.0968 Mode: Manual;
2010/10/23 12:18:17.0968 ================================================================================
2010/10/23 12:18:18.0703 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/23 12:18:18.0750 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/23 12:18:18.0765 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/23 12:18:18.0796 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/23 12:18:18.0843 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/23 12:18:18.0890 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/23 12:18:18.0937 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/23 12:18:18.0953 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/23 12:18:18.0984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/23 12:18:19.0046 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/23 12:18:19.0062 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/23 12:18:19.0078 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/23 12:18:19.0093 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/10/23 12:18:19.0140 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/10/23 12:18:19.0203 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/10/23 12:18:19.0250 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/10/23 12:18:19.0281 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/10/23 12:18:19.0296 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/10/23 12:18:19.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/23 12:18:19.0343 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/23 12:18:19.0390 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/23 12:18:19.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/23 12:18:19.0609 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/23 12:18:19.0640 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/10/23 12:18:19.0703 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/10/23 12:18:19.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/23 12:18:19.0765 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
2010/10/23 12:18:19.0781 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
2010/10/23 12:18:19.0796 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
2010/10/23 12:18:19.0796 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
2010/10/23 12:18:20.0015 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/10/23 12:18:20.0031 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/23 12:18:20.0062 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/10/23 12:18:20.0093 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/23 12:18:20.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/23 12:18:20.0140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/23 12:18:20.0250 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/10/23 12:18:20.0281 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/10/23 12:18:20.0296 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/10/23 12:18:20.0312 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/10/23 12:18:20.0343 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\datunidr.sys
2010/10/23 12:18:20.0390 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/23 12:18:20.0453 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/10/23 12:18:20.0453 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/10/23 12:18:20.0468 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/10/23 12:18:20.0484 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/10/23 12:18:20.0484 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/10/23 12:18:20.0500 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/10/23 12:18:20.0500 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/10/23 12:18:20.0515 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/10/23 12:18:20.0531 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/10/23 12:18:20.0531 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/10/23 12:18:20.0593 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/23 12:18:20.0984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/23 12:18:21.0015 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/23 12:18:21.0046 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/23 12:18:21.0093 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/10/23 12:18:21.0156 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/23 12:18:21.0218 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/10/23 12:18:21.0218 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/10/23 12:18:21.0265 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/23 12:18:21.0281 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/10/23 12:18:21.0312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/23 12:18:21.0375 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/23 12:18:21.0421 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/23 12:18:21.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/23 12:18:21.0468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/23 12:18:21.0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/23 12:18:21.0500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/23 12:18:21.0546 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/23 12:18:21.0609 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/23 12:18:21.0640 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/23 12:18:21.0656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/23 12:18:21.0718 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/10/23 12:18:21.0781 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/23 12:18:21.0828 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/10/23 12:18:21.0859 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/10/23 12:18:21.0875 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/23 12:18:22.0015 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/23 12:18:22.0234 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2010/10/23 12:18:22.0281 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/23 12:18:22.0312 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/10/23 12:18:22.0437 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/10/23 12:18:22.0562 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/23 12:18:22.0609 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/23 12:18:22.0625 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/23 12:18:22.0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/23 12:18:22.0671 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/23 12:18:22.0703 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/23 12:18:22.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/23 12:18:22.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/23 12:18:22.0812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/23 12:18:22.0875 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/23 12:18:22.0921 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/23 12:18:22.0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/23 12:18:23.0031 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/23 12:18:23.0125 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2010/10/23 12:18:23.0125 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/23 12:18:23.0140 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/23 12:18:23.0171 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/23 12:18:23.0234 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/23 12:18:23.0281 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/23 12:18:23.0312 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/10/23 12:18:23.0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/23 12:18:23.0359 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/23 12:18:23.0406 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/23 12:18:23.0437 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/23 12:18:23.0468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/23 12:18:23.0500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/23 12:18:23.0531 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/23 12:18:23.0546 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/23 12:18:23.0640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/23 12:18:23.0687 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/23 12:18:23.0703 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/23 12:18:23.0703 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/23 12:18:23.0734 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/23 12:18:23.0750 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/23 12:18:23.0796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/23 12:18:23.0828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/23 12:18:23.0843 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/23 12:18:23.0921 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/10/23 12:18:23.0968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/23 12:18:24.0031 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/23 12:18:24.0125 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/23 12:18:24.0140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/23 12:18:24.0187 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/23 12:18:24.0218 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/23 12:18:24.0234 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/23 12:18:24.0250 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2010/10/23 12:18:24.0312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/23 12:18:24.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/23 12:18:24.0359 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/23 12:18:24.0406 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/10/23 12:18:24.0421 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/10/23 12:18:24.0468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/23 12:18:24.0500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/23 12:18:24.0500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/23 12:18:24.0625 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
2010/10/23 12:18:24.0671 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/10/23 12:18:24.0703 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/10/23 12:18:24.0718 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/10/23 12:18:24.0734 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/10/23 12:18:24.0765 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/10/23 12:18:24.0796 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/10/23 12:18:24.0843 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/23 12:18:24.0890 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/23 12:18:24.0937 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/23 12:18:24.0953 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/23 12:18:24.0984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/23 12:18:25.0000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/23 12:18:25.0015 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/23 12:18:25.0078 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/23 12:18:25.0109 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/23 12:18:25.0171 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/23 12:18:25.0203 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/23 12:18:25.0250 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/23 12:18:25.0265 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/23 12:18:25.0328 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/10/23 12:18:25.0375 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/10/23 12:18:25.0421 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/23 12:18:25.0468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/23 12:18:25.0531 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/23 12:18:25.0593 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/10/23 12:18:25.0656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/23 12:18:25.0671 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/23 12:18:25.0703 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/23 12:18:25.0718 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/23 12:18:25.0765 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/23 12:18:25.0765 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/23 12:18:25.0796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/23 12:18:25.0859 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/23 12:18:25.0906 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/23 12:18:25.0968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/23 12:18:26.0015 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/23 12:18:26.0062 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/23 12:18:26.0109 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/23 12:18:26.0140 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/23 12:18:26.0187 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/23 12:18:26.0281 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/23 12:18:26.0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/23 12:18:26.0375 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/23 12:18:26.0406 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/23 12:18:26.0406 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/23 12:18:26.0421 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/23 12:18:26.0437 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/23 12:18:26.0500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/23 12:18:26.0515 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/23 12:18:26.0562 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/23 12:18:26.0593 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/23 12:18:26.0625 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/23 12:18:26.0687 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/10/23 12:18:26.0781 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/23 12:18:26.0953 ================================================================================
2010/10/23 12:18:26.0953 Scan finished
2010/10/23 12:18:26.0953 ================================================================================

mikmik12, Oct 23, 2010

#50
crunchie Malware Helper Posts: 761

Nothing found there.

Can you delete Combofix from your PC and then re-download it from my initial link and run it again as before please.

crunchie, Oct 23, 2010

#51
mikmik12 Newcomer, in training Posts: 49

ComboFix 10-10-23.02 - Mike 10/24/2010 16:37:29.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.521 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\jkhifc.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-25 to 2010-10-25 )))))))))))))))))))))))))))))))
.

2010-10-19 14:26 . 2010-10-19 14:26 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Yahoo
2010-10-19 14:23 . 2010-10-19 14:26 -------- d-----w- c:\documents and settings\Mike\Application Data\FreeFileViewer
2010-10-19 14:19 . 2010-10-21 02:54 -------- d-----w- c:\program files\FreeFileViewer
2010-10-19 14:19 . 2010-10-19 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-10-19 14:19 . 2010-10-19 14:19 -------- d-----w- c:\program files\Freeze.com
2010-10-19 14:19 . 2010-10-19 14:19 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-10-19 14:19 . 2010-10-19 14:35 -------- d-----w- c:\program files\Yahoo!
2010-10-19 14:19 . 2010-10-19 14:19 -------- d-----w- c:\documents and settings\Mike\Application Data\Yahoo!
2010-10-17 22:10 . 2010-10-17 22:10 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\G DATA
2010-10-17 21:53 . 2010-10-17 21:53 -------- d-----w- c:\program files\7-Zip
2010-10-17 17:50 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-10-17 17:50 . 2010-10-17 17:50 -------- d-----w- c:\program files\Panda Security
2010-10-15 14:23 . 2010-10-15 14:23 -------- d-----w- C:\_OTL
2010-10-15 04:10 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 04:10 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 01:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 03:34 . 2010-10-15 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-12 04:52 . 2010-10-25 00:48 88576 ---ha-w- c:\windows\system32\jkhifc.dll
2010-10-12 03:02 . 2010-10-12 03:02 -------- d-----w- c:\documents and settings\Mike\Application Data\Avira
2010-10-12 02:46 . 2010-10-12 02:46 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-10-12 02:45 . 2010-10-12 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-12 01:58 . 2010-10-13 03:45 -------- d-----w- c:\windows\system32\NtmsData
2010-10-12 01:53 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-12 01:53 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-12 01:53 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-12 01:53 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-12 01:53 . 2010-10-12 01:53 -------- d-----w- c:\program files\Avira
2010-10-12 01:53 . 2010-10-12 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-10-09 21:42 . 2010-10-09 23:03 -------- d-----w- c:\windows\BDOSCAN8
2010-10-09 21:33 . 2010-10-09 21:34 -------- d-----w- c:\program files\Windows Live Safety Center
2010-10-05 05:12 . 2010-10-05 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-10-05 04:53 . 2010-10-05 04:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-05 04:51 . 2010-10-05 04:51 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\PackageAware
2010-10-05 04:20 . 2010-10-05 04:20 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 18:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 18:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 18:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 18:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 18:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 18:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-10 18:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 18:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-13 12:53 . 2009-04-14 21:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-10 12:15 . 2010-08-10 12:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 12:15 . 2010-08-10 12:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll" [2010-01-19 361592]

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2010-01-19 22:08 361592 ----a-w- c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"hgfccadrv"="jkhifc.dll" [2010-10-25 88576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04e\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"wvtuuvdrv"="jkhifc.dll" [2010-10-25 88576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"jkjhgedrv"="jkhifc.dll" [2010-10-25 88576]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-11 333088]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/17/2010 10:50 AM 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2010 6:53 PM 135336]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [3/4/2008 9:48 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [3/13/2003 5:04 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [3/4/2008 9:48 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [3/4/2008 9:48 PM 10368]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/26/2008 12:15 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-10-25 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2010-10-19 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 17:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\jkhifc.dll

- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\jkhifc.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Microsoft Office\OFFICE11\EXCEL.EXE
.
**************************************************************************
.
Completion time: 2010-10-24 17:52:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-25 00:52
ComboFix2.txt 2010-10-14 01:57

Pre-Run: 48,723,578,880 bytes free
Post-Run: 48,919,678,976 bytes free

- - End Of File - - 42F73E97A04E64F15603EF76924E0331

mikmik12, Oct 24, 2010

#52
mikmik12 Newcomer, in training Posts: 49

What do you think?

mikmik12, Oct 24, 2010

#53
crunchie Malware Helper Posts: 761
I think something else is on there that we cannot yet see. It keeps bringing that same file back.

See if Kaspersky online scanner picks anything up.

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
crunchie, Oct 24, 2010

#54
mikmik12 Newcomer, in training Posts: 49

Sorry this took so long...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, October 25, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 24, 2010 20:58:56
Records in database: 4175121
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
G:\

Scan statistics:
Objects scanned: 87976
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:49:17

File name / Threat / Threats count
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-3f86e470 Infected: Trojan-Downloader.Java.Agent.hx 1
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\6.0\24\5a21e2d8-2e74ec65 Infected: Trojan-Downloader.Java.Agent.hx 1

Selected area has been scanned.

mikmik12, Oct 25, 2010

#55
crunchie Malware Helper Posts: 761
Click Start > Control Panel.

Double-click the Java icon in the control panel.
The Java Control Panel appears.

Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.

Click Delete Files.
The Delete Temporary Files dialog box appears.

There are three options on this window to clear the cache.

Delete Files

View Applications

View Applets

Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window.

====

Can you please run OTL again after that.
crunchie, Oct 26, 2010

#56
mikmik12 Newcomer, in training Posts: 49

done...

OTL logfile created on: 10/26/2010 6:56:41 PM - Run 4
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 463.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 45.48 Gb Free Space | 30.53% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 109.21 Gb Free Space | 73.27% Space Free | Partition Type: NTFS

Computer Name: VOSTRO | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 20:07:09 | 000,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Mike\Local Settings\temp\jkos-Mike\binaries\ScanningProcess.exe
PRC - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/06/16 23:25:14 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/19 13:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/11 08:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/07/27 15:50:42 | 000,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/27 15:50:04 | 000,503,808 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2004/07/20 09:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

========== Modules (SafeList) ==========

MOD - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/08/10 12:05:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/11 08:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/23 17:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/26 13:06:20 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/06/13 19:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/13 18:21:16 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/13 17:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/10/24 17:47:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [wvtuuvdrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [hgfccadrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/23 12:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\tdsskiller
[2010/10/21 12:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover
[2010/10/19 07:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Yahoo
[2010/10/19 07:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2010/10/19 07:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2010/10/19 07:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/10/19 07:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2010/10/19 07:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Yahoo!
[2010/10/17 15:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\G DATA
[2010/10/17 14:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/17 10:50:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/10/17 10:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/15 07:23:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 21:10:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/14 21:10:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/14 21:10:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 21:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 18:39:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/13 18:33:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 18:33:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 18:33:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 18:33:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 18:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 18:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/12 20:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/11 20:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Avira
[2010/10/11 19:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/10/11 19:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/11 19:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/11 18:58:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/11 18:55:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/11 18:53:23 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/11 18:53:23 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/11 18:53:23 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/11 18:53:23 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/09 14:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/10/09 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/04 22:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/10/04 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/04 21:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\PackageAware
[2010/10/04 09:08:00 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/08/29 10:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Civic
[2010/08/29 10:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\House pics
[2010/08/29 09:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Food
[2010/08/21 12:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Grace Photos
[2010/08/16 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/14 15:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Intelli-studio
[2010/08/14 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Intelli-studio
[2010/08/14 15:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/08/14 15:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/04 19:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\My Videos
[2010/08/04 19:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/08/01 16:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Famly Exp reports
[2010/08/01 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Laurel Ln
[2010/08/01 15:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Resume
[2010/08/01 15:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Year in Review

========== Files - Modified Within 90 Days ==========

[2010/10/26 18:56:00 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Monthly Expenses 2010.xls
[2010/10/24 17:50:32 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/24 17:48:31 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/24 17:47:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/24 16:45:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/24 16:45:46 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/24 16:33:40 | 003,883,109 | R--- | M] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:17:29 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/10/23 12:16:54 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 21:10:44 | 000,043,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:19:45 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/19 07:12:21 | 000,002,160 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2010/10/18 20:13:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/16 10:02:55 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 07:19:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 21:10:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 21:10:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 18:39:05 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2010/10/13 07:18:16 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:41 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:51 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:55 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:55:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/11 13:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/06 12:59:37 | 000,505,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 12:59:37 | 000,096,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 21:23:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/02 16:03:17 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/10/02 10:15:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 21:27:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:07 | 000,017,055 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/05 01:39:18 | 002,175,830 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/03 08:18:03 | 001,948,682 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/26 09:50:30 | 001,973,253 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/08/22 05:45:36 | 001,954,759 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/08/22 05:28:26 | 002,162,198 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/08/21 12:31:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 07:50:00 | 000,319,644 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/16 04:12:42 | 000,326,999 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/08/14 15:56:49 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/13 15:36:38 | 000,314,498 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/08/10 12:14:42 | 025,251,654 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2010/08/04 08:27:05 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Loan calculator.xls

========== Files Created - No Company Name ==========

[2010/10/24 16:33:34 | 003,883,109 | R--- | C] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:16:51 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 12:36:22 | 000,037,393 | ---- | C] () -- C:\Documents and Settings\Mike\bootkit_remover_debug_log.txt
[2010/10/21 12:35:43 | 000,043,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:20:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/19 07:19:45 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/18 20:13:18 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/14 21:10:44 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 18:39:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/13 18:39:02 | 000,260,272 | -HS- | C] () -- C:\cmldr
[2010/10/13 18:33:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 18:33:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 18:33:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 18:33:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 18:33:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 07:18:16 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:40 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:49 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/02 16:03:17 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:40 | 000,017,055 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/06 15:57:55 | 002,175,830 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/04 20:25:50 | 000,326,999 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/09/04 20:08:10 | 000,314,498 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/09/04 20:05:55 | 002,162,198 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/09/04 20:05:48 | 001,954,759 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/09/04 20:05:27 | 001,973,253 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/09/03 08:18:02 | 001,948,682 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/21 12:54:22 | 000,319,644 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/21 12:31:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 19:41:10 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/14 15:56:49 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/10 12:14:38 | 025,251,654 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
[2009/06/21 09:21:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/03/05 22:46:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/05 22:46:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/05 22:46:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/05 22:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/03/05 22:45:08 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/04 21:56:32 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/04 21:54:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 21:48:39 | 000,002,160 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2008/02/26 12:19:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/26 12:14:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/26 12:14:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/26 11:57:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/02/26 11:56:07 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2010/06/18 21:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/04 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/03/05 22:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/02/26 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/19 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/03/08 19:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/05 13:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/19 07:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2008/03/04 21:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2010/10/24 17:50:32 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/08 09:18:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/08 09:18:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/08 09:18:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/08 09:18:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 01:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\drivers\storage\R158515\iastor.sys
[2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\i386\iastor.sys
[2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\System32\config\*.sav >
[2004/08/10 11:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 11:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 11:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >

mikmik12, Oct 26, 2010

#57

crunchie Malware Helper Posts: 761

Can you confirm that the following file is GMER: C:\Documents and Settings\Mike\Desktop\cggomyuh.exe

====

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:Files

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [wvtuuvdrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - HKCU..\Run: [hgfccadrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
[2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/24 17:48:31 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
:Commands
[emptytemp]
[resethosts]
[clearallrestorepoints]
[Reboot]
Then click the Run Fix button at the top.

Let the program run unhindered, reboot the PC when it is done.

Post log from this run.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

crunchie, Oct 27, 2010

#58

mikmik12 Newcomer, in training Posts: 49

It is GMER..

This pulled up after I ran the fix..running scan right now.

All processes killed
========== FILES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wvtuuvdrv deleted successfully.
C:\WINDOWS\system32\jkhifc.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hgfccadrv deleted successfully.
File C:\WINDOWS\System32\jkhifc.dll not found.
File C:\WINDOWS\System32\jkhifc.dll not found.
File C:\WINDOWS\System32\jkhifc.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bec
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3531 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 956 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mike
->Temp folder emptied: 108513321 bytes
->Temporary Internet Files folder emptied: 6577893 bytes
->Java cache emptied: 107900 bytes
->Flash cache emptied: 8881 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.15.2 log created on 10272010_203248

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF6826.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF8FB1.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFB906.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFB919.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFBA79.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFBA90.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFBB9E.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFBC1A.tmp not found!
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\70WKRRXZ\sh26[1].html moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\6LUPAAPB\topic154745-3[2].html moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

mikmik12, Oct 27, 2010

#59
mikmik12 Newcomer, in training Posts: 49

OTL logfile created on: 10/27/2010 8:42:12 PM - Run 5
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 551.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 46.01 Gb Free Space | 30.89% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 109.21 Gb Free Space | 73.27% Space Free | Partition Type: NTFS

Computer Name: VOSTRO | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/09/22 11:25:44 | 001,570,456 | ---- | M] (Bitberry Software) -- C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/06/16 23:24:52 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/19 13:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/11 08:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/20 09:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

========== Modules (SafeList) ==========

MOD - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/08/10 12:05:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/11 08:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/23 17:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/26 13:06:20 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/06/13 19:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/13 18:21:16 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/13 17:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/10/27 20:33:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [rqpnondrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [efdbcddrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/27 20:33:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/23 12:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\tdsskiller
[2010/10/21 12:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover
[2010/10/19 07:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Yahoo
[2010/10/19 07:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2010/10/19 07:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2010/10/19 07:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/10/19 07:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2010/10/19 07:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Yahoo!
[2010/10/17 15:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\G DATA
[2010/10/17 14:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/17 10:50:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/10/17 10:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/15 07:23:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 21:10:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/14 21:10:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/14 21:10:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 21:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 18:39:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/13 18:33:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 18:33:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 18:33:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 18:33:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 18:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 18:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/12 20:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/11 20:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Avira
[2010/10/11 19:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/10/11 19:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/11 19:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/11 18:58:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/11 18:55:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/11 18:53:23 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/11 18:53:23 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/11 18:53:23 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/11 18:53:23 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/09 14:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/10/09 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/04 22:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/10/04 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/04 21:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\PackageAware
[2010/10/04 09:08:00 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/08/29 10:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Civic
[2010/08/29 10:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\House pics
[2010/08/29 09:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Food
[2010/08/21 12:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Grace Photos
[2010/08/16 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/14 15:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Intelli-studio
[2010/08/14 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Intelli-studio
[2010/08/14 15:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/08/14 15:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/04 19:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\My Videos
[2010/08/04 19:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/08/01 16:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Famly Exp reports
[2010/08/01 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Laurel Ln
[2010/08/01 15:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Resume
[2010/08/01 15:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Year in Review

========== Files - Modified Within 90 Days ==========

[2010/10/27 20:43:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/27 20:40:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/27 20:40:00 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/27 20:33:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/27 20:32:54 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/26 18:56:00 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Monthly Expenses 2010.xls
[2010/10/24 16:33:40 | 003,883,109 | R--- | M] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:17:29 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/10/23 12:16:54 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 21:10:44 | 000,043,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:19:45 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/19 07:12:21 | 000,002,160 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2010/10/18 20:13:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/16 10:02:55 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 07:19:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 21:10:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 21:10:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 18:39:05 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2010/10/13 07:18:16 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:41 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:51 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:55 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:55:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/11 13:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/06 12:59:37 | 000,505,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 12:59:37 | 000,096,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 21:23:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/02 16:03:17 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/10/02 10:15:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 21:27:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:07 | 000,017,055 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/05 01:39:18 | 002,175,830 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/03 08:18:03 | 001,948,682 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/26 09:50:30 | 001,973,253 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/08/22 05:45:36 | 001,954,759 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/08/22 05:28:26 | 002,162,198 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/08/21 12:31:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 07:50:00 | 000,319,644 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/16 04:12:42 | 000,326,999 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/08/14 15:56:49 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/13 15:36:38 | 000,314,498 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/08/10 12:14:42 | 025,251,654 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2010/08/04 08:27:05 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Loan calculator.xls

========== Files Created - No Company Name ==========

[2010/10/24 16:33:34 | 003,883,109 | R--- | C] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:16:51 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 12:36:22 | 000,037,393 | ---- | C] () -- C:\Documents and Settings\Mike\bootkit_remover_debug_log.txt
[2010/10/21 12:35:43 | 000,043,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:20:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/19 07:19:45 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/18 20:13:18 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/14 21:10:44 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 18:39:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/13 18:39:02 | 000,260,272 | -HS- | C] () -- C:\cmldr
[2010/10/13 18:33:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 18:33:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 18:33:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 18:33:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 18:33:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 07:18:16 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:40 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:49 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/02 16:03:17 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:40 | 000,017,055 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/06 15:57:55 | 002,175,830 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/04 20:25:50 | 000,326,999 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/09/04 20:08:10 | 000,314,498 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/09/04 20:05:55 | 002,162,198 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/09/04 20:05:48 | 001,954,759 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/09/04 20:05:27 | 001,973,253 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/09/03 08:18:02 | 001,948,682 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/21 12:54:22 | 000,319,644 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/21 12:31:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 19:41:10 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/14 15:56:49 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/10 12:14:38 | 025,251,654 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
[2009/06/21 09:21:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/03/05 22:46:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/05 22:46:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/05 22:46:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/05 22:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/03/05 22:45:08 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/04 21:56:32 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/04 21:54:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 21:48:39 | 000,002,160 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2008/02/26 12:19:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/26 12:14:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/26 12:14:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/26 11:57:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/02/26 11:56:07 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2010/06/18 21:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/04 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/03/05 22:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/02/26 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/19 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/03/08 19:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/05 13:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/19 07:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2008/03/04 21:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2010/10/27 20:43:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >

mikmik12, Oct 27, 2010

#60

Page 3 of 4

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.