Solved Followed the 8 Steps for malware removal, posting results

Status
Not open for further replies.
Nothing found there.

Can you delete Combofix from your PC and then re-download it from my initial link and run it again as before please.
 
ComboFix 10-10-23.02 - Mike 10/24/2010 16:37:29.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.521 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\jkhifc.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-25 to 2010-10-25 )))))))))))))))))))))))))))))))
.

2010-10-19 14:26 . 2010-10-19 14:26 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Yahoo
2010-10-19 14:23 . 2010-10-19 14:26 -------- d-----w- c:\documents and settings\Mike\Application Data\FreeFileViewer
2010-10-19 14:19 . 2010-10-21 02:54 -------- d-----w- c:\program files\FreeFileViewer
2010-10-19 14:19 . 2010-10-19 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-10-19 14:19 . 2010-10-19 14:19 -------- d-----w- c:\program files\Freeze.com
2010-10-19 14:19 . 2010-10-19 14:19 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-10-19 14:19 . 2010-10-19 14:35 -------- d-----w- c:\program files\Yahoo!
2010-10-19 14:19 . 2010-10-19 14:19 -------- d-----w- c:\documents and settings\Mike\Application Data\Yahoo!
2010-10-17 22:10 . 2010-10-17 22:10 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\G DATA
2010-10-17 21:53 . 2010-10-17 21:53 -------- d-----w- c:\program files\7-Zip
2010-10-17 17:50 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-10-17 17:50 . 2010-10-17 17:50 -------- d-----w- c:\program files\Panda Security
2010-10-15 14:23 . 2010-10-15 14:23 -------- d-----w- C:\_OTL
2010-10-15 04:10 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 04:10 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 01:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 03:34 . 2010-10-15 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-12 04:52 . 2010-10-25 00:48 88576 ---ha-w- c:\windows\system32\jkhifc.dll
2010-10-12 03:02 . 2010-10-12 03:02 -------- d-----w- c:\documents and settings\Mike\Application Data\Avira
2010-10-12 02:46 . 2010-10-12 02:46 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-10-12 02:45 . 2010-10-12 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-12 01:58 . 2010-10-13 03:45 -------- d-----w- c:\windows\system32\NtmsData
2010-10-12 01:53 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-12 01:53 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-12 01:53 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-12 01:53 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-12 01:53 . 2010-10-12 01:53 -------- d-----w- c:\program files\Avira
2010-10-12 01:53 . 2010-10-12 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-10-09 21:42 . 2010-10-09 23:03 -------- d-----w- c:\windows\BDOSCAN8
2010-10-09 21:33 . 2010-10-09 21:34 -------- d-----w- c:\program files\Windows Live Safety Center
2010-10-05 05:12 . 2010-10-05 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-10-05 04:53 . 2010-10-05 04:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-05 04:51 . 2010-10-05 04:51 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\PackageAware
2010-10-05 04:20 . 2010-10-05 04:20 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 18:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 18:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 18:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 18:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 18:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 18:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-10 18:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 18:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-13 12:53 . 2009-04-14 21:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-10 12:15 . 2010-08-10 12:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 12:15 . 2010-08-10 12:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll" [2010-01-19 361592]

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2010-01-19 22:08 361592 ----a-w- c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"hgfccadrv"="jkhifc.dll" [2010-10-25 88576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04e\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"wvtuuvdrv"="jkhifc.dll" [2010-10-25 88576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"jkjhgedrv"="jkhifc.dll" [2010-10-25 88576]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-11 333088]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/17/2010 10:50 AM 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2010 6:53 PM 135336]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [3/4/2008 9:48 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [3/13/2003 5:04 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [3/4/2008 9:48 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [3/4/2008 9:48 PM 10368]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/26/2008 12:15 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-10-25 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2010-10-19 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 17:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\jkhifc.dll

- - - - - - - > 'explorer.exe'(3336)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\jkhifc.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Microsoft Office\OFFICE11\EXCEL.EXE
.
**************************************************************************
.
Completion time: 2010-10-24 17:52:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-25 00:52
ComboFix2.txt 2010-10-14 01:57

Pre-Run: 48,723,578,880 bytes free
Post-Run: 48,919,678,976 bytes free

- - End Of File - - 42F73E97A04E64F15603EF76924E0331
 
I think something else is on there that we cannot yet see. It keeps bringing that same file back.

See if Kaspersky online scanner picks anything up.

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

  • Spyware, Adware, Dialers, and other potentially dangerous programs
    [*] Archives
    [*] Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Sorry this took so long...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, October 25, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 24, 2010 20:58:56
Records in database: 4175121
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
G:\

Scan statistics:
Objects scanned: 87976
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:49:17


File name / Threat / Threats count
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\6.0\12\38eba44c-3f86e470 Infected: Trojan-Downloader.Java.Agent.hx 1
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\6.0\24\5a21e2d8-2e74ec65 Infected: Trojan-Downloader.Java.Agent.hx 1

Selected area has been scanned.
 
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
    The Java Control Panel appears.

  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.

  • Click Delete Files.
    The Delete Temporary Files dialog box appears.

There are three options on this window to clear the cache.
  • Delete Files
  • View Applications
  • View Applets
  • Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on Temporary Files Settings window.

====

Can you please run OTL again after that.
 
done...

OTL logfile created on: 10/26/2010 6:56:41 PM - Run 4
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 463.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 45.48 Gb Free Space | 30.53% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 109.21 Gb Free Space | 73.27% Space Free | Partition Type: NTFS

Computer Name: VOSTRO | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/24 20:07:09 | 000,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Mike\Local Settings\temp\jkos-Mike\binaries\ScanningProcess.exe
PRC - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2010/06/16 23:25:14 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/19 13:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/11 08:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/07/27 15:50:42 | 000,221,184 | ---- | M] (InstallShield Software Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/27 15:50:04 | 000,503,808 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2004/07/20 09:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (SafeList) ==========

MOD - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/08/10 12:05:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/11 08:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/23 17:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/26 13:06:20 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/06/13 19:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/13 18:21:16 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/13 17:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/10/24 17:47:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [wvtuuvdrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [hgfccadrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/23 12:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\tdsskiller
[2010/10/21 12:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover
[2010/10/19 07:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Yahoo
[2010/10/19 07:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2010/10/19 07:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2010/10/19 07:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/10/19 07:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2010/10/19 07:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Yahoo!
[2010/10/17 15:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\G DATA
[2010/10/17 14:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/17 10:50:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/10/17 10:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/15 07:23:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 21:10:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/14 21:10:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/14 21:10:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 21:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 18:39:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/13 18:33:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 18:33:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 18:33:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 18:33:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 18:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 18:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/12 20:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/11 20:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Avira
[2010/10/11 19:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/10/11 19:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/11 19:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/11 18:58:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/11 18:55:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/11 18:53:23 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/11 18:53:23 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/11 18:53:23 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/11 18:53:23 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/09 14:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/10/09 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/04 22:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/10/04 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/04 21:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\PackageAware
[2010/10/04 09:08:00 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/08/29 10:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Civic
[2010/08/29 10:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\House pics
[2010/08/29 09:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Food
[2010/08/21 12:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Grace Photos
[2010/08/16 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/14 15:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Intelli-studio
[2010/08/14 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Intelli-studio
[2010/08/14 15:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/08/14 15:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/04 19:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\My Videos
[2010/08/04 19:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/08/01 16:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Famly Exp reports
[2010/08/01 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Laurel Ln
[2010/08/01 15:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Resume
[2010/08/01 15:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Year in Review

========== Files - Modified Within 90 Days ==========

[2010/10/26 18:56:00 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Monthly Expenses 2010.xls
[2010/10/24 17:50:32 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/24 17:48:31 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/24 17:47:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/24 16:45:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/24 16:45:46 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/24 16:33:40 | 003,883,109 | R--- | M] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:17:29 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/10/23 12:16:54 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 21:10:44 | 000,043,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:19:45 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/19 07:12:21 | 000,002,160 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2010/10/18 20:13:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/16 10:02:55 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 07:19:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 21:10:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 21:10:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 18:39:05 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2010/10/13 07:18:16 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:41 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:51 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:55 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:55:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/11 13:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/06 12:59:37 | 000,505,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 12:59:37 | 000,096,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 21:23:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/02 16:03:17 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/10/02 10:15:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 21:27:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:07 | 000,017,055 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/05 01:39:18 | 002,175,830 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/03 08:18:03 | 001,948,682 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/26 09:50:30 | 001,973,253 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/08/22 05:45:36 | 001,954,759 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/08/22 05:28:26 | 002,162,198 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/08/21 12:31:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 07:50:00 | 000,319,644 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/16 04:12:42 | 000,326,999 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/08/14 15:56:49 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/13 15:36:38 | 000,314,498 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/08/10 12:14:42 | 025,251,654 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2010/08/04 08:27:05 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Loan calculator.xls

========== Files Created - No Company Name ==========

[2010/10/24 16:33:34 | 003,883,109 | R--- | C] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:16:51 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 12:36:22 | 000,037,393 | ---- | C] () -- C:\Documents and Settings\Mike\bootkit_remover_debug_log.txt
[2010/10/21 12:35:43 | 000,043,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:20:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/19 07:19:45 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/18 20:13:18 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/14 21:10:44 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 18:39:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/13 18:39:02 | 000,260,272 | -HS- | C] () -- C:\cmldr
[2010/10/13 18:33:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 18:33:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 18:33:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 18:33:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 18:33:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 07:18:16 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:40 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:49 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/02 16:03:17 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:40 | 000,017,055 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/06 15:57:55 | 002,175,830 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/04 20:25:50 | 000,326,999 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/09/04 20:08:10 | 000,314,498 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/09/04 20:05:55 | 002,162,198 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/09/04 20:05:48 | 001,954,759 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/09/04 20:05:27 | 001,973,253 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/09/03 08:18:02 | 001,948,682 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/21 12:54:22 | 000,319,644 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/21 12:31:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 19:41:10 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/14 15:56:49 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/10 12:14:38 | 025,251,654 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
[2009/06/21 09:21:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/03/05 22:46:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/05 22:46:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/05 22:46:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/05 22:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/03/05 22:45:08 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/04 21:56:32 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/04 21:54:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 21:48:39 | 000,002,160 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2008/02/26 12:19:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/26 12:14:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/26 12:14:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/26 11:57:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/02/26 11:56:07 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2010/06/18 21:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/04 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/03/05 22:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/02/26 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/19 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/03/08 19:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/05 13:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/19 07:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2008/03/04 21:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2010/10/24 17:50:32 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/08 09:18:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/08 09:18:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/08 09:18:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/08 09:18:01 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 01:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006/08/27 20:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\drivers\storage\R158515\iastor.sys
[2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\i386\iastor.sys
[2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\System32\config\*.sav >
[2004/08/10 11:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 11:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 11:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >
 
Can you confirm that the following file is GMER: C:\Documents and Settings\Mike\Desktop\cggomyuh.exe

====

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :Files

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [wvtuuvdrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - HKCU..\Run: [hgfccadrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
[2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/24 17:48:31 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
:Commands
[emptytemp]
[resethosts]
[clearallrestorepoints]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
It is GMER..

This pulled up after I ran the fix..running scan right now.

All processes killed
========== FILES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wvtuuvdrv deleted successfully.
C:\WINDOWS\system32\jkhifc.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hgfccadrv deleted successfully.
File C:\WINDOWS\System32\jkhifc.dll not found.
File C:\WINDOWS\System32\jkhifc.dll not found.
File C:\WINDOWS\System32\jkhifc.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bec
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3531 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 956 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mike
->Temp folder emptied: 108513321 bytes
->Temporary Internet Files folder emptied: 6577893 bytes
->Java cache emptied: 107900 bytes
->Flash cache emptied: 8881 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.15.2 log created on 10272010_203248

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF6826.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DF8FB1.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFB906.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFB919.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFBA79.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFBA90.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFBB9E.tmp not found!
File\Folder C:\Documents and Settings\Mike\Local Settings\Temp\~DFBC1A.tmp not found!
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\70WKRRXZ\sh26[1].html moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\6LUPAAPB\topic154745-3[2].html moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
 
OTL logfile created on: 10/27/2010 8:42:12 PM - Run 5
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 551.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 46.01 Gb Free Space | 30.89% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 109.21 Gb Free Space | 73.27% Space Free | Partition Type: NTFS

Computer Name: VOSTRO | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/09/22 11:25:44 | 001,570,456 | ---- | M] (Bitberry Software) -- C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/06/16 23:24:52 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/19 13:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/11 08:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/20 09:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (SafeList) ==========

MOD - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/08/10 12:05:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/11 08:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/23 17:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/26 13:06:20 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/06/13 19:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/13 18:21:16 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/13 17:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/10/27 20:33:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [rqpnondrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [efdbcddrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/27 20:33:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/23 12:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\tdsskiller
[2010/10/21 12:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover
[2010/10/19 07:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Yahoo
[2010/10/19 07:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2010/10/19 07:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2010/10/19 07:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/10/19 07:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2010/10/19 07:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Yahoo!
[2010/10/17 15:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\G DATA
[2010/10/17 14:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/17 10:50:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/10/17 10:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/15 07:23:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 21:10:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/14 21:10:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/14 21:10:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 21:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 18:39:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/13 18:33:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 18:33:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 18:33:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 18:33:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 18:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 18:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/12 20:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/11 20:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Avira
[2010/10/11 19:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/10/11 19:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/11 19:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/11 18:58:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/11 18:55:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/11 18:53:23 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/11 18:53:23 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/11 18:53:23 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/11 18:53:23 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/09 14:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/10/09 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/04 22:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/10/04 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/04 21:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\PackageAware
[2010/10/04 09:08:00 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/08/29 10:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Civic
[2010/08/29 10:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\House pics
[2010/08/29 09:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Food
[2010/08/21 12:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Grace Photos
[2010/08/16 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/14 15:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Intelli-studio
[2010/08/14 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Intelli-studio
[2010/08/14 15:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/08/14 15:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/04 19:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\My Videos
[2010/08/04 19:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/08/01 16:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Famly Exp reports
[2010/08/01 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Laurel Ln
[2010/08/01 15:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Resume
[2010/08/01 15:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Year in Review

========== Files - Modified Within 90 Days ==========

[2010/10/27 20:43:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/27 20:40:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/27 20:40:00 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/27 20:33:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/27 20:32:54 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/26 18:56:00 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Monthly Expenses 2010.xls
[2010/10/24 16:33:40 | 003,883,109 | R--- | M] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:17:29 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/10/23 12:16:54 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 21:10:44 | 000,043,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:19:45 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/19 07:12:21 | 000,002,160 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2010/10/18 20:13:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/16 10:02:55 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 07:19:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 21:10:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 21:10:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 18:39:05 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2010/10/13 07:18:16 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:41 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:51 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:55 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:55:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/11 13:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/06 12:59:37 | 000,505,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 12:59:37 | 000,096,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 21:23:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/02 16:03:17 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/10/02 10:15:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 21:27:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:07 | 000,017,055 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/05 01:39:18 | 002,175,830 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/03 08:18:03 | 001,948,682 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/26 09:50:30 | 001,973,253 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/08/22 05:45:36 | 001,954,759 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/08/22 05:28:26 | 002,162,198 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/08/21 12:31:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 07:50:00 | 000,319,644 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/16 04:12:42 | 000,326,999 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/08/14 15:56:49 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/13 15:36:38 | 000,314,498 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/08/10 12:14:42 | 025,251,654 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2010/08/04 08:27:05 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Loan calculator.xls

========== Files Created - No Company Name ==========

[2010/10/24 16:33:34 | 003,883,109 | R--- | C] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:16:51 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 12:36:22 | 000,037,393 | ---- | C] () -- C:\Documents and Settings\Mike\bootkit_remover_debug_log.txt
[2010/10/21 12:35:43 | 000,043,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:20:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/19 07:19:45 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/18 20:13:18 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/14 21:10:44 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 18:39:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/13 18:39:02 | 000,260,272 | -HS- | C] () -- C:\cmldr
[2010/10/13 18:33:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 18:33:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 18:33:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 18:33:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 18:33:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 07:18:16 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:40 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:49 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/02 16:03:17 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:40 | 000,017,055 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/06 15:57:55 | 002,175,830 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/04 20:25:50 | 000,326,999 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/09/04 20:08:10 | 000,314,498 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/09/04 20:05:55 | 002,162,198 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/09/04 20:05:48 | 001,954,759 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/09/04 20:05:27 | 001,973,253 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/09/03 08:18:02 | 001,948,682 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/21 12:54:22 | 000,319,644 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/21 12:31:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 19:41:10 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/14 15:56:49 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/10 12:14:38 | 025,251,654 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
[2009/06/21 09:21:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/03/05 22:46:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/05 22:46:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/05 22:46:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/05 22:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/03/05 22:45:08 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/04 21:56:32 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/04 21:54:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 21:48:39 | 000,002,160 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2008/02/26 12:19:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/26 12:14:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/26 12:14:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/26 11:57:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/02/26 11:56:07 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2010/06/18 21:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/04 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/03/05 22:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/02/26 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/19 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/03/08 19:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/05 13:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/19 07:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2008/03/04 21:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2010/10/27 20:43:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >
 
2nd log.

OTL logfile created on: 10/27/2010 8:42:12 PM - Run 5
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 551.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 46.01 Gb Free Space | 30.89% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 109.21 Gb Free Space | 73.27% Space Free | Partition Type: NTFS

Computer Name: VOSTRO | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/09/22 11:25:44 | 001,570,456 | ---- | M] (Bitberry Software) -- C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/06/16 23:24:52 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/19 13:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/11 08:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/20 09:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (SafeList) ==========

MOD - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/08/10 12:05:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/11 08:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/23 17:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/26 13:06:20 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/06/13 19:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/13 18:21:16 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/13 17:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/10/27 20:33:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [rqpnondrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [efdbcddrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/27 20:33:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/23 12:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\tdsskiller
[2010/10/21 12:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover
[2010/10/19 07:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Yahoo
[2010/10/19 07:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2010/10/19 07:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2010/10/19 07:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/10/19 07:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2010/10/19 07:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Yahoo!
[2010/10/17 15:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\G DATA
[2010/10/17 14:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/17 10:50:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/10/17 10:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/15 07:23:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 21:10:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/14 21:10:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/14 21:10:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 21:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 18:39:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/13 18:33:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 18:33:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 18:33:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 18:33:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 18:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 18:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/12 20:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
 
[2010/10/11 20:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Avira
[2010/10/11 19:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/10/11 19:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/11 19:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/11 18:58:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/11 18:55:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/11 18:53:23 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/11 18:53:23 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/11 18:53:23 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/11 18:53:23 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/09 14:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/10/09 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/04 22:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/10/04 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/04 21:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\PackageAware
[2010/10/04 09:08:00 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/08/29 10:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Civic
[2010/08/29 10:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\House pics
[2010/08/29 09:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Food
[2010/08/21 12:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Grace Photos
[2010/08/16 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/14 15:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Intelli-studio
[2010/08/14 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Intelli-studio
[2010/08/14 15:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/08/14 15:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/04 19:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\My Videos
[2010/08/04 19:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/08/01 16:04:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Famly Exp reports
[2010/08/01 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Laurel Ln
[2010/08/01 15:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Resume
[2010/08/01 15:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Year in Review

========== Files - Modified Within 90 Days ==========

[2010/10/27 20:43:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/27 20:40:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/27 20:40:00 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/27 20:33:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/27 20:32:54 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/26 18:56:00 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Monthly Expenses 2010.xls
[2010/10/24 16:33:40 | 003,883,109 | R--- | M] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:17:29 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/10/23 12:16:54 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 21:10:44 | 000,043,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:19:45 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/19 07:12:21 | 000,002,160 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2010/10/18 20:13:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/16 10:02:55 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 07:19:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 21:10:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 21:10:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 18:39:05 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2010/10/13 07:18:16 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:41 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:51 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:55 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:55:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/11 13:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/06 12:59:37 | 000,505,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 12:59:37 | 000,096,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 21:23:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/02 16:03:17 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/10/02 10:15:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 21:27:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:07 | 000,017,055 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/05 01:39:18 | 002,175,830 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/03 08:18:03 | 001,948,682 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/26 09:50:30 | 001,973,253 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/08/22 05:45:36 | 001,954,759 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/08/22 05:28:26 | 002,162,198 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/08/21 12:31:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 07:50:00 | 000,319,644 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/16 04:12:42 | 000,326,999 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/08/14 15:56:49 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/13 15:36:38 | 000,314,498 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/08/10 12:14:42 | 025,251,654 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2010/08/04 08:27:05 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Loan calculator.xls

========== Files Created - No Company Name ==========

[2010/10/24 16:33:34 | 003,883,109 | R--- | C] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:16:51 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 12:36:22 | 000,037,393 | ---- | C] () -- C:\Documents and Settings\Mike\bootkit_remover_debug_log.txt
[2010/10/21 12:35:43 | 000,043,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:20:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/19 07:19:45 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/18 20:13:18 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/14 21:10:44 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 18:39:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/13 18:39:02 | 000,260,272 | -HS- | C] () -- C:\cmldr
[2010/10/13 18:33:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 18:33:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 18:33:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 18:33:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 18:33:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 07:18:16 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:40 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:49 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/02 16:03:17 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/09/21 19:19:59 | 000,085,138 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement2.pdf
[2010/09/16 14:12:10 | 000,079,195 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\billstatement.pdf
[2010/09/07 11:22:40 | 000,017,055 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\vanity.jpg
[2010/09/06 15:57:55 | 002,175,830 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0335.JPG
[2010/09/04 20:25:50 | 000,326,999 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0103.JPG
[2010/09/04 20:08:10 | 000,314,498 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0091.JPG
[2010/09/04 20:05:55 | 002,162,198 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0236.JPG
[2010/09/04 20:05:48 | 001,954,759 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0248.JPG
[2010/09/04 20:05:27 | 001,973,253 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0280.JPG
[2010/09/03 08:18:02 | 001,948,682 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\New Image.JPG
[2010/08/21 12:54:22 | 000,319,644 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\SAM_0111.JPG
[2010/08/21 12:31:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\08.doc
[2010/08/16 19:45:29 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/16 19:41:10 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/14 15:56:49 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2010/08/10 12:14:38 | 025,251,654 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FMLA Leave.bmp
[2010/08/04 19:02:47 | 000,001,015 | R--- | C] () -- C:\logFile.xsl
[2009/06/21 09:21:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/03/05 22:46:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/05 22:46:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/05 22:46:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/05 22:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/03/05 22:45:08 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/04 21:56:32 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/04 21:54:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 21:48:39 | 000,002,160 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2008/02/26 12:19:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/26 12:14:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/26 12:14:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/26 11:57:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/02/26 11:56:07 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2010/06/18 21:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/04 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/03/05 22:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/02/26 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/19 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/03/08 19:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/05 13:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/19 07:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2008/03/04 21:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2010/10/27 20:43:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >
PRC - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/06/16 23:24:52 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/19 13:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/11 08:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/08/17 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/07/20 09:34:28 | 000,851,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (SafeList) ==========

MOD - [2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/08/10 12:05:39 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007/10/11 08:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2003/03/19 17:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 11:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/23 17:29:10 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\datunidr.sys -- (datunidr)
DRV - [2007/06/26 13:06:20 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/06/13 19:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/13 18:25:14 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/06/13 18:21:16 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys -- (PTproct)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/13 17:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
O1 HOSTS File: ([2010/10/27 20:33:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll (W3i, LLC)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [rqpnondrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [efdbcddrv] C:\WINDOWS\System32\jkhifc.dll (foobar2000.org)
O4 - Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/27 20:33:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/23 12:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\tdsskiller
[2010/10/21 12:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover
[2010/10/19 07:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Yahoo
[2010/10/19 07:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2010/10/19 07:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2010/10/19 07:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/10/19 07:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2010/10/19 07:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/10/19 07:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Yahoo!
[2010/10/17 15:10:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\G DATA
[2010/10/17 14:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/10/17 10:50:42 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/10/17 10:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/15 07:23:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/14 21:10:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/14 21:10:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/14 21:10:06 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/14 18:58:37 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/13 21:08:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/13 18:39:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/13 18:33:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/13 18:33:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/13 18:33:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/13 18:33:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/13 18:33:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/13 18:33:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/12 20:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 21:52:46 | 000,088,576 | -H-- | C] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/11 20:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Avira
[2010/10/11 19:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/10/11 19:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/11 19:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/10/11 18:58:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/10/11 18:55:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/10/11 18:53:23 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/10/11 18:53:23 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/10/11 18:53:23 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/10/11 18:53:23 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/10/11 18:53:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/10/09 14:42:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/10/09 14:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/10/04 22:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/10/04 21:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/04 21:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\PackageAware
[2010/10/04 09:08:00 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/08/16 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/14 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Intelli-studio
[2010/08/14 15:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/08/14 15:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/04 19:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\3ivx
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2010/08/04 19:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video

========== Files - Modified Within 90 Days ==========

[2010/10/27 20:43:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/27 20:40:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/27 20:40:00 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/27 20:33:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/10/27 20:32:54 | 000,088,576 | -H-- | M] (foobar2000.org) -- C:\WINDOWS\System32\jkhifc.dll
[2010/10/26 18:56:00 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Monthly Expenses 2010.xls
[2010/10/24 16:33:40 | 003,883,109 | R--- | M] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:17:29 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mike\Desktop\TDSSKiller.exe
[2010/10/23 12:16:54 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 21:10:44 | 000,043,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:19:45 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/19 07:12:21 | 000,002,160 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2010/10/18 20:13:19 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/16 10:02:55 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/15 07:19:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/14 21:10:44 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/14 21:10:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Mike\Desktop\9wt2h1122d.exe
[2010/10/14 19:06:15 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/10/13 18:39:05 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2010/10/13 07:18:16 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:41 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:51 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:55 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:55:45 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\TFC.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/11 13:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/06 12:59:37 | 000,505,412 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/06 12:59:37 | 000,096,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 21:23:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/02 16:03:17 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2010/10/02 10:15:16 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/10/24 16:33:34 | 003,883,109 | R--- | C] () -- C:\Documents and Settings\Mike\Desktop\ComboFix.exe
[2010/10/23 12:16:51 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\tdsskiller.zip
[2010/10/21 12:36:22 | 000,037,393 | ---- | C] () -- C:\Documents and Settings\Mike\bootkit_remover_debug_log.txt
[2010/10/21 12:35:43 | 000,043,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Bootkit_Remover.zip
[2010/10/20 19:49:41 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-20-10_19-49-41.bak
[2010/10/19 07:30:50 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-30-50.bak
[2010/10/19 07:20:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2010/10/19 07:19:45 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeFileViewer.lnk
[2010/10/19 07:19:45 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\FreeFileViewer.lnk
[2010/10/19 07:19:22 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Click to Find and Fix Errors.lnk
[2010/10/19 07:16:40 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck_MBR_Backup_10-19-10_07-16-40.bak
[2010/10/18 20:13:18 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mike\My Documents\LOA Request.doc
[2010/10/18 07:17:07 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\MBRCheck.exe
[2010/10/17 14:56:08 | 000,939,956 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\7z465.exe
[2010/10/14 21:10:44 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 18:39:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/13 18:39:02 | 000,260,272 | -HS- | C] () -- C:\cmldr
[2010/10/13 18:33:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/13 18:33:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/13 18:33:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/13 18:33:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/13 18:33:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/13 07:18:16 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\exeHelper.com
[2010/10/13 07:17:40 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\rkill.exe
[2010/10/11 21:49:49 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\dds.scr
[2010/10/11 20:01:53 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\cggomyuh.exe
[2010/10/11 18:53:44 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/10/02 16:03:17 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk
[2009/06/21 09:21:00 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/03/05 22:46:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/03/05 22:46:32 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/03/05 22:46:32 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/03/05 22:46:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/03/05 22:45:08 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/03/04 21:56:32 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/04 21:54:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/04 21:48:39 | 000,002,160 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2008/02/26 12:19:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/02/26 12:14:54 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/02/26 12:14:54 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/26 11:57:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/02/26 11:56:07 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/11/07 03:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2010/06/18 21:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/08/04 19:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2008/03/05 22:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/02/26 12:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/11/19 13:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/03/08 19:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/27 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 20:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/05 13:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/19 07:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\FreeFileViewer
[2008/03/04 21:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2010/10/27 20:43:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\Free File Viewer Update Checker.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794

< End of report >
 
Please download FileFind from Atribune:
http://www.atribune.org/downloads/FileFind.zip

Unzip the file and save it to your desktop.

To run FileFind, please do the following:
  • Click on FileFind.exe
  • In the box labeled "Enter the directory to search"
  • Enter Drive eg.. C:\
  • In the box labeled "Enter the file to search"
  • Enter the file jkhifc.dll
  • Now click on the "Find" button
  • Once the utility has found the files click on "Export"
  • This will save a text file to your C:\ drive as "Export.txt"
  • Double click on Export.txt, copy and paste this information in your next post.
 
C:\WINDOWS\system32\jkhifc.dll - 88576 Bytes
C:\_OTL\MovedFiles\10152010_072307\C_WINDOWS\system32\jkhifc.dll - 88576 Bytes
C:\_OTL\MovedFiles\10152010_175050\C_WINDOWS\System32\jkhifc.dll - 88576 Bytes
C:\_OTL\MovedFiles\10272010_203248\C_WINDOWS\system32\jkhifc.dll - 88576 Bytes
 
This thing just keeps coming back :(.

Go here and download then run Silent Runners.vbs. Right click on the download link and select Save Target As. Save it to the desktop or to a folder in a permanent directory. It generates a log which will be created in the same folder you are running it from. Please post the information back in this thread.
If you have a script blocking program, please allow the file to run. It is not malicious.
 
this things sucks. when do we throw our hands up and reformat the whole thing?

"Silent Runners.vbs", revision 63, http://www.silentrunners.org/
Operating System: Windows XP SP3
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"DellAutomatedPCTuneUp" = ""C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup" ["Gteko Ltd."]
"efdbcddrv" = "rundll32.exe "jkhifc.dll",s" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = ""C:\WINDOWS\system32\igfxtray.exe"" ["Intel Corporation"]
"HotKeysCmds" = ""C:\WINDOWS\system32\hkcmd.exe"" ["Intel Corporation"]
"Persistence" = ""C:\WINDOWS\system32\igfxpers.exe"" ["Intel Corporation"]
"ISUSPM Startup" = ""C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup" ["InstallShield Software Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"RoxioDragToDisc" = ""C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"" ["Roxio"]
"PDVDDXSrv" = ""C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"" ["CyberLink Corp."]
"Google Desktop Search" = ""C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"]
"dscactivate" = ""C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"" [null data]
"SSBkgdUpdate" = ""C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."]
"PaperPort PTD" = ""C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"" ["ScanSoft, Inc."]
"IndexSearch" = ""C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"" ["ScanSoft, Inc."]
"SetDefPrt" = ""C:\Program Files\Brother\Brmfl04e\BrStDvPt.exe"" ["Brother Industories, Ltd."]
"ControlCenter2.0" = ""C:\Program Files\Brother\ControlCenter2\brctrcen.exe" /autorun" ["Brother Industries, Ltd."]
"RTHDCPL" = ""RTHDCPL.EXE"" ["Realtek Semiconductor Corp."]
"SunJavaUpdateSched" = ""C:\Program Files\Common Files\Java\Java Update\jusched.exe"" ["Sun Microsystems, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"Adobe ARM" = ""C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"" ["Adobe Systems Incorporated"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"avgnt" = ""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira GmbH"]
"rqpnondrv" = "rundll32.exe "jkhifc.dll",s" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{00C6482D-C502-44C8-8409-FCE54AD9C208}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SnagIt Toolbar Loader"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll" ["TechSmith Corporation"]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{CA6319C0-31B7-401E-A518-A07C3DB8F777}\(Default) = "Browser Address Error Redirector"
-> {HKLM...CLSID} = "CBrowserHelperObject Object"
\InProcServer32\(Default) = "C:\Program Files\Dell\BAE\BAE.dll" ["Dell Inc."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\(Default) = "NetAssistantBHO"
-> {HKLM...CLSID} = "NetAssistantBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll" ["W3i, LLC"]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
-> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"
-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll" ["Roxio"]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = "Snagit"
-> {HKLM...CLSID} = "Snagit"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll" ["TechSmith Corporation"]

"{CF74B903-3389-469c-B3B6-0204D204FCBD}" = "SnagIt Shell Extension"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll" ["TechSmith Corporation"]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\
<<!>> "Debugger" = "Drwtsn32 -p %ld -e %ld" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> mso-offdap\CLSID = "{3D9F03FA-7A94-11D3-BE81-0050048385D1}"
-> {HKLM...CLSID} = "Data Page Pluggable Protocol mso-offdap Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL" [MS]

<<!>> mso-offdap11\CLSID = "{32505114-5902-49B2-880A-1F7738E5A384}"
-> {HKLM...CLSID} = "Data Page Plugable Protocal mso-offdap11 Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll" ["TechSmith Corporation"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

SnagItMainShellExt\(Default) = "{CF74B903-3389-469c-B3B6-0204D204FCBD}"
-> {HKLM...CLSID} = "SnagItShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\Snagit 9\SnagitShellExt.dll" ["TechSmith Corporation"]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Roxio DragToDisc Shell Extension\(Default) = "{5E44E225-A408-11CF-B581-008029601108}"
-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll" ["Roxio"]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

{5E44E225-A408-11CF-B581-008029601108}\(Default) = "Roxio DragToDisc Shell Extension"
-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll" ["Roxio"]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = "{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}"
-> {HKLM...CLSID} = "GraphicsShellExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\igfxpph.dll" ["Intel Corporation"]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"]


Default executables:
--------------------

<<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile"


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssbezier.scr" [MS]


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

iTunesBurnCDOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.BurnCD"
"InvokeVerb" = "burn"
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L"" ["Apple Inc."]

iTunesImportSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ImportSongsOnCD"
"InvokeVerb" = "import"
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L"" ["Apple Inc."]

iTunesPlaySongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.PlaySongsOnCD"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /playCD "%L"" ["Apple Inc."]

iTunesShowSongsOnArrival\
"Provider" = "iTunes"
"InvokeProgID" = "iTunes.ShowSongsOnCD"
"InvokeVerb" = "showsongs"
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = ""C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L"" ["Apple Inc."]

PDVD7DXPlayDVDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPDVDDX"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

PDVD7DXPlayVideoCDMovieOnArrival\
"Provider" = "PowerDVD"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPDVDDX"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPDVDDX\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" AUTOPLAY MOVIE "%L"" ["CyberLink Corp."]

RoxioSCAudioCDTask33\
"Provider" = "Roxio Creator Audio"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "AudioCDTask"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\AudioCDTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {8E376824-EA6C-4CB7-AA05-A30CB84D359B}" [null data]

RoxioSCCopyCD33\
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCCopyDisc33\
"Provider" = "Roxio Creator Copy"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "ExactCopyJob"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\ExactCopyJob\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {6123D5C0-0B6A-4B67-A692-C0863AB98CDA}" [null data]

RoxioSCDataProject33\
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataGuide"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataGuide\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch Data" [null data]

RoxioSCDataTask33\
"Provider" = "Roxio Creator Data"
"InvokeProgID" = "Roxio.RoxioCentral33"
"InvokeVerb" = "DataTask"
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral33\shell\DataTask\Command\(Default) = ""C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe" /Launch {D085B12D-4D9B-49C2-8323-5053831CBD54}" [null data]

SonyPMBImportPicturesOnArrival\
"Provider" = "PMB"
"InvokeProgID" = "SonyPMB.VolumeAutoPlay"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\SonyPMB.VolumeAutoPlay\shell\launch\command\(Default) = "C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe /autoplay /path %1" ["Sony Corporation"]

SonyPMBVideoCameraArrival\
"Provider" = "PMB"
"ProgID" = "SonyPMB.NonVolumeAutoPlay"
"InitCmdLine" = "/autoplay"
HKLM\SOFTWARE\Classes\SonyPMB.NonVolumeAutoPlay\CLSID\(Default) = "{2B049B62-A498-4b1d-BEA6-C37EBCAECC5C}"
-> {HKLM...CLSID} = (no title provided)
\LocalServer32\(Default) = "C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe /autoplay" ["Sony Corporation"]


Startup items in "Mike" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\Mike\Start Menu\Programs\Startup
"PMB Media Check Tool" -> shortcut to: "C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe /noballoononstart" ["Sony Corporation"]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"Free File Viewer Update Checker" -> launches: "C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" ["Bitberry Software"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 09
%SystemRoot%\system32\rsvpsp.dll [MS], 10 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" = (no title provided)
-> {HKLM...CLSID} = "Snagit"
\InProcServer32\(Default) = "C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll" ["TechSmith Corporation"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}" = (no title provided)
-> {HKLM...CLSID} = "NetAssistantBHO Class"
\InProcServer32\(Default) = "C:\Program Files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll" ["W3i, LLC"]


HOSTS file
----------

C:\WINDOWS\System32\drivers\etc\HOSTS

maps: 3 domain names to IP addresses,
2 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"" ["Apple Inc."]
Avira AntiVir Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir Desktop\avguard.exe"" ["Avira GmbH"]
Avira AntiVir Scheduler, AntiVirSchedulerService, ""C:\Program Files\Avira\AntiVir Desktop\sched.exe"" ["Avira GmbH"]
Bonjour Service, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Inc."]
Brother Popup Suspend service for Resource manager, brmfrmps, ""C:\WINDOWS\system32\Brmfrmps.exe" -service " ["Brother Industries, Ltd."]
FlipShare Service, FlipShare Service, ""C:\Program Files\Flip Video\FlipShare\FlipShareService.exe"" [null data]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]


---------- (launch time: 2010-10-29 07:13:53)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 51 seconds, including 20 seconds for message boxes)
 
Definitely coming back, but other than the known problem file, I don't see anything else in that log.

====

Please download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HijackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.
 
No infected files were found...

What's the worst case scenario with this? Is it possible that we won't be able to remove it? Thanks again for all the help.
 
Worse case scenario is a reformat, but hopefully it will not come to that :).

==

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code: 
KillAll::

File::
c:\windows\system32\jkhifc.dll
Driver::
jkjhgedrv
wvtuuvdrv
hgfccadrv

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"jkjhgedrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wvtuuvdrv"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hgfccadrv"=-

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
  • Combofix.txt
Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
ComboFix 10-10-23.02 - Mike 10/31/2010 10:13:20.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.527 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mike\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
"c:\windows\system32\jkhifc.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\jkhifc.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-30 17:45 . 2010-10-30 17:45 -------- d-----w- C:\VundoFix Backups
2010-10-29 14:29 . 2010-10-29 14:29 -------- d-sh--w- c:\documents and settings\Bec\IECompatCache
2010-10-19 14:26 . 2010-10-19 14:26 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Yahoo
2010-10-19 14:23 . 2010-10-19 14:26 -------- d-----w- c:\documents and settings\Mike\Application Data\FreeFileViewer
2010-10-19 14:19 . 2010-10-21 02:54 -------- d-----w- c:\program files\FreeFileViewer
2010-10-19 14:19 . 2010-10-19 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-10-19 14:19 . 2010-10-19 14:19 -------- d-----w- c:\program files\Freeze.com
2010-10-19 14:19 . 2010-10-19 14:19 -------- d-----w- c:\program files\Free Offers from Freeze.com
2010-10-19 14:19 . 2010-10-19 14:35 -------- d-----w- c:\program files\Yahoo!
2010-10-19 14:19 . 2010-10-19 14:19 -------- d-----w- c:\documents and settings\Mike\Application Data\Yahoo!
2010-10-17 22:10 . 2010-10-17 22:10 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\G DATA
2010-10-17 21:53 . 2010-10-17 21:53 -------- d-----w- c:\program files\7-Zip
2010-10-17 17:50 . 2009-06-30 17:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-10-17 17:50 . 2010-10-17 17:50 -------- d-----w- c:\program files\Panda Security
2010-10-15 14:23 . 2010-10-15 14:23 -------- d-----w- C:\_OTL
2010-10-15 04:10 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 04:10 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 01:58 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 03:34 . 2010-10-15 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-12 03:02 . 2010-10-12 03:02 -------- d-----w- c:\documents and settings\Mike\Application Data\Avira
2010-10-12 02:46 . 2010-10-12 02:46 -------- d-----w- c:\documents and settings\Mike\Application Data\Malwarebytes
2010-10-12 02:45 . 2010-10-12 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-12 01:58 . 2010-10-13 03:45 -------- d-----w- c:\windows\system32\NtmsData
2010-10-12 01:53 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-12 01:53 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-12 01:53 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-12 01:53 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-12 01:53 . 2010-10-12 01:53 -------- d-----w- c:\program files\Avira
2010-10-12 01:53 . 2010-10-12 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-10-09 21:42 . 2010-10-09 23:03 -------- d-----w- c:\windows\BDOSCAN8
2010-10-09 21:33 . 2010-10-09 21:34 -------- d-----w- c:\program files\Windows Live Safety Center
2010-10-05 05:12 . 2010-10-05 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-10-05 04:53 . 2010-10-05 04:53 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-05 04:51 . 2010-10-05 04:51 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\PackageAware
2010-10-05 04:20 . 2010-10-05 04:20 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 18:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 18:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 18:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 18:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 18:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 18:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2004-08-10 18:51 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-10 18:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 18:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 18:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-13 12:53 . 2009-04-14 21:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-10 12:15 . 2010-08-10 12:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 12:15 . 2010-08-10 12:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll" [2010-01-19 361592]

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2010-01-19 22:08 361592 ----a-w- c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-10 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04e\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-14 16132608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-11-11 333088]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/17/2010 10:50 AM 28552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2010 6:53 PM 135336]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [3/4/2008 9:48 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [3/13/2003 5:04 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [3/4/2008 9:48 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [3/4/2008 9:48 PM 10368]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/26/2008 12:15 PM 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-10-31 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2010-10-19 18:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-efdbcddrv - jkhifc.dll
HKLM-Run-rqpnondrv - jkhifc.dll
HKU-Default-Run-khebabdrv - jkhifc.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 10:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-10-31 10:23:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-31 17:23
ComboFix2.txt 2010-10-25 00:52
ComboFix3.txt 2010-10-14 01:57

Pre-Run: 48,866,607,104 bytes free
Post-Run: 49,046,843,392 bytes free

- - End Of File - - 153BDC6F1E348E52E39035DCBBC79C61
 
C:\_OTL\MovedFiles\10152010_072307\C_WINDOWS\system32\jkhifc.dll - 88576 Bytes
C:\_OTL\MovedFiles\10152010_175050\C_WINDOWS\System32\jkhifc.dll - 88576 Bytes
C:\_OTL\MovedFiles\10272010_203248\C_WINDOWS\system32\jkhifc.dll - 88576 Bytes
 
Status
Not open for further replies.

Similar threads

J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni
Shawn Knight
Delidding Intel's Core i9-14900K can drop CPU temperatures by up to 12°C
Replies
12
Views
823
bandit8623
B
A
Switch emulation on PC lives on thanks to Yuzu's offspring, Suyu
Replies
8
Views
190
opckieran
O

Latest posts

Back