Help with browser redirecting.

**mikethebike** · 13-01-2011

Hi,
Sorry, I posted this earlier on the wrong forum.
Fantastic wealth of info on the site - well done to all who contribute. I have a 18 month old lntel laptop, Vista home edition. My issue is that when I start an internet browser, search on a subject, and click on a link, I get redirected to a completely unrelated site, sometimes a search engine, sometimes pornographic. It happens with IE, Firefox, and Chrome. I assumed that this was the result of a virus, I do use windows defender and avg, and over the last few weeks have downloaded a few others and tried them. I did find a virus which was apparently quarantined and deleted, not found on further searches. But the problem didn't go away. In frustration I have taken the drastic step of booting off the installation disk, reformatting C, and reinstalling Vista Home edition. But I still have the same problem with redirected pages. Could it be coming from somewhere else - my router, or ISP even? Any help greatly appreciated. Getting demented now. Thanks.

I have attached the logs as instructed.

MBam

12/01/2011 21:45:43
mbam-log-2011-01-12 (21-45-43).txt

Scan type: Quick scan
Objects scanned: 133787
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\qni8hj710fdl (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\iqeisyvp (Trojan.FakeAlert.Gen) -> Value: iqeisyvp -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-82125641-362176691-1391285036-3608\Df5\yptmoxalajb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.
System Product Name: R59P/R60P/R61P
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 129):
0x81C00000 \SystemRoot\system32\ntoskrnl.exe
0x81F95000 \SystemRoot\system32\hal.dll
0x806C6000 \SystemRoot\system32\kdcom.dll
0x80666000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8065D000 \SystemRoot\system32\PSHED.dll
0x80655000 \SystemRoot\system32\BOOTVID.dll
0x8061A000 \SystemRoot\system32\CLFS.SYS
0x80539000 \SystemRoot\system32\CI.dll
0x804BE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x804B1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8046E000 \SystemRoot\system32\drivers\acpi.sys
0x80465000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8045D000 \SystemRoot\system32\drivers\msisadrv.sys
0x80438000 \SystemRoot\system32\drivers\pci.sys
0x80429000 \SystemRoot\system32\drivers\volmgr.sys
0x80426000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040C000 \SystemRoot\System32\drivers\mountmgr.sys
0x80405000 \SystemRoot\system32\drivers\pciide.sys
0x86FF2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x86FA8000 \SystemRoot\System32\drivers\volmgrx.sys
0x86FA0000 \SystemRoot\system32\drivers\atapi.sys
0x86F82000 \SystemRoot\system32\drivers\ataport.SYS
0x86F51000 \SystemRoot\system32\drivers\fltmgr.sys
0x86F41000 \SystemRoot\system32\drivers\fileinfo.sys
0x86E3D000 \SystemRoot\system32\drivers\ndis.sys
0x86E12000 \SystemRoot\system32\drivers\msrpc.sys
0x86DD9000 \SystemRoot\system32\drivers\NETIO.SYS
0x86CD1000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86C67000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86C31000 \SystemRoot\system32\drivers\volsnap.sys
0x86C29000 \SystemRoot\System32\Drivers\spldr.sys
0x86C1A000 \SystemRoot\System32\drivers\partmgr.sys
0x86C0B000 \SystemRoot\System32\Drivers\mup.sys
0x873DB000 \SystemRoot\System32\drivers\ecache.sys
0x873CA000 \SystemRoot\system32\drivers\disk.sys
0x873A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x86C03000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x873A0000 \SystemRoot\system32\drivers\crcdisk.sys
0x88137000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8820A000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88129000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x882CA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A928000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x88087000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8807A000 \SystemRoot\System32\drivers\watchdog.sys
0x8A869000 \SystemRoot\system32\DRIVERS\athr.sys
0x8A82A000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x883EA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A7ED000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8801C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88004000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x881E2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8A77B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A768000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A75D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A72F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x87252000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A724000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A6F9000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A6B9000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A6AE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A697000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A68C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A669000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x871D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A566000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A579000 \SystemRoot\system32\DRIVERS\termdd.sys
0x87256000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A52F000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A525000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A559000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A4E1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x87080000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B64D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8A4B4000 \SystemRoot\system32\drivers\portcls.sys
0x8A48F000 \SystemRoot\system32\drivers\drmk.sys
0x88237000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x88150000 \SystemRoot\System32\Drivers\Null.SYS
0x88157000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A443000 \SystemRoot\System32\drivers\vga.sys
0x8A422000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8833E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8834E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A7E2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A7D4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88240000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B578000 \SystemRoot\System32\drivers\tcpip.sys
0x8B55F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B54A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B536000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B504000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B4BD000 \SystemRoot\system32\drivers\afd.sys
0x8B4A7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B499000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B486000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B44B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B441000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B42A000 \SystemRoot\System32\Drivers\dfsc.sys
0x881FD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x881E8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x883A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x90600000 \SystemRoot\System32\win32k.sys
0x8B410000 \SystemRoot\System32\drivers\Dxapi.sys
0x8A5E2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x90400000 \SystemRoot\System32\TSDDD.dll
0x90410000 \SystemRoot\System32\cdd.dll
0x90893000 \SystemRoot\system32\drivers\luafv.sys
0x8B806000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
0x921F2000 \SystemRoot\system32\drivers\spsys.sys
0x870E0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x92130000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90948000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9211D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x93B57000 \SystemRoot\system32\drivers\HTTP.sys
0x92102000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9204A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x93B03000 \SystemRoot\System32\drivers\mpsdrv.sys
0x93AE3000 \SystemRoot\system32\drivers\mrxdav.sys
0x93AC5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x93A8C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9395C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x938D4000 \SystemRoot\System32\DRIVERS\srv2.sys
0x93883000 \SystemRoot\System32\DRIVERS\srv.sys
0x94262000 \SystemRoot\system32\drivers\peauth.sys
0x9097A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8BADA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x91E6A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77630000 \Windows\System32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
456 C:\Windows\System32\smss.exe
532 csrss.exe
584 C:\Windows\System32\wininit.exe
596 csrss.exe
628 C:\Windows\System32\services.exe
640 C:\Windows\System32\lsass.exe
648 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\winlogon.exe
832 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\Ati2evxx.exe
1040 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\audiodg.exe
1244 C:\Windows\System32\SLsvc.exe
1288 C:\Windows\System32\svchost.exe
1432 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\Ati2evxx.exe
1712 C:\Windows\System32\spoolsv.exe
1736 C:\Windows\System32\svchost.exe
1884 C:\Windows\System32\dwm.exe
1904 C:\Windows\System32\taskeng.exe
1944 C:\Windows\explorer.exe
1968 C:\Windows\System32\taskeng.exe
396 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
504 C:\Windows\System32\agrsmsvc.exe
12 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
676 C:\Program Files\Bonjour\mDNSResponder.exe
840 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1900 C:\Windows\System32\svchost.exe
2052 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2176 C:\Windows\System32\svchost.exe
2244 C:\Windows\System32\svchost.exe
2284 C:\Windows\System32\SearchIndexer.exe
2632 C:\Windows\RtHDVCpl.exe
2640 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2648 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
2656 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
2680 C:\Program Files\Java\jre6\bin\jusched.exe
2700 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2724 C:\Program Files\iTunes\iTunesHelper.exe
2796 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
3044 C:\Windows\System32\taskeng.exe
3312 C:\Program Files\iPod\bin\iPodService.exe
3532 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3608 WmiPrvSE.exe
1088 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1080 C:\Users\Mike\Desktop\Downloads\Web security stuff\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542525K9A300, Rev: BBFOC3EP

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

DDS

DDS (Ver_10-12-12.02) - NTFSx86
Run by Mike at 10:14:22.51 on 13/01/2011
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1790.1130 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike\Desktop\Downloads\Web security stuff\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Power2GoExpress] NA
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\prof iles\ndbo7890.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 4
FF - Ext: Update Service: updater@foxstart.com - c:\program files\mozilla firefox\extensions\updater@foxstart.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2011-1-4 13312]

=============== Created Last 30 ================

2011-01-12 22:08:17 268800 ----a-w- c:\windows\system32\es.dll
2011-01-12 22:07:21 -------- d-----w- c:\program files\MSXML 4.0
2011-01-12 21:39:23 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2011-01-12 21:39:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 21:39:15 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-12 21:39:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-12 21:39:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-12 19:46:43 -------- d-----w- c:\users\mike\appdata\local\Apple Computer
2011-01-12 19:46:24 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-12 19:46:24 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-12 19:45:20 -------- d-----w- c:\program files\iPod
2011-01-12 19:45:17 -------- d-----w- c:\program files\iTunes
2011-01-12 19:45:17 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-12 19:43:01 -------- d-----w- c:\users\mike\appdata\local\Apple
2011-01-12 19:40:26 -------- d-----w- c:\program files\Bonjour
2011-01-12 19:16:24 -------- d-----w- c:\progra~2\LightScribe
2011-01-12 13:38:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-12 13:38:09 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-01-12 13:38:09 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-01-12 13:38:08 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-01-12 13:38:08 24064 ----a-w- c:\windows\system32\lpk.dll
2011-01-12 13:38:08 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-01-12 13:37:03 72704 ----a-w- c:\windows\system32\admparse.dll
2011-01-12 13:37:01 832512 ----a-w- c:\windows\system32\wininet.dll
2011-01-12 13:35:10 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-01-12 13:35:09 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-01-12 13:35:09 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-01-12 13:35:09 272896 ----a-w- c:\windows\system32\polstore.dll
2011-01-12 13:34:40 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-01-12 13:34:40 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-12 13:33:39 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-01-12 13:33:39 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-01-12 13:33:39 15360 ----a-w- c:\windows\system32\netevent.dll
2011-01-12 13:33:39 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-01-12 13:33:39 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-01-12 13:33:39 10240 ----a-w- c:\windows\system32\finger.exe
2011-01-12 13:33:38 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-01-12 13:33:38 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-01-12 13:33:38 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-01-12 13:32:45 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-01-12 13:32:45 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-01-12 13:32:02 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-01-12 13:32:01 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-01-12 13:32:01 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-01-12 13:32:01 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2011-01-12 13:32:00 502272 ----a-w- c:\windows\system32\wlansvc.dll
2011-01-12 13:31:59 297984 ----a-w- c:\windows\system32\wlansec.dll
2011-01-12 06:48:56 -------- d-----w- c:\program files\SolidWorks
2011-01-12 06:48:56 -------- d-----w- c:\program files\common files\SolidWorks Shared
2011-01-12 06:48:13 -------- d-----w- c:\users\mike\appdata\roaming\DWGeditor
2011-01-12 06:48:10 61440 ----a-r- c:\users\mike\appdata\roaming\microsoft\installer\ {ac7190a0-eea1-423c-a531-fceb4e0ebbb1}\DWGEditorEnNo1_C1A7EF455E1B4799AB173 C52D9FB3A0E.exe
2011-01-12 06:48:10 61440 ----a-r- c:\users\mike\appdata\roaming\microsoft\installer\ {ac7190a0-eea1-423c-a531-fceb4e0ebbb1}\DWGEditorEnNo_D0220928AF1811D3AEA400 C04F79FCDD.exe
2011-01-12 06:48:10 61440 ----a-r- c:\users\mike\appdata\roaming\microsoft\installer\ {ac7190a0-eea1-423c-a531-fceb4e0ebbb1}\DWGEditor1_C1A7EF455E1B4799AB173C52D 9FB3A0E.exe
2011-01-12 06:48:10 61440 ----a-r- c:\users\mike\appdata\roaming\microsoft\installer\ {ac7190a0-eea1-423c-a531-fceb4e0ebbb1}\DWGEditor_D0220928AF1811D3AEA400C04F 79FCDD.exe
2011-01-12 06:48:10 61440 ----a-r- c:\users\mike\appdata\roaming\microsoft\installer\ {ac7190a0-eea1-423c-a531-fceb4e0ebbb1}\ARPPRODUCTICON.exe
2011-01-12 06:47:34 -------- d-----w- c:\program files\DWGeditor
2011-01-12 06:46:09 -------- d-----w- c:\program files\common files\eDrawings2006
2011-01-11 07:13:54 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-01-11 07:13:54 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-01-11 07:13:53 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-01-11 07:13:53 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-01-11 07:12:53 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-01-11 07:12:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-01-11 07:12:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-01-11 07:12:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-01-11 07:11:32 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-11 07:11:32 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-01-11 07:11:32 2855424 ----a-w- c:\windows\system32\mf.dll
2011-01-11 07:11:32 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-11 07:11:32 2048 ----a-w- c:\windows\system32\mferror.dll
2011-01-11 07:10:39 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-01-11 07:10:39 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-01-11 07:10:01 376832 ----a-w- c:\windows\system32\winhttp.dll
2011-01-11 07:09:26 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-01-11 07:08:50 71680 ----a-w- c:\windows\system32\atl.dll
2011-01-11 07:08:16 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-01-11 07:06:48 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-01-11 07:06:48 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-01-11 07:06:16 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-01-11 07:05:41 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-01-11 07:05:41 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-01-11 07:05:41 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-01-11 07:05:04 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-01-11 07:03:20 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-01-11 07:03:20 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-01-11 07:03:20 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-01-11 07:03:19 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-01-11 07:00:08 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-11 06:59:24 696832 ----a-w- c:\windows\system32\localspl.dll
2011-01-11 06:58:54 2923520 ----a-w- c:\windows\explorer.exe
2011-01-11 06:58:24 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-01-11 06:57:49 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-01-11 06:57:48 7680 ----a-w- c:\windows\system32\lsass.exe
2011-01-11 06:57:48 72704 ----a-w- c:\windows\system32\secur32.dll
2011-01-11 06:57:48 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-01-11 06:57:48 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-01-11 06:57:48 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-01-11 06:57:47 272384 ----a-w- c:\windows\system32\schannel.dll
2011-01-11 06:57:20 24064 ----a-w- c:\windows\system32\netcfg.exe
2011-01-11 06:53:43 549888 ----a-w- c:\windows\system32\rpcss.dll
2011-01-11 06:53:42 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-11 06:53:42 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-01-11 06:53:42 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-11 06:53:42 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-01-11 06:53:41 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-01-11 06:53:41 53248 ----a-w- c:\windows\system32\iasads.dll
2011-01-11 06:53:41 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-01-11 06:53:40 97280 ----a-w- c:\windows\system32\iasrecst.dll
2011-01-11 06:53:40 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2011-01-11 06:53:40 158720 ----a-w- c:\windows\system32\sdohlp.dll
2011-01-11 06:53:07 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-01-11 06:53:07 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-01-11 06:52:09 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-01-11 06:52:09 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-01-11 06:52:09 22016 ----a-w- c:\windows\system32\netiougc.exe
2011-01-11 06:52:09 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-11 06:52:09 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-01-11 06:52:09 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2011-01-11 06:52:09 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-01-11 06:51:41 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2011-01-11 06:51:13 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-01-11 06:50:37 25600 ----a-w- c:\windows\system32\amxread.dll
2011-01-11 06:50:37 14848 ----a-w- c:\windows\system32\apilogen.dll
2011-01-11 06:50:12 97792 ----a-w- c:\windows\system32\cabview.dll
2011-01-11 06:49:47 441856 ----a-w- c:\windows\system32\win32spl.dll
2011-01-11 06:49:47 37376 ----a-w- c:\windows\system32\printcom.dll
2011-01-11 06:49:24 2031104 ----a-w- c:\windows\system32\win32k.sys
2011-01-11 06:48:28 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-01-11 06:48:28 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-01-11 06:48:00 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-01-11 06:46:49 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-01-11 06:46:49 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-01-11 06:46:13 94720 ----a-w- c:\windows\system32\logagent.exe
2011-01-11 06:46:12 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-01-11 06:45:46 84480 ----a-w- c:\windows\system32\INETRES.dll
2011-01-11 06:45:46 737792 ----a-w- c:\windows\system32\inetcomm.dll
2011-01-11 06:45:25 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-01-11 06:45:03 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2011-01-11 06:44:21 396800 ----a-w- c:\windows\system32\drivers\http.sys
2011-01-11 06:44:21 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-01-11 06:44:21 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-01-11 06:42:32 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-01-11 06:42:10 274432 ----a-w- c:\windows\system32\raschap.dll
2011-01-11 06:42:10 232960 ----a-w- c:\windows\system32\rastls.dll
2011-01-11 06:41:46 321536 ----a-w- c:\windows\system32\WSDApi.dll
2011-01-11 06:35:53 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-01-11 06:35:53 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-01-11 06:35:53 1327616 ----a-w- c:\windows\system32\quartz.dll
2011-01-11 06:35:53 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2011-01-11 06:35:52 88576 ----a-w- c:\windows\system32\avifil32.dll
2011-01-11 06:35:52 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-01-11 06:35:52 65024 ----a-w- c:\windows\system32\avicap32.dll
2011-01-11 06:35:52 31232 ----a-w- c:\windows\system32\msvidc32.dll
2011-01-11 06:35:52 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-01-11 06:35:52 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-01-10 23:26:51 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-01-10 20:02:52 -------- d-----w- c:\users\mike\appdata\roaming\Watchtower
2011-01-10 19:54:38 -------- d-----w- c:\program files\Watchtower
2011-01-10 06:22:51 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-01-10 06:22:05 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-01-10 06

29 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-01-10 06

29 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-01-09 19:26:51 -------- d-----w- c:\users\mike\appdata\local\Samsung
2011-01-04 23:10:04 -------- d-----w- c:\windows\Panther
2011-01-04 23:09:49 -------- d-sh--w- C:\Boot
2011-01-04 23:09:13 -------- d-----w- c:\windows\system32\OEM
2011-01-04 19:22:57 410984 ----a-w- c:\windows\system32\deploytk.dll
2011-01-04 18:27:09 -------- d-----w- c:\users\mike\appdata\roaming\AVG10
2011-01-04 18:22:15 -------- d--h--w- c:\progra~2\Common Files
2011-01-04 18

03 -------- d-----w- c:\progra~2\AVG10
2011-01-04 18:20:13 -------- d-----w- c:\program files\AVG
2011-01-04 17:35:40 -------- d-----w- c:\users\mike\appdata\local\ATI
2011-01-04 17:17:29 45240 ----a-w- c:\windows\system32\drivers\pciidex.sys
2011-01-04 17:17:29 21688 ----a-w- c:\windows\system32\drivers\atapi.sys
2011-01-04 17:17:29 16056 ----a-w- c:\windows\system32\drivers\pciide.sys
2011-01-04 17:17:29 110264 ----a-w- c:\windows\system32\drivers\ataport.sys
2011-01-04 17:10:53 167424 ----a-w- c:\windows\system32\ActionQueue.dll
2011-01-04 17:07:37 66048 ----a-w- c:\windows\system32\drivers\smb.sys
2011-01-04 17:06:00 146944 ----a-w- c:\windows\system32\MMDevAPI.dll
2011-01-04 17:04:20 911872 ----a-w- c:\windows\system32\WlanMM.dll
2011-01-04 17:04:20 627712 ----a-w- c:\windows\system32\WLanConn.dll
2011-01-04 17:02:40 29184 ----a-w- c:\windows\system32\profprov.dll
2011-01-04 17:02:39 152576 ----a-w- c:\windows\system32\profsvc.dll
2011-01-04 17:00:58 503480 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-01-04 16:52:36 50280 ----a-w- c:\windows\system32\drivers\volmgr.sys
2011-01-04 16:52:36 140392 ----a-w- c:\windows\system32\drivers\pci.sys
2011-01-04 16:52:36 13928 ----a-w- c:\windows\system32\drivers\msisadrv.sys
2011-01-04 16:52:35 50792 ----a-w- c:\windows\system32\drivers\termdd.sys
2011-01-04 16:52:35 28776 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2011-01-04 16:52:35 22632 ----a-w- c:\windows\system32\streamci.dll
2011-01-04 16:52:35 12776 ----a-w- c:\windows\system32\drivers\swenum.sys
2011-01-04 16:49:55 405504 ----a-w- c:\windows\HotfixChecker.exe
2011-01-04 16:40:45 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2011-01-04 16:40:45 223232 ----a-w- c:\windows\system32\WMASF.DLL
2011-01-04 16:40:45 2048 ----a-w- c:\windows\system32\asferror.dll
2011-01-04 16:37:44 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2011-01-04 16:37:44 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2011-01-04 16:37:43 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-01-04 16:37:43 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2011-01-04 16:37:43 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2011-01-04 16:37:42 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2011-01-04 16:37:42 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2011-01-04 16:37:41 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-01-04 16:37:41 542720 ----a-w- c:\windows\system32\sysmain.dll
2011-01-04 16:35:46 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2011-01-04 16:34:12 8704 ----a-w- c:\windows\system32\hcrstco.dll
2011-01-04 16:34:12 8704 ----a-w- c:\windows\system32\hccoin.dll
2011-01-04 16:34:12 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-01-04 16:34:12 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-01-04 16:34:12 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-01-04 16:34:12 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-01-04 16:34:12 193536 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-01-04 16:32:30 1244672 ----a-w- c:\windows\system32\mcmde.dll
2011-01-04 16:24:08 750080 ----a-w- c:\windows\system32\qmgr.dll
2011-01-04 16:22:15 61440 ----a-w- c:\windows\system32\ntprint.exe
2011-01-04 16:22:15 220160 ----a-w- c:\windows\system32\ntprint.dll
2011-01-04 16:22:15 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2011-01-04 16:22:14 1984512 ----a-w- c:\windows\system32\authui.dll
2011-01-04 16:22:14 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2011-01-04 16:22:13 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-01-04 16:22:12 69632 ----a-w- c:\windows\system32\sendmail.dll
2011-01-04 16:22:11 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2011-01-04 16:20:43 25600 ----a-w- c:\windows\system32\LangCleanupSysprepAction.dll
2011-01-04 16:20:42 337408 ----a-w- c:\windows\system32\intl.cpl
2011-01-04 16:20:42 23552 ----a-w- c:\windows\system32\lpremove.exe
2011-01-04 16:20:42 166912 ----a-w- c:\windows\system32\lpksetup.exe
2011-01-04 16:20:42 10240 ----a-w- c:\windows\system32\MUILanguageCleanup.dll
2011-01-04 16:16:00 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-01-04 16:08:25 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2011-01-04 16:07:42 86016 ----a-w- c:\windows\system32\icfupgd.dll
2011-01-04 16:07:42 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2011-01-04 16:07:42 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2011-01-04 16:07:42 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2011-01-04 16:07:42 16896 ----a-w- c:\windows\system32\wfapigp.dll
2011-01-04 16:07:41 61952 ----a-w- c:\windows\system32\cmifw.dll
2011-01-04 16:06:51 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-01-04 16:06:51 1686528 ----a-w- c:\windows\system32\gameux.dll
2011-01-04 16:05:54 33280 ----a-w- c:\windows\system32\slwmi.dll
2011-01-04 16:05:54 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2011-01-04 16:05:54 223232 ----a-w- c:\windows\system32\SLC.dll
2011-01-04 16:05:53 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2011-01-04 16:05:53 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2011-01-04 16:05:53 39936 ----a-w- c:\windows\system32\slcinst.dll
2011-01-04 16:05:53 351232 ----a-w- c:\windows\system32\SLUI.exe
2011-01-04 16:05:53 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2011-01-04 16:05:53 186368 ----a-w- c:\windows\system32\SLLUA.exe
2011-01-04 16:04:03 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2011-01-04 16:02:26 5120 ----a-w- c:\windows\system32\wmi.dll
2011-01-04 16:02:26 152576 ----a-w- c:\windows\system32\imagehlp.dll
2011-01-04 16:02:26 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2011-01-04 16:00:00 87040 ----a-w- c:\windows\system32\msoert2.dll
2011-01-04 16:00:00 707072 ----a-w- c:\program files\common files\system\wab32.dll
2011-01-04 16:00:00 41984 ----a-w- c:\program files\windows mail\wabimp.dll
2011-01-04 16:00:00 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2011-01-04 16:00:00 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll
2011-01-04 16:00:00 205824 ----a-w- c:\windows\system32\msoeacct.dll
2011-01-04 16:00:00 1614848 ----a-w- c:\program files\windows mail\msoe.dll
2011-01-04 16:00:00 1098752 ----a-w- c:\program files\common files\system\wab32res.dll
2011-01-04 15:59:58 397312 ----a-w- c:\program files\windows mail\WinMail.exe
2011-01-04 15:59:57 81408 ----a-w- c:\program files\windows mail\oeimport.dll
2011-01-04 15:59:57 24064 ----a-w- c:\program files\common files\system\DirectDB.dll
2011-01-04 15

46 633856 ----a-w- c:\windows\system32\user32.dll
2011-01-04 15

02 414208 ----a-w- c:\windows\system32\msscp.dll
2011-01-04 15:55:47 974336 ----a-w- c:\windows\system32\crypt32.dll
2011-01-04 15:55:33 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2011-01-04 15:55:21 74752 ----a-w- c:\windows\system32\drivers\rasl2tp.sys
2011-01-04 15:55:21 60928 ----a-w- c:\windows\system32\drivers\raspptp.sys
2011-01-04 15:54:30 135680 ----a-w- c:\windows\system32\wusa.exe
2011-01-04 15:54:18 229888 ----a-w- c:\windows\system32\msshsq.dll
2011-01-04 15:53:52 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-01-04 15:53:52 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-01-04 15:53:52 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-01-04 15:53:52 292352 ----a-w- c:\windows\system32\psisdecd.dll
2011-01-04 15:53:52 218624 ----a-w- c:\windows\system32\psisrndr.ax
2011-01-04 15:49:10 172032 ----a-w- c:\windows\SMCM.dll
2011-01-04 15:49:07 2438 ----a-w- c:\windows\ebm.reg
2011-01-04 15:48:07 13312 ----a-w- c:\windows\system32\drivers\KMDFMEMIO.sys
2011-01-04 15:48:03 9550 ----a-w- c:\windows\system32\SetAutoFailover.cmd
2011-01-04 15:48:03 151 ----a-w- c:\windows\system32\SamsungSetAutoFailover.cmd
2011-01-04 15:47:57 -------- d-----w- c:\program files\Samsung
2011-01-04 15:47:48 -------- d-----w- c:\windows\WinClon
2011-01-04 15:44:59 47136 ----a-w- c:\windows\system32\msxm415.rra
2011-01-04 15:44:59 27168 ------w- c:\windows\system32\msxml3a.dll
2011-01-04 15:44:40 502816 ------w- c:\windows\system32\msvcp71.dll
2011-01-04 15:44:40 351264 ------w- c:\windows\system32\msvcr71.dll
2011-01-04 15:44:28 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-01-04 15:44:28 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-01-04 15:44:28 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-01-04 15:44:28 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-01-04 15:44:26 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-01-04 15:44:08 -------- d-----w- c:\users\mike\appdata\local\Adobe
2011-01-04 15:43:10 -------- d-----w- c:\program files\Synaptics
2011-01-04 15:42:54 193456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-01-04 15:42:51 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2011-01-04 15:42:51 163840 ----a-w- c:\windows\system32\SynCOM.dll
2011-01-04 15:42:51 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-01-04 15:42:51 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-01-04 15:42:51 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2011-01-04 15:42:38 50752 ------w- c:\windows\system32\agrsmdel.exe
2011-01-04 15:42:11 9216 ----a-w- c:\windows\system32\agrsmsvc.exe
2011-01-04 15:42:11 50752 ----a-w- c:\windows\agrsmdel.exe
2011-01-04 15:42:11 13312 ----a-w- c:\windows\system32\agrscoin.dll
2011-01-04 15:42:11 1161888 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2011-01-04 15:42:02 -------- d-----w- c:\windows\Options
2011-01-04 15:40:21 -------- d-----w- c:\windows\system32\RTCOM
2011-01-04 15:37:25 -------- d-----w- c:\program files\ATI Technologies
2011-01-04 15:36:46 339968 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-04 15:36:20 -------- d-----w- c:\program files\ATI
2011-01-04 15:35:32 7680 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2011-01-04 15:29:00 -------- d-sh--w- c:\windows\Installer
2011-01-04 15:28:31 -------- d-----w- c:\progra~2\MFAData

==================== Find3M ====================

2011-01-12 13:37:02 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-01-12 13:36:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-01-12 13:36:55 389120 ----a-w- c:\windows\system32\html.iec
2011-01-12 13:36:54 48128 ----a-w- c:\windows\system32\mshtmler.dll
2011-01-12 13:36:53 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-12 13:36:50 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-01-12 13:36:48 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2011-01-12 13:36:45 56320 ----a-w- c:\windows\system32\iesetup.dll
2011-01-11 06:50:37 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-01-11 06:47:59 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-01-11 06:47:58 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-01-11 06:47:58 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-01-11 06:47:55 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-01-11 06:47:55 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-01-11 06:47:55 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-01-11 06:47:16 11776 ----a-w- c:\windows\system32\sbunattend.exe
2011-01-04 16:59:19 160872 ----a-w- c:\windows\system32\halmacpi.dll
2011-01-04 16:59:18 134760 ----a-w- c:\windows\system32\halacpi.dll
2011-01-04 16:19:37 8192 ----a-w- c:\windows\system32\riched32.dll
2011-01-04 16:06:53 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-01-04 16:06:53 449536 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-01-04 16:06:53 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-01-04 16:06:52 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-01-04 16:06:52 2144256 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-01-04 15:57:45 36864 ----a-w- c:\windows\system32\wmdmps.dll
2011-01-04 15:57:45 31744 ----a-w- c:\windows\system32\wmdmlog.dll
2011-01-04 15:57:45 311296 ----a-w- c:\windows\system32\mswmdm.dll
2011-01-04 15:57:31 2048 ----a-w- c:\windows\system32\wertargets.wtl
2011-01-04 15:57:00 49664 ----a-w- c:\windows\system32\csrsrv.dll
2011-01-04 15:57:00 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-01-04 15:39:56 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-01-04 15:39:42 315392 ----a-w- c:\windows\HideWin.exe
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 10:15:05.39 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 04/01/2011 15:14:15
System Uptime: 13/01/2011 10:09:42 (0 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R59P/R60P/R61P
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 186.585 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
ATI Catalyst Install Manager
Bonjour
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
DAL Scanner
DVD Suite
DWGeditor
Easy Battery Manager
Easy Network Manager 3.0
eDrawings 2006
iTunes
Java(TM) 6 Update 11
LabelPrint 2.0
LightScribe 1.8.15.1
Malwarebytes' Anti-Malware
Microsoft Office 2000 Small Business
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDMWorks Clients 2006 sp0
Power2Go 5.0
PowerDirector
PowerDVD
PowerProducer
QuickTime
Realtek High Definition Audio Driver
Samsung Magic Doctor
Samsung Recovery Solution II
Skins
Synaptics Pointing Device Driver
VC 9.0 Runtime
Watchtower Library 2009 - English

==== End Of File ===========================

GMER was difficult to run, kept crashing computer, even in safe mode, but eventually it worked. A message came up saying it had found nothing, and the log file is completely blank. I tried it twice to make sure.

Any help greatly appreciated.
Mike

**broni** · 13-01-2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**mikethebike** · 14-01-2011

Thankyou Broni for such a prompt and comprehensive reply. I have attached the Combifix log below. I had to uninstall avg as per instructions in one of your links.

ComboFix 11-01-14.01 - Mike 14/01/2011 19:47:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1790.1173 [GMT 0:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-12 22:08 . 2011-01-12 22:08 268800 ----a-w- c:\windows\system32\es.dll
2011-01-12 22:07 . 2011-01-12 22:07 -------- d-----w- c:\program files\MSXML 4.0
2011-01-12 21:39 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 21:39 . 2011-01-12 21:39 -------- d-----w- c:\programdata\Malwarebytes
2011-01-12 21:39 . 2011-01-12 21:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-12 21:39 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-12 19:46 . 2011-01-12 19:46 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-12 19:46 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-12 19:46 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-12 19:45 . 2011-01-12 19:45 -------- d-----w- c:\program files\iPod
2011-01-12 19:45 . 2011-01-12 19:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-12 19:39 . 2011-01-12 19:39 -------- d-----w- c:\programdata\Apple
2011-01-12 19:16 . 2011-01-12 19:16 -------- d-----w- c:\programdata\LightScribe
2011-01-12 13:38 . 2011-01-12 13:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-12 13:38 . 2011-01-12 13:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-01-12 13:38 . 2011-01-12 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-01-12 13:38 . 2011-01-12 13:38 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-01-12 13:38 . 2011-01-12 13:38 24064 ----a-w- c:\windows\system32\lpk.dll
2011-01-12 13:38 . 2011-01-12 13:38 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-01-12 13:37 . 2011-01-12 13:37 72704 ----a-w- c:\windows\system32\admparse.dll
2011-01-12 13:37 . 2011-01-12 13:37 832512 ----a-w- c:\windows\system32\wininet.dll
2011-01-12 13:35 . 2011-01-12 13:35 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-01-12 13:35 . 2011-01-12 13:35 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-01-12 13:35 . 2011-01-12 13:35 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-01-12 13:35 . 2011-01-12 13:35 272896 ----a-w- c:\windows\system32\polstore.dll
2011-01-12 13:34 . 2011-01-12 13:34 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-01-12 13:34 . 2011-01-12 13:34 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-12 13:33 . 2011-01-12 13:33 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-01-12 13:33 . 2011-01-12 13:33 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-01-12 13:33 . 2011-01-12 13:33 15360 ----a-w- c:\windows\system32\netevent.dll
2011-01-12 13:33 . 2011-01-12 13:33 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-01-12 13:33 . 2011-01-12 13:33 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-01-12 13:33 . 2011-01-12 13:33 10240 ----a-w- c:\windows\system32\finger.exe
2011-01-12 13:33 . 2011-01-12 13:33 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-01-12 13:33 . 2011-01-12 13:33 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-01-12 13:33 . 2011-01-12 13:33 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-01-12 13:32 . 2011-01-12 13:32 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-01-12 13:32 . 2011-01-12 13:32 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-01-12 13:32 . 2011-01-12 13:32 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-01-12 13:32 . 2011-01-12 13:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-01-12 13:32 . 2011-01-12 13:32 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-01-12 13:32 . 2011-01-12 13:32 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2011-01-12 13:32 . 2011-01-12 13:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2011-01-12 13:31 . 2011-01-12 13:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2011-01-12 13:22 . 2011-01-12 13:22 -------- d-----w- c:\programdata\CyberLink
2011-01-12 06:48 . 2011-01-12 06:49 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2011-01-12 06:48 . 2011-01-12 06:48 -------- d-----w- c:\program files\SolidWorks
2011-01-12 06:47 . 2011-01-12 06:47 -------- d-----w- c:\program files\DWGeditor
2011-01-12 06:46 . 2011-01-12 06:46 -------- d-----w- c:\program files\Common Files\eDrawings2006
2011-01-11 07:13 . 2011-01-11 07:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-01-11 07:13 . 2011-01-11 07:13 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-01-11 07:13 . 2011-01-11 07:13 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-01-11 07:13 . 2011-01-11 07:13 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-01-11 07:12 . 2011-01-11 07:12 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-01-11 07:12 . 2011-01-11 07:12 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-01-11 07:12 . 2011-01-11 07:12 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-01-11 07:12 . 2011-01-11 07:12 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-01-11 07:11 . 2011-01-11 07:11 2855424 ----a-w- c:\windows\system32\mf.dll
2011-01-11 07:11 . 2011-01-11 07:11 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-11 07:11 . 2011-01-11 07:11 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-01-11 07:11 . 2011-01-11 07:11 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-11 07:11 . 2011-01-11 07:11 2048 ----a-w- c:\windows\system32\mferror.dll
2011-01-11 07:10 . 2011-01-11 07:10 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-01-11 07:10 . 2011-01-11 07:10 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-01-11 07:10 . 2011-01-11 07:10 376832 ----a-w- c:\windows\system32\winhttp.dll
2011-01-11 07:09 . 2011-01-11 07:09 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-01-11 07:08 . 2011-01-11 07:08 71680 ----a-w- c:\windows\system32\atl.dll
2011-01-11 07:08 . 2011-01-11 07:08 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-01-11 07:06 . 2011-01-11 07:06 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-01-11 07:06 . 2011-01-11 07:06 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-01-11 07:06 . 2011-01-11 07:06 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-01-11 07:05 . 2011-01-11 07:05 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-01-11 07:05 . 2011-01-11 07:05 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-01-11 07:05 . 2011-01-11 07:05 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-01-11 07:05 . 2011-01-11 07:05 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-01-11 07:03 . 2011-01-11 07:03 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2011-01-11 07:03 . 2011-01-11 07:03 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-01-11 07:03 . 2011-01-11 07:03 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-01-11 07:03 . 2011-01-11 07:03 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2011-01-11 07:00 . 2011-01-11 07:00 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-11 06:59 . 2011-01-11 06:59 696832 ----a-w- c:\windows\system32\localspl.dll
2011-01-11 06:58 . 2011-01-11 06:58 2923520 ----a-w- c:\windows\explorer.exe
2011-01-11 06:58 . 2011-01-11 06:58 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-01-11 06:57 . 2011-01-11 06:57 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-01-11 06:57 . 2011-01-11 06:57 7680 ----a-w- c:\windows\system32\lsass.exe
2011-01-11 06:57 . 2011-01-11 06:57 72704 ----a-w- c:\windows\system32\secur32.dll
2011-01-11 06:57 . 2011-01-11 06:57 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-01-11 06:57 . 2011-01-11 06:57 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-01-11 06:57 . 2011-01-11 06:57 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-01-11 06:57 . 2011-01-11 06:57 272384 ----a-w- c:\windows\system32\schannel.dll
2011-01-11 06:57 . 2011-01-11 06:57 24064 ----a-w- c:\windows\system32\netcfg.exe
2011-01-11 06:53 . 2011-01-11 06:53 549888 ----a-w- c:\windows\system32\rpcss.dll
2011-01-11 06:53 . 2011-01-11 06:53 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-11 06:53 . 2011-01-11 06:53 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-01-11 06:53 . 2011-01-11 06:53 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-11 06:53 . 2011-01-11 06:53 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-01-11 06:53 . 2011-01-11 06:53 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-01-11 06:53 . 2011-01-11 06:53 53248 ----a-w- c:\windows\system32\iasads.dll
2011-01-11 06:53 . 2011-01-11 06:53 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-01-11 06:53 . 2011-01-11 06:53 97280 ----a-w- c:\windows\system32\iasrecst.dll
2011-01-11 06:53 . 2011-01-11 06:53 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2011-01-11 06:53 . 2011-01-11 06:53 158720 ----a-w- c:\windows\system32\sdohlp.dll
2011-01-11 06:53 . 2011-01-11 06:53 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-01-11 06:53 . 2011-01-11 06:53 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-01-11 06:52 . 2011-01-11 06:52 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-01-11 06:52 . 2011-01-11 06:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-01-11 06:52 . 2011-01-11 06:52 22016 ----a-w- c:\windows\system32\netiougc.exe
2011-01-11 06:52 . 2011-01-11 06:52 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-11 06:52 . 2011-01-11 06:52 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-01-11 06:52 . 2011-01-11 06:52 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2011-01-11 06:52 . 2011-01-11 06:52 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-01-11 06:51 . 2011-01-11 06:51 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-01-11 06:51 . 2011-01-11 06:51 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-01-11 06:50 . 2011-01-11 06:50 25600 ----a-w- c:\windows\system32\amxread.dll
2011-01-11 06:50 . 2011-01-11 06:50 14848 ----a-w- c:\windows\system32\apilogen.dll
2011-01-11 06:50 . 2011-01-11 06:50 97792 ----a-w- c:\windows\system32\cabview.dll
2011-01-11 06:49 . 2011-01-11 06:49 441856 ----a-w- c:\windows\system32\win32spl.dll
2011-01-11 06:49 . 2011-01-11 06:49 37376 ----a-w- c:\windows\system32\printcom.dll
2011-01-11 06:49 . 2011-01-11 06:49 2031104 ----a-w- c:\windows\system32\win32k.sys
2011-01-11 06:48 . 2011-01-11 06:48 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-01-11 06:48 . 2011-01-11 06:48 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-01-11 06:48 . 2011-01-11 06:48 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-01-11 06:46 . 2011-01-11 06:46 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-01-11 06:46 . 2011-01-11 06:46 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-01-11 06:46 . 2011-01-11 06:46 94720 ----a-w- c:\windows\system32\logagent.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-01-12 13:37 . 2011-01-12 13:37 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-01-11 06:55 . 2011-01-11 06:55 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2011-01-11 06:55 . 2011-01-11 06:55 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2011-01-11 06:55 . 2011-01-11 06:55 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-01-11 06:55 . 2011-01-11 06:55 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2011-01-11 06:55 . 2011-01-11 06:55 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2011-01-11 06:55 . 2011-01-11 06:55 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2011-01-11 06:50 . 2011-01-11 06:50 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-01-04 16:59 . 2006-11-02 08:30 160872 ----a-w- c:\windows\system32\halmacpi.dll
2011-01-04 16:59 . 2006-11-02 08:30 134760 ----a-w- c:\windows\system32\halacpi.dll
2011-01-04 16:06 . 2011-01-04 16:06 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-01-04 16:06 . 2011-01-04 16:06 449536 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-01-04 16:06 . 2011-01-04 16:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-01-04 16:06 . 2011-01-04 16:06 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-01-04 16:06 . 2011-01-04 16:06 2144256 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-01-04 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 17:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>;*.local
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Prof iles\ndbo7890.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 4
FF - Ext: Update Service: updater@foxstart.com - c:\program files\Mozilla Firefox\extensions\updater@foxstart.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-14 19:51
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-01-14 19:53:45
ComboFix-quarantined-files.txt 2011-01-14 19:53

Pre-Run: 200,178,249,728 bytes free
Post-Run: 199,610,265,600 bytes free

- - End Of File - - F27269F0BC95AF2BB8B48AB54A45E1CA

**broni** · 14-01-2011

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>;*.local

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**mikethebike** · 14-01-2011

Thanks again Broni, new Combifix log attached

ComboFix 11-01-14.01 - Mike 14/01/2011 20:34:15.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1790.1232 [GMT 0:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-14 20:39 . 2011-01-14 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-12 22:08 . 2011-01-12 22:08 268800 ----a-w- c:\windows\system32\es.dll
2011-01-12 22:07 . 2011-01-12 22:07 -------- d-----w- c:\program files\MSXML 4.0
2011-01-12 21:39 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-12 21:39 . 2011-01-12 21:39 -------- d-----w- c:\programdata\Malwarebytes
2011-01-12 21:39 . 2011-01-12 21:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-12 21:39 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-12 19:46 . 2011-01-12 19:46 -------- dc----w- c:\windows\system32\DRVSTORE
2011-01-12 19:46 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-12 19:46 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-12 19:45 . 2011-01-12 19:45 -------- d-----w- c:\program files\iPod
2011-01-12 19:45 . 2011-01-12 19:46 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-01-12 19:39 . 2011-01-12 19:39 -------- d-----w- c:\programdata\Apple
2011-01-12 19:16 . 2011-01-12 19:16 -------- d-----w- c:\programdata\LightScribe
2011-01-12 13:38 . 2011-01-12 13:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-12 13:38 . 2011-01-12 13:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2011-01-12 13:38 . 2011-01-12 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2011-01-12 13:38 . 2011-01-12 13:38 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-01-12 13:38 . 2011-01-12 13:38 24064 ----a-w- c:\windows\system32\lpk.dll
2011-01-12 13:38 . 2011-01-12 13:38 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-01-12 13:37 . 2011-01-12 13:37 72704 ----a-w- c:\windows\system32\admparse.dll
2011-01-12 13:37 . 2011-01-12 13:37 832512 ----a-w- c:\windows\system32\wininet.dll
2011-01-12 13:35 . 2011-01-12 13:35 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2011-01-12 13:35 . 2011-01-12 13:35 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-01-12 13:35 . 2011-01-12 13:35 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-01-12 13:35 . 2011-01-12 13:35 272896 ----a-w- c:\windows\system32\polstore.dll
2011-01-12 13:34 . 2011-01-12 13:34 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-01-12 13:34 . 2011-01-12 13:34 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2011-01-12 13:33 . 2011-01-12 13:33 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-01-12 13:33 . 2011-01-12 13:33 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-01-12 13:33 . 2011-01-12 13:33 15360 ----a-w- c:\windows\system32\netevent.dll
2011-01-12 13:33 . 2011-01-12 13:33 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-01-12 13:33 . 2011-01-12 13:33 103936 ----a-w- c:\windows\system32\netiohlp.dll
2011-01-12 13:33 . 2011-01-12 13:33 10240 ----a-w- c:\windows\system32\finger.exe
2011-01-12 13:33 . 2011-01-12 13:33 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-01-12 13:33 . 2011-01-12 13:33 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-01-12 13:33 . 2011-01-12 13:33 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-01-12 13:32 . 2011-01-12 13:32 194560 ----a-w- c:\windows\system32\WebClnt.dll
2011-01-12 13:32 . 2011-01-12 13:32 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2011-01-12 13:32 . 2011-01-12 13:32 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2011-01-12 13:32 . 2011-01-12 13:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2011-01-12 13:32 . 2011-01-12 13:32 47104 ----a-w- c:\windows\system32\wlanapi.dll
2011-01-12 13:32 . 2011-01-12 13:32 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2011-01-12 13:32 . 2011-01-12 13:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2011-01-12 13:31 . 2011-01-12 13:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2011-01-12 13:22 . 2011-01-12 13:22 -------- d-----w- c:\programdata\CyberLink
2011-01-12 06:48 . 2011-01-12 06:49 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2011-01-12 06:48 . 2011-01-12 06:48 -------- d-----w- c:\program files\SolidWorks
2011-01-12 06:47 . 2011-01-12 06:47 -------- d-----w- c:\program files\DWGeditor
2011-01-12 06:46 . 2011-01-12 06:46 -------- d-----w- c:\program files\Common Files\eDrawings2006
2011-01-11 07:13 . 2011-01-11 07:13 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-01-11 07:13 . 2011-01-11 07:13 1260032 ----a-w- c:\windows\system32\msxml3.dll
2011-01-11 07:13 . 2011-01-11 07:13 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-01-11 07:13 . 2011-01-11 07:13 1406464 ----a-w- c:\windows\system32\msxml6.dll
2011-01-11 07:12 . 2011-01-11 07:12 216576 ----a-w- c:\windows\system32\msv1_0.dll
2011-01-11 07:12 . 2011-01-11 07:12 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-01-11 07:12 . 2011-01-11 07:12 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-01-11 07:12 . 2011-01-11 07:12 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-01-11 07:11 . 2011-01-11 07:11 2855424 ----a-w- c:\windows\system32\mf.dll
2011-01-11 07:11 . 2011-01-11 07:11 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-11 07:11 . 2011-01-11 07:11 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2011-01-11 07:11 . 2011-01-11 07:11 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-11 07:11 . 2011-01-11 07:11 2048 ----a-w- c:\windows\system32\mferror.dll
2011-01-11 07:10 . 2011-01-11 07:10 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-01-11 07:10 . 2011-01-11 07:10 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-01-11 07:10 . 2011-01-11 07:10 376832 ----a-w- c:\windows\system32\winhttp.dll
2011-01-11 07:09 . 2011-01-11 07:09 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-01-11 07:08 . 2011-01-11 07:08 71680 ----a-w- c:\windows\system32\atl.dll
2011-01-11 07:08 . 2011-01-11 07:08 297472 ----a-w- c:\windows\system32\gdi32.dll
2011-01-11 07:06 . 2011-01-11 07:06 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2011-01-11 07:06 . 2011-01-11 07:06 30208 ----a-w- c:\windows\system32\xolehlp.dll
2011-01-11 07:06 . 2011-01-11 07:06 156160 ----a-w- c:\windows\system32\wkssvc.dll
2011-01-11 07:05 . 2011-01-11 07:05 36352 ----a-w- c:\windows\system32\tsgqec.dll
2011-01-11 07:05 . 2011-01-11 07:05 1871872 ----a-w- c:\windows\system32\mstscax.dll
2011-01-11 07:05 . 2011-01-11 07:05 116736 ----a-w- c:\windows\system32\aaclient.dll
2011-01-11 07:05 . 2011-01-11 07:05 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2011-01-11 07:03 . 2011-01-11 07:03 23040 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
2011-01-11 07:03 . 2011-01-11 07:03 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-01-11 07:03 . 2011-01-11 07:03 10922496 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-01-11 07:03 . 2011-01-11 07:03 195072 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
2011-01-11 07:00 . 2011-01-11 07:00 2048 ----a-w- c:\windows\system32\tzres.dll
2011-01-11 06:59 . 2011-01-11 06:59 696832 ----a-w- c:\windows\system32\localspl.dll
2011-01-11 06:58 . 2011-01-11 06:58 2923520 ----a-w- c:\windows\explorer.exe
2011-01-11 06:58 . 2011-01-11 06:58 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-01-11 06:57 . 2011-01-11 06:57 494592 ----a-w- c:\windows\system32\kerberos.dll
2011-01-11 06:57 . 2011-01-11 06:57 7680 ----a-w- c:\windows\system32\lsass.exe
2011-01-11 06:57 . 2011-01-11 06:57 72704 ----a-w- c:\windows\system32\secur32.dll
2011-01-11 06:57 . 2011-01-11 06:57 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-01-11 06:57 . 2011-01-11 06:57 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-01-11 06:57 . 2011-01-11 06:57 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2011-01-11 06:57 . 2011-01-11 06:57 272384 ----a-w- c:\windows\system32\schannel.dll
2011-01-11 06:57 . 2011-01-11 06:57 24064 ----a-w- c:\windows\system32\netcfg.exe
2011-01-11 06:53 . 2011-01-11 06:53 549888 ----a-w- c:\windows\system32\rpcss.dll
2011-01-11 06:53 . 2011-01-11 06:53 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-11 06:53 . 2011-01-11 06:53 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2011-01-11 06:53 . 2011-01-11 06:53 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-11 06:53 . 2011-01-11 06:53 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2011-01-11 06:53 . 2011-01-11 06:53 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-01-11 06:53 . 2011-01-11 06:53 53248 ----a-w- c:\windows\system32\iasads.dll
2011-01-11 06:53 . 2011-01-11 06:53 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-01-11 06:53 . 2011-01-11 06:53 97280 ----a-w- c:\windows\system32\iasrecst.dll
2011-01-11 06:53 . 2011-01-11 06:53 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2011-01-11 06:53 . 2011-01-11 06:53 158720 ----a-w- c:\windows\system32\sdohlp.dll
2011-01-11 06:53 . 2011-01-11 06:53 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-01-11 06:53 . 2011-01-11 06:53 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-01-11 06:52 . 2011-01-11 06:52 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-01-11 06:52 . 2011-01-11 06:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-01-11 06:52 . 2011-01-11 06:52 22016 ----a-w- c:\windows\system32\netiougc.exe
2011-01-11 06:52 . 2011-01-11 06:52 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-11 06:52 . 2011-01-11 06:52 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-01-11 06:52 . 2011-01-11 06:52 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2011-01-11 06:52 . 2011-01-11 06:52 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-01-11 06:51 . 2011-01-11 06:51 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-01-11 06:51 . 2011-01-11 06:51 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-01-11 06:50 . 2011-01-11 06:50 25600 ----a-w- c:\windows\system32\amxread.dll
2011-01-11 06:50 . 2011-01-11 06:50 14848 ----a-w- c:\windows\system32\apilogen.dll
2011-01-11 06:50 . 2011-01-11 06:50 97792 ----a-w- c:\windows\system32\cabview.dll
2011-01-11 06:49 . 2011-01-11 06:49 441856 ----a-w- c:\windows\system32\win32spl.dll
2011-01-11 06:49 . 2011-01-11 06:49 37376 ----a-w- c:\windows\system32\printcom.dll
2011-01-11 06:49 . 2011-01-11 06:49 2031104 ----a-w- c:\windows\system32\win32k.sys
2011-01-11 06:48 . 2011-01-11 06:48 14848 ----a-w- c:\windows\system32\wshrm.dll
2011-01-11 06:48 . 2011-01-11 06:48 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-01-11 06:48 . 2011-01-11 06:48 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2011-01-11 06:46 . 2011-01-11 06:46 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-01-11 06:46 . 2011-01-11 06:46 24576 ----a-w- c:\windows\system32\dnscacheugc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-01-12 13:37 . 2011-01-12 13:37 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2011-01-11 06:55 . 2011-01-11 06:55 5632 ----a-w- c:\windows\system32\drivers\en-US\sermouse.sys.mui
2011-01-11 06:55 . 2011-01-11 06:55 4608 ----a-w- c:\windows\system32\drivers\en-US\mouclass.sys.mui
2011-01-11 06:55 . 2011-01-11 06:55 4608 ----a-w- c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2011-01-11 06:55 . 2011-01-11 06:55 3072 ----a-w- c:\windows\system32\drivers\en-US\mouhid.sys.mui
2011-01-11 06:55 . 2011-01-11 06:55 3072 ----a-w- c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2011-01-11 06:55 . 2011-01-11 06:55 10752 ----a-w- c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2011-01-11 06:50 . 2011-01-11 06:50 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2011-01-04 16:59 . 2006-11-02 08:30 160872 ----a-w- c:\windows\system32\halmacpi.dll
2011-01-04 16:59 . 2006-11-02 08:30 134760 ----a-w- c:\windows\system32\halacpi.dll
2011-01-04 16:06 . 2011-01-04 16:06 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-01-04 16:06 . 2011-01-04 16:06 449536 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-01-04 16:06 . 2011-01-04 16:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-01-04 16:06 . 2011-01-04 16:06 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2011-01-04 16:06 . 2011-01-04 16:06 2144256 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-01-04 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 17:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Prof iles\ndbo7890.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.type - 4
FF - Ext: Update Service: updater@foxstart.com - c:\program files\Mozilla Firefox\extensions\updater@foxstart.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-01-14 20:39
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-01-14 20:41:19
ComboFix-quarantined-files.txt 2011-01-14 20:41
ComboFix2.txt 2011-01-14 19:53

Pre-Run: 198,066,950,144 bytes free
Post-Run: 197,516,222,464 bytes free

- - End Of File - - 6FC30198DF714C9C119FCD84B889F23D

**broni** · 14-01-2011

How is redirection?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**mikethebike** · 14-01-2011

Sorry Broni, I may have done something wrong, I've only got one log file.
Should I repeat the scan? The one I've got attached below. I am still getting redirected, sometimes a new browser window opens.

OTL logfile created on: 14/01/2011 21:06:05 - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Mike\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 183.98 Gb Free Space | 82.54% Space Free | Partition Type: NTFS

Computer Name: MIKESLAPTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/14 20:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
PRC - [2011/01/11 06:58:54 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2007/07/05 07:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007/06/13 04:11:30 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2011/01/14 20:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
MOD - [2011/01/04 17:23:14 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634 c4a0218d65c1\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/12 06:49:55 | 000,069,632 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/01/04 15:57:16 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2007/10/26 05:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/13 06:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/13 14

30 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/13 14

30 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/11 22:05:34 | 001,787,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/23 17:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007/05/03 01:14:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/04/26 01:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007/01/03 10:52:12 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/01/03 10:52:12 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/03 10:52:11 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\S-1-5-21-3453271901-2254368760-3688782285-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3453271901-2254368760-3688782285-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: updater@foxstart.com:1.2
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/12 19:44:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/12 19:44:13 | 000,000,000 | ---D | M]

[2011/01/04 20:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2011/01/04 20:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Prof iles\ndbo7890.default\extensions
[2011/01/04 20:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/04 20:00:26 | 000,000,000 | ---D | M] ("Update Service") -- C:\Program Files\Mozilla Firefox\extensions\updater@foxstart.com
[2010/12/31 03:33:35 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/31 03:33:35 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/31 03:33:35 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/31 03:33:35 | 000,002,014 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\foxstart.xml
[2010/12/31 03:33:35 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-21-3453271901-2254368760-3688782285-1000..\Run: [Power2GoExpress] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3453271901-2254368760-3688782285-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3453271901-2254368760-3688782285-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.sun.com/update/1.6...ndows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/14 20:57:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/01/14 20:41:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/14 20:41:21 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp
[2011/01/14 20:40:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/14 20:26:30 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/01/14 19:46:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/14 19:46:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/14 19:46:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/14 19:46:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/14 19:46:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/14 19:43:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/13 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\logs
[2011/01/12 22:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/01/12 21:58:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/01/12 21:39:23 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes
[2011/01/12 21:39:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/12 21:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/12 21:39:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/12 21:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/12 19:46:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Apple Computer
[2011/01/12 19:46:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Apple Computer
[2011/01/12 19:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/12 19:46:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/01/12 19:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/12 19:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/12 19:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/12 19:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/12 19:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/12 19:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/01/12 19:43:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Apple
[2011/01/12 19:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/12 19:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/12 19:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/01/12 19:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/12 19:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2011/01/12 13:24:36 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Music
[2011/01/12 13:22:04 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\CyberLink
[2011/01/12 13:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/01/12 13:22:00 | 000,000,000 | ---D | C] -- C:\Users\Mike\Documents\CyberLink
[2011/01/12 06:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDMWorks 2006
[2011/01/12 06:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
[2011/01/12 06:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\SolidWorks
[2011/01/12 06:48:13 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\DWGeditor
[2011/01/12 06:47:56 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\SolidWorks
[2011/01/12 06:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\DWGeditor
[2011/01/12 06:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eDrawings2006
[2011/01/11 06:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2011/01/11 06:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/01/11 06:27:02 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft Web Folders
[2011/01/11 06:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/01/10 22:25:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Macromedia
[2011/01/10 22:25:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/01/10 22:10:25 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Adobe
[2011/01/10 20:02:52 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Watchtower
[2011/01/10 19:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2009
[2011/01/10 19:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Watchtower
[2011/01/10 19:31:15 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Bible reading
[2011/01/09 19:26:51 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Samsung
[2011/01/04 23:10:04 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/01/04 23:09:49 | 000,000,000 | ---D | C] -- C:\Boot
[2011/01/04 23:09:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2011/01/04 20:00:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Mozilla
[2011/01/04 20:00:33 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Mozilla
[2011/01/04 20:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/01/04 19:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/04 18:29:55 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Downloads
[2011/01/04 18:27:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\AVG10
[2011/01/04 18:22:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/01/04 18

03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/01/04 18:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/01/04 17:35:40 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\ATI
[2011/01/04 17:35:40 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\ATI
[2011/01/04 16:49:55 | 000,405,504 | ---- | C] (Samsung Electronics) -- C:\Windows\HotfixChecker.exe
[2011/01/04 15:49:10 | 000,172,032 | ---- | C] (SAMSUNG Electronics co., LTD.) -- C:\Windows\SMCM.dll
[2011/01/04 15:48:07 | 000,013,312 | ---- | C] (SAMSUNG ELECTRONICS CO., LTD.) -- C:\Windows\System32\drivers\KMDFMEMIO.sys
[2011/01/04 15:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011/01/04 15:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011/01/04 15:47:48 | 000,000,000 | ---D | C] -- C:\Windows\WinClon
[2011/01/04 15:47:47 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\InstallShield
[2011/01/04 15:45:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\CyberLink DVD Suite
[2011/01/04 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
[2011/01/04 15:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2011/01/04 15:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011/01/04 15:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2011/01/04 15:44:08 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Adobe
[2011/01/04 15:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/01/04 15:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/01/04 15:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/01/04 15:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/01/04 15:42:54 | 000,193,456 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys
[2011/01/04 15:42:51 | 000,196,608 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCtrl.dll
[2011/01/04 15:42:51 | 000,163,840 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynCOM.dll
[2011/01/04 15:42:51 | 000,147,456 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPAPI.dll
[2011/01/04 15:42:51 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\Windows\System32\SynTPCo4.dll
[2011/01/04 15:42:38 | 000,050,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2011/01/04 15:42:11 | 001,161,888 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2011/01/04 15:42:11 | 000,050,752 | ---- | C] (Agere Systems) -- C:\Windows\agrsmdel.exe
[2011/01/04 15:42:11 | 000,013,312 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrscoin.dll
[2011/01/04 15:42:11 | 000,009,216 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
[2011/01/04 15:42:02 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/01/04 15:41:39 | 000,755,712 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/01/04 15:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros WLAN Client
[2011/01/04 15:41:38 | 000,045,056 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\Windows\System32\RmWLAN.exe
[2011/01/04 15:41:38 | 000,042,496 | ---- | C] (ASKEY COMPUTER CORP.) -- C:\Windows\System32\RmWLAN64.exe
[2011/01/04 15:41:00 | 000,245,248 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys
[2011/01/04 15:40:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/01/04 15:39:53 | 004,489,216 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/01/04 15:39:52 | 000,970,752 | ---- | C] (Samsung Electronics Co., LTD) -- C:\Windows\System32\EDSPropPageExt.dll
[2011/01/04 15:39:52 | 000,071,680 | ---- | C] (Samsung Electronics Co,. LTD) -- C:\Windows\System32\EDSAPODll.dll
[2011/01/04 15:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/01/04 15:39:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/01/04 15:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/01/04 15:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/01/04 15:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/01/04 15:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Install Manager
[2011/01/04 15:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/01/04 15:29:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/01/04 15:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/01/04 15:24:28 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup
[2011/01/04 15:24:28 | 000,000,000 | R--D | C] -- C:\Users\Mike\Searches
[2011/01/04 15:24:28 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Administrative Tools
[2011/01/04 15:24:18 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Identities
[2011/01/04 15:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mike\Contacts
[2011/01/04 15:24:16 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\VirtualStore
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Temporary Internet Files
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Templates
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Start Menu
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\SendTo
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Recent
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\PrintHood
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\NetHood
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Videos
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Pictures
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Documents\My Music
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\My Documents
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Local Settings
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\History
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Cookies
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\Application Data
[2011/01/04 15:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Mike\AppData\Local\Application Data
[2011/01/04 15:24:11 | 000,000,000 | --SD | C] -- C:\Users\Mike\AppData\Roaming\Microsoft
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\Videos
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\Saved Games
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\Pictures
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\Music
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Maintenance
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\Links
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\Favorites
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\Downloads
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\Documents
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\Desktop
[2011/01/04 15:24:11 | 000,000,000 | R--D | C] -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories
[2011/01/04 15:24:11 | 000,000,000 | -H-D | C] -- C:\Users\Mike\AppData
[2011/01/04 15:24:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Microsoft
[2011/01/04 15:24:11 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Media Center Programs
[2011/01/04 15:14:38 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/01/04 15:12:31 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2011/01/04 15:11:02 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/01/04 15:10:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/01/14 20:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe
[2011/01/14 20:36:39 | 000,623,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/14 20:36:38 | 000,108,526 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/14 20:29:12 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 20:29:12 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 20:29:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/14 20:29:02 | 1877,131,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/14 19:41:31 | 004,154,944 | R--- | M] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/01/13 12:08:24 | 000,003,584 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 10:42:30 | 087,882,830 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/12 21:39:16 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/12 20:33:14 | 000,020,480 | ---- | M] () -- C:\Users\Mike\Desktop\Was Jesus Just Another Religious Leader.doc
[2011/01/12 19:46:29 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/12 19:43:58 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/12 18:36:33 | 000,000,943 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/12 18:34:41 | 000,246,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/12 13:32:01 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2011/01/12 07:29:25 | 000,002,461 | ---- | M] () -- C:\Users\Mike\Desktop\DWGeditor.lnk
[2011/01/12 06:49:14 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\eDrawings 2006.lnk
[2011/01/12 06:44:33 | 000,000,042 | ---- | M] () -- C:\Windows\trailer.xws
[2011/01/11 18:46:36 | 000,292,180 | ---- | M] () -- C:\Users\Mike\Desktop\Dianes 2009-10TaxReturnPdf.pdf
[2011/01/11 06:30:54 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/01/10 23:04:49 | 000,021,446 | ---- | M] () -- C:\Users\Mike\Documents\avgfile1.csv
[2011/01/10 19:54:39 | 000,001,109 | ---- | M] () -- C:\Users\Mike\Desktop\Watchtower Library 2009 - English.lnk
[2011/01/10 19:54:39 | 000,001,109 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Watchtower Library 2009 - English.lnk
[2011/01/10 19:35:33 | 000,000,914 | ---- | M] () -- C:\Users\Mike\Desktop\Windows Media Player.lnk
[2011/01/04 23:09:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/01/04 20:00:38 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/01/04 20:00:29 | 000,001,748 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/04 20:00:29 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/04 16:50:00 | 000,004,744 | ---- | M] () -- C:\Windows\HotFixList.ini
[2011/01/04 16:25:18 | 000,008,888 | ---- | M] () -- C:\Windows\System32\RacUR.xml
[2011/01/04 16:25:18 | 000,000,150 | ---- | M] () -- C:\Windows\System32\RacUREx.xml
[2011/01/04 16:19:35 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2011/01/04 15:49:51 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Easy Network Manager.lnk
[2011/01/04 15:48:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_KMDFMEMIO_ 01000.Wdf
[2011/01/04 15:47:57 | 000,000,729 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Recovery Solution II.lnk
[2011/01/04 15:44:35 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink DVD Suite.lnk
[2011/01/04 15:43:55 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/01/04 15:43:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_0100 0.Wdf
[2011/01/04 15:27:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_0 1_00_00.Wdf
[2011/01/04 15:14:14 | 000,041,176 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/14 19:46:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/14 19:46:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/14 19:46:09 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/14 19:46:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/14 19:46:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/14 19:41:21 | 004,154,944 | R--- | C] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/01/13 12:08:21 | 000,003,584 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 12:07:23 | 1877,131,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/12 21:57:47 | 087,882,830 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/12 21:39:16 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/12 19:46:29 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/12 19:43:58 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/12 13:32:01 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/01/12 06:47:56 | 000,002,461 | ---- | C] () -- C:\Users\Mike\Desktop\DWGeditor.lnk
[2011/01/12 06:46:11 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\eDrawings 2006.lnk
[2011/01/12 06:44:33 | 000,000,042 | ---- | C] () -- C:\Windows\trailer.xws
[2011/01/11 21:06:02 | 000,020,480 | ---- | C] () -- C:\Users\Mike\Desktop\Was Jesus Just Another Religious Leader.doc
[2011/01/11 20:14:13 | 000,001,109 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Watchtower Library 2009 - English.lnk
[2011/01/11 18:46:36 | 000,292,180 | ---- | C] () -- C:\Users\Mike\Desktop\Dianes 2009-10TaxReturnPdf.pdf
[2011/01/11 06:30:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/10 23:04:49 | 000,021,446 | ---- | C] () -- C:\Users\Mike\Documents\avgfile1.csv
[2011/01/10 19:54:39 | 000,001,109 | ---- | C] () -- C:\Users\Mike\Desktop\Watchtower Library 2009 - English.lnk
[2011/01/10 19:35:33 | 000,000,914 | ---- | C] () -- C:\Users\Mike\Desktop\Windows Media Player.lnk
[2011/01/04 23:09:51 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2011/01/04 23:09:50 | 000,438,840 | RHS- | C] () -- C:\bootmgr
[2011/01/04 20:00:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/04 20:00:29 | 000,001,748 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/04 20:00:29 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/01/04 18:24:42 | 000,000,943 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/04 16:25:18 | 000,008,888 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/01/04 16:25:18 | 000,000,150 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/01/04 16:19:35 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2011/01/04 15:52:12 | 000,004,744 | ---- | C] () -- C:\Windows\HotFixList.ini
[2011/01/04 15:49:51 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Easy Network Manager.lnk
[2011/01/04 15:49:07 | 000,002,438 | ---- | C] () -- C:\Windows\ebm.reg
[2011/01/04 15:48:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_KMDFMEMIO_ 01000.Wdf
[2011/01/04 15:48:03 | 000,009,550 | ---- | C] () -- C:\Windows\System32\SetAutoFailover.cmd
[2011/01/04 15:48:03 | 000,000,151 | ---- | C] () -- C:\Windows\System32\SamsungSetAutoFailover.cmd
[2011/01/04 15:47:57 | 000,000,729 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Recovery Solution II.lnk
[2011/01/04 15:45:03 | 000,000,631 | ---- | C] () -- C:\PDVD.iss
[2011/01/04 15:44:35 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink DVD Suite.lnk
[2011/01/04 15:43:55 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011/01/04 15:43:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_0100 0.Wdf
[2011/01/04 15:42:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011/01/04 15:41:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2011/01/04 15:41:38 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2011/01/04 15:36:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011/01/04 15:36:46 | 000,043,760 | ---- | C] () -- C:\Windows\System32\drivers\ativvpxx.vp
[2011/01/04 15:36:45 | 000,011,557 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/01/04 15:36:45 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativpkxx.vp
[2011/01/04 15:36:45 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativokxx.vp
[2011/01/04 15:36:45 | 000,002,096 | ---- | C] () -- C:\Windows\System32\drivers\ativdkxx.vp
[2011/01/04 15:24:11 | 000,000,258 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/01/04 15:24:11 | 000,000,240 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll

========== LOP Check ==========

[2011/01/04 18:27:09 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\AVG10
[2011/01/12 06:48:13 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\DWGeditor
[2011/01/10 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Mike\AppData\Roaming\Watchtower
[2011/01/14 20:28:11 | 000,009,920 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 09:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2011/01/04 23:09:51 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/01/14 20:41:20 | 000,016,085 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/14 20:29:02 | 1877,131,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/14 20:29:01 | 2191,065,088 | -HS- | M] () -- C:\pagefile.sys
[2007/04/25 14:45:58 | 000,000,631 | ---- | M] () -- C:\PDVD.iss
[2011/01/04 15:40:34 | 000,000,360 | ---- | M] () -- C:\RHDSetup.log
[2011/01/04 15:50:23 | 000,000,170 | ---- | M] () -- C:\setup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 12:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.d ll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/01/11 17

59 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/12 18:36:33 | 000,000,221 | -HS- | M] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/14 19:41:31 | 004,154,944 | R--- | M] () -- C:\Users\Mike\Desktop\ComboFix.exe
[2011/01/12 19:38:22 | 081,876,264 | ---- | M] (Apple Inc.) -- C:\Users\Mike\Desktop\iTunesSetup.exe
[2011/01/14 20:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/01/04 17:35:00 | 000,000,402 | -HS- | M] () -- C:\Users\Mike\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

**broni** · 14-01-2011

Which browser is affected?
Did you try different browser?

You're not running any AV program.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: Avira AntiVir Personal - Free Antivirus
Update, run full scan, report on any findings.

================================================== ================================================== =

Update your Java version here: Verify Java Version

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

================================================== ===================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
O4 - HKU\S-1-5-21-3453271901-2254368760-3688782285-1000..\Run: [Power2GoExpress] File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/01/04 18:27:09 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\AVG10
[2011/01/04 18:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVG


:Files
ipconfig /flushdns /c
C:\ProgramData\AVG10

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

**mikethebike** · 14-01-2011

Thank you Broni,
I will install Avast now, and follow through your instructions. I uninstalled AVG to run the scans. Will post the log. Thanks again.

**broni** · 14-01-2011

Trust me. You'll do better with Avast

Help with browser redirecting.

Help with browser redirecting.

Similar Threads

Help with browser redirecting

google redirecting :(

[Resolved] Browser Hijack Google Redirecting Links (Log File Included)

Google Redirecting

Redirecting issues