[code] OTS logfile created on: 6/11/2010 3:36:16 PM - Run 1 OTS by OldTimer - Version 3.1.31.2 Folder = C:\Users\Al McCool\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16609) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 446.00 Mb Total Physical Memory | 86.00 Mb Available Physical Memory | 19.00% Memory free 1.00 Gb Paging File | 0.00 Gb Available in Paging File | 33.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138.97 Gb Total Space | 105.18 Gb Free Space | 75.69% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 3.33 Gb Free Space | 33.33% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALMCCOOL-PC Current User Name: Al McCool Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Users\Al McCool\Desktop\OTS.exe -> [2010/06/11 15:33:51 | 000,640,000 | ---- | M] (OldTimer Tools) aawtray.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe -> [2010/06/09 13:26:59 | 000,864,112 | ---- | M] (Lavasoft) aawservice.exe -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/06/09 13:26:58 | 001,352,320 | ---- | M] (Lavasoft) flashutil10c.exe -> C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe -> [2009/07/17 23:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) jusched.exe -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) ieuser.exe -> C:\Program Files\Internet Explorer\ieuser.exe -> [2008/04/02 13:56:33 | 000,301,568 | ---- | M] (Microsoft Corporation) ymetray.exe -> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe -> [2008/02/05 14:29:20 | 000,054,512 | ---- | M] (Yahoo! Inc.) atttray.exe -> C:\Program Files\AT&T\Self Support Tool\ATTTray.exe -> [2007/06/06 13:48:44 | 000,986,208 | ---- | M] (AT&T Knowledge Ventures, L.P.) sdclt.exe -> C:\Windows\System32\sdclt.exe -> [2006/11/02 08:35:02 | 001,192,960 | ---- | M] (Microsoft Corporation) explorer.exe -> C:\Windows\explorer.exe -> [2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) [Modules - Safe List] ots.exe -> C:\Users\Al McCool\Desktop\OTS.exe -> [2010/06/11 15:33:51 | 000,640,000 | ---- | M] (OldTimer Tools) msscript.ocx -> C:\Windows\System32\msscript.ocx -> [2006/11/02 05:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll -> [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Auto | Running] -> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -> [2010/06/09 13:26:58 | 001,352,320 | ---- | M] (Lavasoft) (GoogleDesktopManager) GoogleDesktopManager [Disabled | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -> [2007/04/26 16:40:33 | 000,081,408 | ---- | M] (Google) (McNASvc) McAfee Network Agent [Disabled | Stopped] -> c:\program files\common files\mcafee\mna\mcnasvc.exe -> [2007/03/09 05:36:10 | 002,213,416 | ---- | M] (McAfee, Inc.) (STacSV) SigmaTel Audio Service [Disabled | Stopped] -> C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe -> [2007/02/08 01:16:22 | 000,090,112 | ---- | M] (SigmaTel, Inc.) (mcmispupdmgr) McAfee Update Manager [Disabled | Stopped] -> C:\Program Files\McAfee\MSC\mcupdmgr.exe -> [2007/01/05 16:22:18 | 000,689,752 | ---- | M] (McAfee, Inc.) (mcmscsvc) McAfee Services [Disabled | Stopped] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2007/01/05 16:22:12 | 000,361,560 | ---- | M] (McAfee, Inc.) (mcpromgr) McAfee Protection Manager [Disabled | Stopped] -> C:\Program Files\McAfee\MSC\mcpromgr.exe -> [2007/01/05 16:21:40 | 000,493,144 | ---- | M] (McAfee, Inc.) (DSBrokerService) DSBrokerService [Disabled | Stopped] -> C:\Program Files\DellSupport\brkrsvc.exe -> [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () (WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2006/11/02 08:33:48 | 000,263,272 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (Lbd) Lbd [File_System | Boot | Running] -> C:\Windows\system32\DRIVERS\Lbd.sys -> [2010/06/09 13:27:04 | 000,064,288 | ---- | M] (Lavasoft AB) (MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2007/04/26 23:56:46 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) (cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2007/04/26 23:56:46 | 000,019,128 | ---- | M] (CMD Technology, Inc.) (aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2007/04/26 23:56:46 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\stwrt.sys -> [2007/02/08 01:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) (nvstor) nvstor [Kernel | Boot | Running] -> C:\Windows\system32\drivers\nvstor.sys -> [2007/01/06 01:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) (nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2006/12/08 00:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) (ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) (adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) (elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) (adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) (uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) (iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) (adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) (ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) (vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) (ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) (UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) (nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) (nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) (iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) (SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) (arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) (LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) (SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) (HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) (arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) (iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) (iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) (LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) (Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) (LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) (Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) (Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) (Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) (megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) (Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) (BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brusbser.sys -> [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) (BrFiltUp) Brother USB Mass-Storage Upper Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltup.sys -> [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) (BrFiltLo) Brother USB Mass-Storage Lower Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\system32\drivers\brfiltlo.sys -> [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) (BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) (BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) (ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) (R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atikmdag.sys -> [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\e1e6032.sys -> [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) (E1G60) Intel(R) PRO/1000 NDIS 6 Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\E1G60I32.sys -> [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\bcm4sbxp.sys -> [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_DPV.sys -> [2006/10/18 14:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) (HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSXHWBS2.sys -> [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\HSX_CNXT.sys -> [2006/10/18 14:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) (DSproct) DSproct [Kernel | On_Demand | Stopped] -> C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) (dsunidrv) dsunidrv [Kernel | Auto | Running] -> C:\Program Files\DellSupport\Drivers\dsunidrv.sys -> [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) (XAudio) XAudio [Kernel | Auto | Running] -> C:\Windows\System32\drivers\XAudio.sys -> [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) (WUSB54GV4SRV) Linksys Wireless-G USB Network Adapter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\rt2500usb.sys -> [2004/05/07 01:47:10 | 000,079,616 | ---- | M] (Ralink Technology Inc.) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\] > -> -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\: Main\\"StartPageCache" -> 1 -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/11/29 18:35:00 | 000,436,288 | ---- | M] (Yahoo! Inc.) HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\: "ProxyEnable" -> 0 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla < FireFox Extensions [User Folders] > -> < HOSTS File > ([2010/06/04 09:43:29 | 000,000,098 | ---- | M] - 2 lines) -> C:\Windows\System32\drivers\etc\Hosts -> Reset Hosts 127.0.0.1 localhost ::1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> [2006/11/29 18:35:00 | 000,436,288 | ---- | M] (Yahoo! Inc.) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 000,509,328 | ---- | M] (Sun Microsystems, Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2007/04/26 16:41:23 | 002,193,280 | R--- | M] (Google Inc.) {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> C:\Program Files\BAE\BAE.dll [CBrowserHelperObject Object] -> [2006/11/17 17:19:38 | 000,098,304 | ---- | M] (Dell Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2007/04/26 16:41:23 | 002,193,280 | R--- | M] (Google Inc.) "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> [2006/11/29 18:35:00 | 000,436,288 | ---- | M] (Yahoo! Inc.) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\] > -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar1.dll [&Google] -> [2007/04/26 16:41:23 | 002,193,280 | R--- | M] (Google Inc.) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) "MSConfig" -> C:\Windows\System32\msconfig.exe ["C:\Windows\system32\msconfig.exe" /auto] -> [2006/11/02 05:45:25 | 000,222,208 | ---- | M] (Microsoft Corporation) "SBC_McciTrayApp" -> C:\Program Files\AT&T\Self Support Tool\ATTTray.exe [C:\Program Files\AT&T\Self Support Tool\ATTTray.exe] -> [2007/06/06 13:48:44 | 000,986,208 | ---- | M] (AT&T Knowledge Ventures, L.P.) "SunJavaUpdateSched" -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) < Run [HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\] > -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "updateMgr" -> C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9] -> [2006/03/30 16:45:08 | 000,313,472 | R--- | M] (Adobe Systems Incorporated) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000] > -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000] > -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files\PokerStars\PokerStarsUpdate.exe [Button: PokerStars] -> [2009/04/10 14:57:19 | 000,562,968 | ---- | M] (PokerStars) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\] > -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\] > -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1946076248-1851719881-2717065413-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> GD [:Range = 127.0.0.1] -> http = Local intranet | -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> {8100D56A-5661-482C-BEE8-AFECE305D968} [HKLM] -> http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab [Facebook Photo Uploader 5 Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll [PCPitstop Exam] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.1.254 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {063DCB29-B37E-4627-A5DD-AEE6C7FE150B}\\DhcpNameServer -> 192.168.1.254 (Linksys Wireless-G USB Network Adapter) -> {3E042A2D-B824-4241-BAA6-55A0AF242709}\\DhcpNameServer -> 192.168.1.254 (Linksys Wireless-G USB Network Adapter) -> {48FE775F-3356-4291-BC5A-4A9D22191F59}\\DhcpNameServer -> 192.168.1.254 (Broadcom 440x 10/100 Integrated Controller) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2007/04/26 16:40:33 | 000,172,544 | ---- | M] (Google) *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{ee32ff28-840e-11dc-a002-00121787e1e8} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee32ff28-840e-11dc-a002-00121787e1e8}\shell \{ee32ff28-840e-11dc-a002-00121787e1e8}\shell\\"" -> [AutoRun] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 05:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation) htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2003/07/14 22:52:56 | 000,055,360 | ---- | M] (Microsoft Corporation) htmlfile [print] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2003/07/14 22:52:56 | 000,055,360 | ---- | M] (Microsoft Corporation) inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2006/11/02 05:45:14 | 000,011,776 | ---- | M] (Microsoft Corporation) piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2006/11/02 05:44:42 | 000,368,640 | ---- | M] (Microsoft Corporation) scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2006/11/02 05:44:59 | 000,320,000 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 6/8/2010 6:11:24 AM Computer Name = AlMcCool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 -> Description = Application [ Error ] 6/9/2010 6:32:25 AM Computer Name = AlMcCool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 -> Description = Application [ Error ] 6/9/2010 8:30:55 AM Computer Name = AlMcCool-PC | Source = EventSystem | ID = 4609 -> Description = Application [ Error ] 6/9/2010 8:32:43 AM Computer Name = AlMcCool-PC | Source = Application Error | ID = 1000 -> Description = Faulting application CF12294.cfxxe, version 6.0.6000.16386, time stamp 0x4549ae1d, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc00000fd, fault offset 0x000447f2, process id 0x534, application start time 0x01cb07cfc4b42a5c. Application [ Error ] 6/9/2010 8:38:34 AM Computer Name = AlMcCool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 -> Description = Application [ Error ] 6/10/2010 11:50:29 AM Computer Name = AlMcCool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 -> Description = Application [ Error ] 6/10/2010 12:52:37 PM Computer Name = AlMcCool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 -> Description = Application [ Error ] 6/11/2010 6:24:47 AM Computer Name = AlMcCool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 -> Description = Application [ Error ] 6/11/2010 8:45:07 AM Computer Name = AlMcCool-PC | Source = EventSystem | ID = 4609 -> Description = Application [ Error ] 6/11/2010 10:43:02 AM Computer Name = AlMcCool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 -> Description = System [ Error ] 6/11/2010 8:45:11 AM Computer Name = AlMcCool-PC | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 6/11/2010 8:45:11 AM Computer Name = AlMcCool-PC | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 6/11/2010 8:45:47 AM Computer Name = AlMcCool-PC | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 6/11/2010 8:45:47 AM Computer Name = AlMcCool-PC | Source = DCOM | ID = 10005 -> Description = System [ Error ] 6/11/2010 8:45:47 AM Computer Name = AlMcCool-PC | Source = DCOM | ID = 10005 -> Description = System [ Error ] 6/11/2010 8:45:49 AM Computer Name = AlMcCool-PC | Source = Service Control Manager | ID = 7001 -> Description = System [ Error ] 6/11/2010 10:40:04 AM Computer Name = AlMcCool-PC | Source = ACPI | ID = 327686 -> Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance. System [ Error ] 6/11/2010 10:40:04 AM Computer Name = AlMcCool-PC | Source = ACPI | ID = 327686 -> Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance. System [ Error ] 6/11/2010 10:40:04 AM Computer Name = AlMcCool-PC | Source = ACPI | ID = 327686 -> Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance. System [ Error ] 6/11/2010 3:29:09 PM Computer Name = AlMcCool-PC | Source = Print | ID = 6161 -> Description = The document http://www.geekstogo.com/forum/Trojan-aspx-js-Win32-t278550.htm, owned by Al McCool, failed to print on printer hp LaserJet 3015 PCL 5. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 8716288. Number of bytes printed: 0. Total number of pages in the document: 11. Number of pages printed: 0. Client computer: \\ALMCCOOL-PC. Win32 error code returned by the print processor: 259. No more data is available. [Files/Folders - Created Within 30 Days] OTS.exe -> C:\Users\Al McCool\Desktop\OTS.exe -> [2010/06/11 15:33:43 | 000,640,000 | ---- | C] (OldTimer Tools) mbam-setup-1.46.exe -> C:\Users\Al McCool\Desktop\mbam-setup-1.46.exe -> [2010/06/11 14:44:32 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) ComboFix -> C:\ComboFix -> [2010/06/11 12:10:26 | 000,000,000 | --SD | C] Kaspersky Lab -> C:\ProgramData\Kaspersky Lab -> [2010/06/11 08:47:19 | 000,000,000 | ---D | C] AVP Tool by Kaspersky.exe -> C:\Users\Al McCool\Desktop\AVP Tool by Kaspersky.exe -> [2010/06/11 08:41:44 | 073,941,528 | ---- | C] ( ) RegDefense -> C:\Program Files\RegDefense -> [2010/06/11 06:25:15 | 000,000,000 | ---D | C] avz4 -> C:\Users\Al McCool\Desktop\avz4 -> [2010/06/10 11:56:19 | 000,000,000 | ---D | C] Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2010/06/09 13:30:25 | 000,064,288 | ---- | C] (Lavasoft AB) SWXCACLS.exe -> C:\Windows\SWXCACLS.exe -> [2010/06/07 16:55:25 | 000,212,480 | ---- | C] (SteelWerX) SWREG.exe -> C:\Windows\SWREG.exe -> [2010/06/07 16:55:25 | 000,161,792 | ---- | C] (SteelWerX) SWSC.exe -> C:\Windows\SWSC.exe -> [2010/06/07 16:55:25 | 000,136,704 | ---- | C] (SteelWerX) NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2010/06/07 16:55:25 | 000,031,232 | ---- | C] (NirSoft) ERDNT -> C:\Windows\ERDNT -> [2010/06/04 17:50:52 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2010/06/04 17:28:18 | 000,000,000 | ---D | C] tdsskiller -> C:\Users\Al McCool\Desktop\tdsskiller -> [2010/06/04 16:44:07 | 000,000,000 | ---D | C] Kas -> C:\Users\Al McCool\Desktop\Kas -> [2010/06/04 10:57:26 | 000,000,000 | ---D | C] _OTL -> C:\_OTL -> [2010/06/04 09:43:19 | 000,000,000 | ---D | C] OTH.scr -> C:\Users\Al McCool\Desktop\OTH.scr -> [2010/06/03 17:26:22 | 000,258,560 | ---- | C] (OldTimer Tools) TFC.exe -> C:\Users\Al McCool\Desktop\TFC.exe -> [2010/06/03 15:04:29 | 000,444,416 | ---- | C] (OldTimer Tools) OTL.exe -> C:\Users\Al McCool\Desktop\OTL.exe -> [2010/06/03 12:24:09 | 000,571,904 | ---- | C] (OldTimer Tools) found.000 -> C:\found.000 -> [2010/06/02 14:18:09 | 000,000,000 | -HSD | C] CCleaner -> C:\Program Files\CCleaner -> [2010/05/17 11:29:37 | 000,000,000 | ---D | C] [Files/Folders - Modified Within 30 Days] ntuser.dat -> C:\Users\Al McCool\ntuser.dat -> [2010/06/11 15:35:05 | 002,097,152 | -HS- | M] () OTS.exe -> C:\Users\Al McCool\Desktop\OTS.exe -> [2010/06/11 15:33:51 | 000,640,000 | ---- | M] (OldTimer Tools) mbam-setup-1.46.exe -> C:\Users\Al McCool\Desktop\mbam-setup-1.46.exe -> [2010/06/11 14:44:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/06/11 14:40:48 | 000,003,456 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/06/11 14:40:47 | 000,003,456 | -H-- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2010/06/11 12:48:36 | 000,067,584 | --S- | M] () PerfectOptimizer_home.job -> C:\Windows\tasks\PerfectOptimizer_home.job -> [2010/06/11 12:00:00 | 000,000,370 | ---- | M] () SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/06/11 10:40:40 | 000,000,006 | -H-- | M] () AVP Tool by Kaspersky.exe -> C:\Users\Al McCool\Desktop\AVP Tool by Kaspersky.exe -> [2010/06/11 08:41:53 | 073,941,528 | ---- | M] ( ) RegDefense.lnk -> C:\Users\Al McCool\Desktop\RegDefense.lnk -> [2010/06/11 06:22:30 | 000,001,122 | ---- | M] () avz4.zip -> C:\Users\Al McCool\Desktop\avz4.zip -> [2010/06/10 11:54:14 | 005,125,238 | ---- | M] () Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2010/06/09 13:27:04 | 000,064,288 | ---- | M] (Lavasoft AB) ComboFix.exe -> C:\Users\Al McCool\Desktop\ComboFix.exe -> [2010/06/07 16:54:14 | 003,704,271 | R--- | M] () tdsskiller.zip -> C:\Users\Al McCool\Desktop\tdsskiller.zip -> [2010/06/04 16:42:00 | 000,966,213 | ---- | M] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/06/04 14:29:56 | 110,763,945 | ---- | M] () gmer.exe -> C:\Users\Al McCool\Desktop\gmer.exe -> [2010/06/04 10:57:28 | 000,293,376 | ---- | M] () gmer.zip -> C:\Users\Al McCool\Desktop\gmer.zip -> [2010/06/04 10:56:45 | 000,284,915 | ---- | M] () Hosts -> C:\Windows\System32\drivers\etc\Hosts -> [2010/06/04 09:43:29 | 000,000,098 | ---- | M] () OTH.scr -> C:\Users\Al McCool\Desktop\OTH.scr -> [2010/06/03 17:26:27 | 000,258,560 | ---- | M] (OldTimer Tools) TFC.exe -> C:\Users\Al McCool\Desktop\TFC.exe -> [2010/06/03 15:04:44 | 000,444,416 | ---- | M] (OldTimer Tools) exeHelper.com -> C:\Users\Al McCool\Desktop\exeHelper.com -> [2010/06/03 13:05:41 | 000,294,400 | ---- | M] () OTL.exe -> C:\Users\Al McCool\Desktop\OTL.exe -> [2010/06/03 12:24:14 | 000,571,904 | ---- | M] (OldTimer Tools) wklnhst.dat -> C:\Users\Al McCool\AppData\Roaming\wklnhst.dat -> [2010/06/03 10:25:39 | 000,005,878 | ---- | M] () Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/05/17 11:41:30 | 000,000,820 | ---- | M] () CCleaner.lnk -> C:\Users\Al McCool\Desktop\CCleaner.lnk -> [2010/05/17 11:29:40 | 000,001,672 | ---- | M] () [Files - No Company Name] avz4.zip -> C:\Users\Al McCool\Desktop\avz4.zip -> [2010/06/10 11:54:13 | 005,125,238 | ---- | C] () PEV.exe -> C:\Windows\PEV.exe -> [2010/06/07 16:55:25 | 000,256,512 | ---- | C] () sed.exe -> C:\Windows\sed.exe -> [2010/06/07 16:55:25 | 000,098,816 | ---- | C] () grep.exe -> C:\Windows\grep.exe -> [2010/06/07 16:55:25 | 000,080,412 | ---- | C] () MBR.exe -> C:\Windows\MBR.exe -> [2010/06/07 16:55:25 | 000,077,312 | ---- | C] () zip.exe -> C:\Windows\zip.exe -> [2010/06/07 16:55:25 | 000,068,096 | ---- | C] () ComboFix.exe -> C:\Users\Al McCool\Desktop\ComboFix.exe -> [2010/06/04 17:27:05 | 003,704,271 | R--- | C] () tdsskiller.zip -> C:\Users\Al McCool\Desktop\tdsskiller.zip -> [2010/06/04 16:41:59 | 000,966,213 | ---- | C] () gmer.exe -> C:\Users\Al McCool\Desktop\gmer.exe -> [2010/06/04 10:57:28 | 000,293,376 | ---- | C] () gmer.zip -> C:\Users\Al McCool\Desktop\gmer.zip -> [2010/06/04 10:56:42 | 000,284,915 | ---- | C] () exeHelper.com -> C:\Users\Al McCool\Desktop\exeHelper.com -> [2010/06/03 13:05:30 | 000,294,400 | ---- | C] () MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2010/06/02 19:45:37 | 110,763,945 | ---- | C] () CCleaner.lnk -> C:\Users\Al McCool\Desktop\CCleaner.lnk -> [2010/05/17 11:29:40 | 000,001,672 | ---- | C] () HPMProp.INI -> C:\Windows\HPMProp.INI -> [2008/06/04 14:26:27 | 000,000,000 | ---- | C] () _delis43.ini -> C:\Windows\_delis43.ini -> [2008/01/07 09:53:22 | 000,000,190 | ---- | C] () MFT_anet.dll -> C:\Windows\System32\MFT_anet.dll -> [2007/04/24 14:22:02 | 000,274,432 | ---- | C] () px.ini -> C:\Windows\System32\px.ini -> [2006/11/07 15:25:58 | 000,000,000 | ---- | C] () GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 08:35:51 | 000,030,808 | ---- | C] () GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 08:35:51 | 000,029,779 | ---- | C] () GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 08:35:51 | 000,026,489 | ---- | C] () GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 08:35:51 | 000,026,040 | ---- | C] () atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 06:25:44 | 000,159,744 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () CddbPlaylist2Roxio.dll -> C:\Windows\System32\CddbPlaylist2Roxio.dll -> [2006/09/16 23:36:50 | 000,520,192 | ---- | C] () CddbFileTaggerRoxio.dll -> C:\Windows\System32\CddbFileTaggerRoxio.dll -> [2006/09/16 23:36:50 | 000,204,800 | ---- | C] () [File - Lop Check] GlarySoft -> C:\Users\Al McCool\AppData\Roaming\GlarySoft -> [2009/08/26 13:03:22 | 000,000,000 | ---D | M] MusicNet -> C:\Users\Al McCool\AppData\Roaming\MusicNet -> [2008/01/20 12:00:07 | 000,000,000 | ---D | M] OpenOffice.org -> C:\Users\Al McCool\AppData\Roaming\OpenOffice.org -> [2009/04/04 12:49:28 | 000,000,000 | ---D | M] ROBLOX -> C:\Users\Al McCool\AppData\Roaming\ROBLOX -> [2008/04/16 12:30:01 | 000,000,000 | ---D | M] Template -> C:\Users\Al McCool\AppData\Roaming\Template -> [2007/08/21 08:37:25 | 000,000,000 | ---D | M] TrueSwitch -> C:\Users\Al McCool\AppData\Roaming\TrueSwitch -> [2007/10/15 12:32:35 | 000,000,000 | ---D | M] OpenOffice.org -> C:\Users\Chris McCool\AppData\Roaming\OpenOffice.org -> [2009/05/23 18:05:37 | 000,000,000 | ---D | M] Template -> C:\Users\Chris McCool\AppData\Roaming\Template -> [2007/07/06 09:23:24 | 000,000,000 | ---D | M] WildTangent -> C:\Users\Chris McCool\AppData\Roaming\WildTangent -> [2008/04/16 17:17:53 | 000,000,000 | ---D | M] McDefragTask.job -> C:\Windows\Tasks\McDefragTask.job -> [2010/04/15 01:00:00 | 000,000,366 | ---- | M] () McQcTask.job -> C:\Windows\Tasks\McQcTask.job -> [2010/02/01 02:00:00 | 000,000,368 | ---- | M] () PerfectOptimizer_home.job -> C:\Windows\Tasks\PerfectOptimizer_home.job -> [2010/06/11 12:00:00 | 000,000,370 | ---- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/06/11 08:43:08 | 000,032,580 | ---- | M] () [File - Purity Scan] [Custom Scans] < netsvcs > < %SYSTEMDRIVE%\*.exe > < drivers32 > < %SYSTEMDRIVE%\*.* > aaw7boot.log -> C:\aaw7boot.log -> [2010/06/11 10:40:31 | 000,042,864 | ---- | M] () autoexec.bat -> C:\autoexec.bat -> [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () bootmgr -> C:\bootmgr -> [2006/11/02 05:53:57 | 000,438,840 | RHS- | M] () BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2006/11/10 17:59:07 | 000,008,192 | R-S- | M] () CD3rdPartyWrapper.log -> C:\CD3rdPartyWrapper.log -> [2009/11/12 13:02:54 | 000,000,420 | ---- | M] () config.sys -> C:\config.sys -> [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () dell.sdr -> C:\dell.sdr -> [2007/04/27 00:07:00 | 000,004,720 | RH-- | M] () IO.SYS -> C:\IO.SYS -> [2008/01/07 09:52:49 | 000,000,000 | RHS- | M] () MSDOS.SYS -> C:\MSDOS.SYS -> [2008/01/07 09:52:49 | 000,000,000 | RHS- | M] () pagefile.sys -> C:\pagefile.sys -> [2010/06/11 10:40:31 | 1073,741,824 | -HS- | M] () PokerStars.log.0 -> C:\PokerStars.log.0 -> [2007/12/22 10:23:31 | 000,282,932 | ---- | M] () PokerStars.log.1 -> C:\PokerStars.log.1 -> [2007/10/17 07:01:48 | 000,175,037 | ---- | M] () SystemInfo.ini -> C:\SystemInfo.ini -> [2007/04/26 16:47:07 | 000,000,070 | ---- | M] () TDSSKiller.2.3.2.0_04.06.2010_16.45.02_log.txt -> C:\TDSSKiller.2.3.2.0_04.06.2010_16.45.02_log.txt -> [2010/06/04 16:45:38 | 000,055,134 | ---- | M] () YServer.txt -> C:\YServer.txt -> [2007/10/24 13:38:17 | 000,000,150 | ---- | M] () < %systemroot%\*. /mp /s > CREATERESTOREPOINT Restore point Set: OTS Restore Point < %systemroot%\system32\*.dll /lockedfiles > dxtmsft.dll : Unable to obtain MD5 -> C:\Windows\System32\dxtmsft.dll -> [2008/04/02 13:56:42 | 000,347,136 | ---- | M] (Microsoft Corporation) dxtrans.dll : Unable to obtain MD5 -> C:\Windows\System32\dxtrans.dll -> [2008/04/02 13:56:42 | 000,214,528 | ---- | M] (Microsoft Corporation) eventcls.dll : Unable to obtain MD5 -> C:\Windows\System32\eventcls.dll -> [2006/11/02 05:46:04 | 000,019,968 | ---- | M] (Microsoft Corporation) iepeers.dll : Unable to obtain MD5 -> C:\Windows\System32\iepeers.dll -> [2006/11/02 05:46:05 | 000,192,512 | ---- | M] (Microsoft Corporation) rsaenh.dll : Unable to obtain MD5 -> C:\Windows\System32\rsaenh.dll -> [2006/11/02 05:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) SLC.dll : Unable to obtain MD5 -> C:\Windows\System32\SLC.dll -> [2006/11/02 05:46:13 | 000,221,184 | ---- | M] (Microsoft Corporation) < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > COMPONENTS.SAV -> C:\Windows\System32\config\COMPONENTS.SAV -> [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () DEFAULT.SAV -> C:\Windows\System32\config\DEFAULT.SAV -> [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () SECURITY.SAV -> C:\Windows\System32\config\SECURITY.SAV -> [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () SOFTWARE.SAV -> C:\Windows\System32\config\SOFTWARE.SAV -> [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () SYSTEM.SAV -> C:\Windows\System32\config\SYSTEM.SAV -> [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () < %systemroot%\system32\drivers\*.sys /180 > cdrom.sys -> C:\Windows\System32\drivers\cdrom.sys -> [2010/06/04 16:48:33 | 000,067,072 | ---- | M] (Microsoft Corporation) Lbd.sys -> C:\Windows\System32\drivers\Lbd.sys -> [2010/06/09 13:27:04 | 000,064,288 | ---- | M] (Lavasoft AB) mbam.sys -> C:\Windows\System32\drivers\mbam.sys -> [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) mbamswissarmy.sys -> C:\Windows\System32\drivers\mbamswissarmy.sys -> [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) SBREDrv.sys -> C:\Windows\System32\drivers\SBREDrv.sys -> [2010/04/17 13:27:44 | 000,095,024 | ---- | M] (Sunbelt Software) [HardLinks - Junction Points - Mount Points - Symbolic Links] capilock.dat -> C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\capilock.dat -> HardLink [Alternate Data Streams] @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > [/code]