AV Security Suite

**kspeel** · July 1st, 2010, 08:52 PM

VCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\rex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\rex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/22 12:49:34 | 000,000,090 | ---- | M] () - I:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2009/05/08 21:16:44 | 000,582,708 | ---- | M] () - I:\Autoruns.zip -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a3cb8c39-117c-11de-b817-002197ac9cc5}\Shell - "" = AutoRun
O33 - MountPoints2\{a3cb8c39-117c-11de-b817-002197ac9cc5}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.JDCT - C:\Windows\System32\jl_jdct.drv (JEILIN Tech.)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (Di

**kspeel** · July 1st, 2010, 08:52 PM

32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/01 19:32:30 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\rex\Desktop\OTL.exe
[2010/06/30 19:26:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/30 19:26:18 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2010/06/30 19:21:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/30 19:21:24 | 000,000,000 | ---D | C] -- C:\Users\rex\AppData\Local\temp
[2010/06/30 19:07:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/06/30 19:07:39 | 000,000,000 | ---D | C] -- \ComboFix
[2010/06/30 19:07:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/30 06:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
[2010/06/30 06:32:50 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/06/30 06:32:50 | 000,000,000 | ---D | C] -- \Linksys Driver
[2010/06/28 16:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/28 16:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/28 16:07:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/06/28 16:07:39 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/06/28 16:07:39 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/06/28 16:07:39 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/06/28 16:07:26 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/06/28 16:07:26 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/06/28 16:07:25 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/06/28 16:07:25 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/06/28 16:07:21 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/06/28 16:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/28 16:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/28 16:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/28 16:06:46 | 036,597,872 | ---- | C] (PC Tools ) -- C:\Users\rex\Desktop\sdsetup_aff.exe
[2010/06/28 15:50:55 | 000,000,000 | ---D | C] -- C:\Users\rex\Desktop\SmitfraudFix
[2010/06/27 15:25:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/27 15:25:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/27 15:25:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/27 15:25:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/27 15:25:02 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF9931.exe
[2010/06/27 15:24:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/27 15:24:48 | 000,000,000 | ---D | C] -- \Qoobox
[2010/06/27 14:46:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/27 14:46:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/27 14:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 14:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/24 03:00:28 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:00:28 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:00:28 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/23 07:24:58 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/23 07:24:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/10 20:08:25 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/10 20:08:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/10 20:08:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/10 20:08:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/06/10 20:08:12 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/10 20:08:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/06/10 20:08:12 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/10 20:08:12 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/10 20:08:12 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/10 20:08:12 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/06/10 20:08:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/06/10 20:08:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/06/10 20:08:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/06/10 20:08:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/06/10 20:08:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/06/10 20:08:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/10 20:08:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/10 20:08:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/06/10 20:07:57 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/02 21:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

**kspeel** · July 1st, 2010, 08:53 PM

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/01 19:33:47 | 003,407,872 | -HS- | M] () -- C:\Users\rex\ntuser.dat
[2010/07/01 19:32:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\rex\Desktop\OTL.exe
[2010/07/01 19:27:56 | 000,867,892 | ---- | M] () -- C:\Users\rex\Desktop\SecurityCheck.exe
[2010/07/01 19:23:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/01 19:23:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/01 03:00:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/30 19:21:38 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/30 06:36:02 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/30 06:36:01 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/30 06:36:01 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/30 06:33:26 | 000,001,668 | ---- | M] () -- C:\Windows\System32\WLAN.INI
[2010/06/30 06:30:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/30 06:30:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/30 06:30:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/06/30 06:30:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/30 06:30:45 | 3085,299,712 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/30 06:30:01 | 000,524,288 | -HS- | M] () -- C:\Users\rex\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/30 06:30:01 | 000,065,536 | -HS- | M] () -- C:\Users\rex\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/29 19:15:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/29 18:37:44 | 003,723,633 | ---- | M] () -- C:\Users\rex\Desktop\ComboFix.exe
[2010/06/28 16:46:14 | 000,000,680 | ---- | M] () -- C:\Users\rex\AppData\Local\d3d9caps.dat
[2010/06/28 16:31:36 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/28 16:07:24 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/28 16:01:40 | 036,597,872 | ---- | M] (PC Tools ) -- C:\Users\rex\Desktop\sdsetup_aff.exe
[2010/06/28 15:47:52 | 001,872,472 | ---- | M] () -- C:\Users\rex\Desktop\SmitfraudFix.exe
[2010/06/27 15:26:06 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/27 15:25:59 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/06/27 15:24:44 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF9931.exe
[2010/06/27 14:46:39 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\cheeseburger.lnk
[2010/06/13 15:40:26 | 000,210,944 | ---- | M] () -- C:\Users\rex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/11 03:23:28 | 000,307,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/07 22:16:01 | 000,763,832 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010/06/07 20:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/01 19:27:41 | 000,867,892 | ---- | C] () -- C:\Users\rex\Desktop\SecurityCheck.exe
[2010/06/30 18:54:22 | 000,000,109 | ---- | C] () -- \mbam-error.txt
[2010/06/30 06:33:26 | 000,001,668 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2010/06/30 06:30:45 | 3085,299,712 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/30 06:30:45 | 3085,299,712 | -HS- | C] () --
[2010/06/29 19:02:20 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/29 18:39:58 | 003,723,633 | ---- | C] () -- C:\Users\rex\Desktop\ComboFix.exe
[2010/06/28 16:46:14 | 000,000,680 | ---- | C] () -- C:\Users\rex\AppData\Local\d3d9caps.dat
[2010/06/28 16:31:36 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/28 16:07:40 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/06/28 16:07:40 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/06/28 16:07:40 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/06/28 16:07:40 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/06/28 16:07:40 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/06/28 16:07:39 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/06/28 16:07:26 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/06/28 16:07:25 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/06/28 16:07:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/06/28 16:07:24 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/28 16:07:21 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/06/28 15:51:14 | 000,002,213 | ---- | C] () -- \rapport.txt
[2010/06/28 15:50:50 | 001,872,472 | ---- | C] () -- C:\Users\rex\Desktop\SmitfraudFix.exe
[2010/06/28 15:37:07 | 000,000,351 | ---- | C] () -- \rkill.log
[2010/06/27 15:26:06 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/27 15:25:59 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/06/27 15:25:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/27 15:25:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/27 15:25:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/27 15:25:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/27 14:46:39 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\cheeseburger.lnk
[2009/10/31 16:19:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/21 17:43:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dec_jl6.dll
[2009/03/01 20:02:08 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/03/01 10:41:09 | 000,015,576 | ---- | C] () -- C:\Windows\System32\drivers\usbbc.sys
[2009/01/16 14:02:33 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2006/11/22 18:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 14:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/10/29 22:32:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2005/08/10 20:15:32 | 000,007,743 | ---- | M] () -- C:\caavsetup.log
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/03/01 11:01:17 | 000,000,770 | ---- | M] () -- C:\dtrm.txt
[2006/12/07 15:24:36 | 000,241,664 | ---- | M] (Alcor Micro, Corp.) -- C:\EMicon.dll
[2010/06/30 06:30:45 | 3085,299,712 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/29 22:35:43 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2010/06/30 18:54:22 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/01/16 14:07:00 | 000,000,106 | ---- | M] () -- C:\ms.log
[2010/06/30 06:30:44 | 3399,233,536 | -HS- | M] () -- C:\pagefile.sys
[2010/06/28 15:52:59 | 000,002,213 | ---- | M] () -- C:\rapport.txt
[2008/10/29 22:25:44 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2010/06/28 15:40:05 | 000,000,351 | ---- | M] () -- C:\rkill.log
[2008/01/24 17:23:30 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/01/20 22:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/05/04 01:55:41 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 02:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 22:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\rex\Documents\video002.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\rex\Documents\video001.avi:TOC.WMV
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp

FC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

**kspeel** · July 1st, 2010, 08:54 PM

thats the best I can doo hope that works for you

**Broni** · July 1st, 2010, 09:11 PM

I still need Extras.txt log.

**kspeel** · July 1st, 2010, 09:19 PM

and where might it be

**Broni** · July 1st, 2010, 09:22 PM

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

...

**kspeel** · July 1st, 2010, 09:31 PM

only see the one sorry

**Broni** · July 1st, 2010, 09:38 PM

That's fine. It happens sometimes...

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab  (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O33 - MountPoints2\{a3cb8c39-117c-11de-b817-002197ac9cc5}\Shell - "" = AutoRun
O33 - MountPoints2\{a3cb8c39-117c-11de-b817-002197ac9cc5}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
[2010/06/30 19:07:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/06/30 19:07:39 | 000,000,000 | ---D | C] -- \ComboFix
[2010/06/27 15:24:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/27 15:24:48 | 000,000,000 | ---D | C] -- \Qoobox
@Alternate Data Stream - 64 bytes -> C:\Users\rex\Documents\video002.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\rex\Documents\video001.avi:TOC.WMV
@Alternate Data Stream - 170 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

**kspeel** · July 1st, 2010, 10:02 PM

All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3cb8c39-117c-11de-b817-002197ac9cc5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3cb8c39-117c-11de-b817-002197ac9cc5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3cb8c39-117c-11de-b817-002197ac9cc5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3cb8c39-117c-11de-b817-002197ac9cc5}\ not found.
File J:\LaunchU3.exe not found.
Folder C:\ComboFix\ not found.

**Broni** · July 1st, 2010, 10:05 PM

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

...

**kspeel** · July 1st, 2010, 10:13 PM

OTL logfile created on: 7/1/2010 22:03:12 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\rex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.09 Gb Total Space | 197.68 Gb Free Space | 68.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REX-PC
Current User Name: rex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/01 19:32:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\rex\Desktop\OTL.exe
PRC - [2010/06/07 13:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/22 18:08:34 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/07/19 12:14:19 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/15 01:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/07/23 14:25:32 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/07/22 22:14:28 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/06/11 15:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

========== Modules (SafeList) ==========

MOD - [2010/07/01 19:32:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\rex\Desktop\OTL.exe
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/07/22 22:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/11 15:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/05/05 18:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/07/23 14:28:32 | 002,152,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/22 22:14:24 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/11 15:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/05/02 10:46:00 | 007,460,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/25 01:38:20 | 001,048,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/25 08:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/02/14 20:03:08 | 000,068,922 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2003/07/01 13:51:00 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbbc.sys -- (Wdm1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/22 18:09:32 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/07/01 21:56:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost

**kspeel** · July 1st, 2010, 10:15 PM

e: ([2010/07/01 21:56:58 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\rex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\rex\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/01 21:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/07/01 21:55:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/01 21:55:53 | 000,000,000 | ---D | C] -- \_OTL
[2010/07/01 21:29:31 | 000,000,000 | ---D | C] -- C:\Users\rex\AppData\Local\Microsoft Help
[2010/07/01 21:29:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/01 21:29:23 | 000,000,000 | -HSD | C] -- \Config.Msi
[2010/07/01 20:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/01 19:32:30 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\rex\Desktop\OTL.exe
[2010/06/30 19:26:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/30 19:26:18 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2010/06/30 19:21:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/06/30 19:21:24 | 000,000,000 | ---D | C] -- C:\Users\rex\AppData\Local\temp
[2010/06/30 19:07:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/30 06:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
[2010/06/30 06:32:50 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2010/06/30 06:32:50 | 000,000,000 | ---D | C] -- \Linksys Driver
[2010/06/28 16:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/28 16:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/28 16:07:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/06/28 16:07:39 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010/06/28 16:07:39 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/06/28 16:07:39 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/06/28 16:07:26 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/06/28 16:07:26 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/06/28 16:07:25 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/06/28 16:07:25 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/06/28 16:07:21 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/06/28 16:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/06/28 16:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/06/28 16:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/28 16:06:46 | 036,597,872 | ---- | C] (PC Tools ) -- C:\Users\rex\Desktop\sdsetup_aff.exe
[2010/06/28 15:50:55 | 000,000,000 | ---D | C] -- C:\Users\rex\Desktop\SmitfraudFix
[2010/06/27 15:25:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/27 15:25:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/27 15:25:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/27 15:25:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/27 14:46:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/27 14:46:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/27 14:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 14:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/02 21:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/22 18:09:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

========== Files - Modified Within 90 Days ==========

[2010/07/01 22:04:43 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/01 22:04:43 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/01 22:04:43 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/01 22:03:24 | 003,407,872 | -HS- | M] () -- C:\Users\rex\ntuser.dat
[2010/07/01 21:59:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/01 21:58:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/07/01 21:58:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/01 21:58:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/01 21:58:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/01 21:58:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/01 21:58:16 | 3085,361,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/01 21:57:31 | 000,524,288 | -HS- | M] () -- C:\Users\rex\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/01 21:57:31 | 000,065,536 | -HS- | M] () -- C:\Users\rex\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/01 21:56:58 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/07/01 21:55:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/01 21:35:16 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2010/07/01 20:22:44 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/07/01 19:32:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\rex\Desktop\OTL.exe
[2010/07/01 19:27:56 | 000,867,892 | ---- | M] () -- C:\Users\rex\Desktop\SecurityCheck.exe
[2010/06/30 19:21:38 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/30 06:33:26 | 000,001,668 | ---- | M] () -- C:\Windows\System32\WLAN.INI
[2010/06/29 18:37:44 | 003,723,633 | ---- | M] () -- C:\Users\rex\Desktop\ComboFix.exe
[2010/06/28 16:46:14 | 000,000,680 | ---- | M] () -- C:\Users\rex\AppData\Local\d3d9caps.dat
[2010/06/28 16:31:36 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/28 16:07:24 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/28 16:01:40 | 036,597,872 | ---- | M] (PC Tools ) -- C:\Users\rex\Desktop\sdsetup_aff.exe
[2010/06/28 15:47:52 | 001,872,472 | ---- | M] () -- C:\Users\rex\Desktop\SmitfraudFix.exe
[2010/06/27 15:26:06 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/27 15:25:59 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/06/27 14:46:39 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\cheeseburger.lnk
[2010/06/13 15:40:26 | 000,210,944 | ---- | M] () -- C:\Users\rex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/11 03:23:28 | 000,307,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/07 22:16:01 | 000,763,832 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010/06/07 20:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/05/22 18:09:32 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/05/22 18:08:38 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010/05/02 11:45:54 | 000,001,354 | ---- | M] () -- C:\Users\rex\Desktop\Cincinnati Reds Homepage.url
[2010/05/01 07:22:29 | 000,014,917 | ---- | M] () -- C:\Users\rex\Desktop\Intellicast.com - 1Km Storm Watch - Cincinnati, Ohio.url
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys

========== Files Created - No Company Name ==========

[2010/07/01 20:22:44 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/07/01 19:27:41 | 000,867,892 | ---- | C] () -- C:\Users\rex\Desktop\SecurityCheck.exe
[2010/06/30 18:54:22 | 000,000,109 | ---- | C] () -- \mbam-error.txt
[2010/06/30 06:33:26 | 000,001,668 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2010/06/30 06:30:45 | 3085,361,152 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/30 06:30:45 | 3085,361,152 | -HS- | C] () --
[2010/06/29 19:02:20 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/29 18:39:58 | 003,723,633 | ---- | C] () -- C:\Users\rex\Desktop\ComboFix.exe
[2010/06/28 16:46:14 | 000,000,680 | ---- | C] () -- C:\Users\rex\AppData\Local\d3d9caps.dat
[2010/06/28 16:31:36 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/28 16:07:40 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/06/28 16:07:40 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/06/28 16:07:40 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/06/28 16:07:40 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/06/28 16:07:40 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/06/28 16:07:39 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/06/28 16:07:26 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/06/28 16:07:25 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/06/28 16:07:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/06/28 16:07:24 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/06/28 16:07:21 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/06/28 15:51:14 | 000,002,213 | ---- | C] () -- \rapport.txt
[2010/06/28 15:50:50 | 001,872,472 | ---- | C] () -- C:\Users\rex\Desktop\SmitfraudFix.exe
[2010/06/28 15:37:07 | 000,000,351 | ---- | C] () -- \rkill.log
[2010/06/27 15:26:06 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/27 15:25:59 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2010/06/27 15:25:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/27 15:25:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/27 15:25:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/27 15:25:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/27 14:46:39 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\cheeseburger.lnk
[2010/05/22 18:09:32 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2009/10/31 16:19:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/21 17:43:22 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dec_jl6.dll
[2009/03/01 20:02:08 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/03/01 10:41:09 | 000,015,576 | ---- | C] () -- C:\Windows\System32\drivers\usbbc.sys
[2009/01/16 14:02:33 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2006/11/22 18:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 14:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/06/27 15:26:06 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/07/01 21:57:09 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp

FC5A2B2
< End of report >

**kspeel** · July 1st, 2010, 10:16 PM

damn i hope I got that right

**Broni** · July 1st, 2010, 10:19 PM

In my reply #19, I asked:

Update your Java version here: http://www.java.com/en/download/installed.jsp
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

===============================================================

Update your Adobe Reader.

================================================================

It hasn't been done.
Please, correct the issue.

When done...

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Thread: AV Security Suite

Thread Tools

Search Thread

Display

Thread Information

Users Browsing this Thread

Posting Permissions