TechSpot

Google search redirects

Solved
By idunnowho
Oct 31, 2010
  1. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    OK..................
     
  2. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    same deal, don't want this to get closed though, will probably have some time this week
     
  3. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    As long as you bump this topic before 5 days non-activity period expires, you'll be fine.
     
  4. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    OK After trying to downloading Rkill and running, the 1st, 2nd, and 4th all resulted in "An unkown error occured. The program will be terminated." The 3rd is a broken link.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Is this from normal, or safe mode?
    Did you try to run Combofix without rKill, normal, or safe mode?
     
  6. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    This was trying to start up Rkill in normal mode. It's Rkill that gives this error.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Try to run broni.exe without rKill.
    If normal mode won't work, try safe mode.
     
  8. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    COOL it worked in normal mode

    ComboFix 10-11-12.03 - Big Daddy 11/12/2010 22:59:16.2.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2374 [GMT -8:00]
    Running from: c:\documents and settings\Big Daddy\Desktop\broni.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\CFLog

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
    .

    2010-11-13 05:07 . 2010-11-13 05:07 -------- d-----w- c:\windows\LastGood
    2010-11-07 05:29 . 2010-11-07 05:29 -------- d-----w- c:\documents and settings\Big Daddy\Application Data\LEGO Company
    2010-11-07 05:27 . 2010-11-07 05:27 -------- d-----w- c:\program files\LEGO Company
    2010-11-07 05:26 . 2010-11-07 05:26 -------- d-----w- c:\program files\Unity
    2010-11-06 07:52 . 2010-11-06 07:52 -------- d-----w- c:\documents and settings\Big Daddy\Local Settings\Application Data\THQ
    2010-11-06 05:56 . 2010-11-11 07:13 -------- d-----w- c:\documents and settings\Big Daddy\Local Settings\Application Data\Deployment
    2010-10-27 04:45 . 2010-10-27 04:45 -------- d-----w- c:\documents and settings\Big Daddy\Application Data\Autodesk
    2010-10-27 04:45 . 2010-10-27 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
    2010-10-27 04:36 . 2010-10-27 04:36 -------- d-----w- C:\Autodesk
    2010-10-27 01:38 . 2010-11-13 07:01 -------- d-----w- c:\program files\Common Files\Akamai
    2010-10-24 22:30 . 2010-11-13 03:12 -------- d-----w- c:\program files\Nitto 1320 Legends
    2010-10-24 19:48 . 2001-08-17 20:53 4992 ----a-w- c:\windows\system32\drivers\loop.sys
    2010-10-24 19:48 . 2001-08-17 20:53 4992 ----a-w- c:\windows\system32\dllcache\loop.sys
    2010-10-23 04:54 . 2010-10-23 04:56 -------- d-----w- c:\windows\system32\Adobe
    2010-10-22 02:48 . 2010-10-22 02:48 -------- d-----w- c:\program files\GameKiller.net
    2010-10-22 02:09 . 2010-10-22 02:09 -------- d-----w- C:\Nexon
    2010-10-21 05:11 . 2010-10-24 19:47 -------- d-----w- C:\Private Servers
    2010-10-14 07:47 . 2010-10-14 07:47 -------- d-----w- c:\documents and settings\Big Daddy\Application Data\dvdcss

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-11 23:55 . 2010-05-26 07:01 215016 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2010-10-11 23:55 . 2010-05-23 18:34 215016 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-10-11 23:39 . 2010-05-23 18:35 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-10-09 02:11 . 2010-05-23 18:34 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-09-19 02:10 . 2010-05-23 18:35 22328 ----a-w- c:\documents and settings\Big Daddy\Application Data\PnkBstrK.sys
    2010-09-19 02:10 . 2010-09-19 02:10 669184 ----a-w- c:\windows\system32\pbsvc.exe
    2010-09-18 19:23 . 2004-08-11 22:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-11 22:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-11 22:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-11 22:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 14:16 . 2004-08-11 22:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16 . 2004-08-11 22:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-09 14:16 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-08 16:49 . 2004-08-11 22:00 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51 . 2004-08-11 22:00 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42 . 2004-08-11 22:00 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-30 08:27 . 2010-08-30 08:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-08-30 08:27 . 2010-08-30 08:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-27 08:02 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57 . 2004-08-11 22:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 13:39 . 2004-08-11 22:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-26 12:52 . 2010-05-23 02:51 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12 . 2004-08-11 22:00 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45 . 2004-08-11 22:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-01-15 106496]
    "Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "Google Update"="c:\documents and settings\Big Daddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-23 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-01-03 184864]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-15 8523776]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
    WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk
    backup=c:\windows\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    2008-01-15 01:10 69632 ----a-w- c:\windows\ALCMTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
    2007-06-29 22:03 36864 ----a-w- c:\program files\GameSpy\Comrade\Comrade.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-05-23 05:52 136176 ----atw- c:\documents and settings\Big Daddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    2004-08-04 10:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-04 05:32 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    2004-08-04 05:31 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-01-15 02:02 8523776 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-04 05:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-04 05:32 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2006-11-05 16:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2008-01-15 01:10 16855552 ----a-w- c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-09-07 05:19 1242448 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Documents and Settings\\Big Daddy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Sony\\Media Manager for PSP\\MediaManager.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. demo\\Ruse.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
    "c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
    "c:\\Program Files\\THQ\\Relic Entertainment\\Company of Heroes Online\\Game\\RelicCoHOWW.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57761:TCP"= 57761:TCP:pando Media Booster
    "57761:UDP"= 57761:UDP:pando Media Booster
    "1038:TCP"= 1038:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/11/2004 2:00 PM 14336]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [5/22/2010 3:52 PM 66048]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5/22/2010 6:30 PM 203280]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [11/13/2009 10:28 AM 110592]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 7:58 AM 20480]
    R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [5/22/2010 3:52 PM 167808]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\BIGDAD~1\LOCALS~1\Temp\GOP78.tmp --> c:\docume~1\BIGDAD~1\LOCALS~1\Temp\GOP78.tmp [?]
    S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [5/22/2010 3:52 PM 13532]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/22/2010 9:08 PM 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
    S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
    S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3313990476-4025588040-3206218090-1005Core.job
    - c:\documents and settings\Big Daddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 05:52]

    2010-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3313990476-4025588040-3206218090-1005UA.job
    - c:\documents and settings\Big Daddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-23 05:52]

    2010-10-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-23 19:22]

    2010-10-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-23 19:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://www.dell.com
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081020
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=23-05-2010&tb_mrud=23-05-2010
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
    FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?sid=62747&cuid=&userid=43676491&q=
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: c:\documents and settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
    FF - plugin: c:\documents and settings\Big Daddy\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\Big Daddy\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\Big Daddy\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
    MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1224515311\EE\AOLHostManager.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-12 23:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
    "ImagePath"="\??\c:\docume~1\BIGDAD~1\LOCALS~1\Temp\GOP78.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3313990476-4025588040-3206218090-1005\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
    "Percents"=""
    "Increment"=".005405"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3496)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-11-12 23:03:32
    ComboFix-quarantined-files.txt 2010-11-13 07:03

    Pre-Run: 138,123,993,088 bytes free
    Post-Run: 138,249,687,040 bytes free

    - - End Of File - - 11D5F463058AB6455512022517829D52
     
  9. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    It looks good :)

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Redirection seems to be gone from the bit I've been on here
    I've tried about 30 random google searches, all clean so far.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Good news :)
    Go on...
     
     
  12. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Heres OTL.txt (too long for one post)

    OTL logfile created on: 11/13/2010 6:23:54 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Big Daddy\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 294.73 Gb Total Space | 128.69 Gb Free Space | 43.66% Space Free | Partition Type: NTFS

    Computer Name: BRIAN | User Name: Big Daddy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/13 17:34:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Daddy\Desktop\OTL.exe
    PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
    PRC - [2010/02/17 15:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
    PRC - [2010/02/17 14:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
    PRC - [2010/02/11 11:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2009/11/13 10:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    PRC - [2009/11/13 10:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    PRC - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    PRC - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    PRC - [2009/01/23 09:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/15 10:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    PRC - [2008/01/03 13:57:52 | 000,184,864 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
    PRC - [2006/09/11 01:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/13 17:34:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Daddy\Desktop\OTL.exe
    MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/01/23 09:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/11/08 19:40:03 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)
    SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/06/10 05:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/24 12:16:08 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/02/17 15:52:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2010/02/17 14:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV - [2009/10/27 10:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2009/01/23 09:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2008/01/15 10:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva368.sys -- (XDva368)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva352.sys -- (XDva352)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva349.sys -- (XDva349)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BIGDAD~1\LOCALS~1\Temp\GOP78.tmp -- (GarenaPEngine)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BIGDAD~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/15 14:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2010/02/17 15:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/02/17 15:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/02/17 15:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
    DRV - [2010/02/17 15:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/02/17 15:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
    DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/11 04:44:08 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2008/02/11 04:44:08 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
    DRV - [2008/01/15 10:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
    DRV - [2008/01/14 18:02:12 | 007,433,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2008/01/14 17:20:12 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2008/01/14 17:20:10 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2008/01/14 17:10:30 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2007/07/23 12:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 12:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 12:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 12:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 12:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 12:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 12:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 12:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 11:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2007/07/23 11:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 11:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2007/07/23 11:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2006/03/27 16:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
    DRV - [2003/01/10 12:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2002/10/02 07:57:12 | 000,013,532 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
    DRV - [2001/08/17 12:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
    DRV - [2001/08/17 11:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 11:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 11:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 11:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 11:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 10:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 10:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 10:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 10:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 10:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 10:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 10:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 10:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 10:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081020
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081020
    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AOL Search"
    FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=23-05-2010&tb_mrud=23-05-2010"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
    FF - prefs.js..extensions.enabledItems: TooManyTabs@visibotech.com:1.2.0
    FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.6.2
    FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
    FF - prefs.js..extensions.enabledItems: {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}:2.6.4
    FF - prefs.js..keyword.URL: "http://serp.freecause.com/?sid=62747&cuid=&userid=43676491&q="


    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/13 15:39:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/10 00:56:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 16:27:47 | 000,000,000 | ---D | M]

    [2010/05/22 20:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Extensions
    [2010/11/11 22:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions
    [2010/07/25 16:50:39 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
    [2010/10/30 17:37:45 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2010/10/03 20:24:01 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
    [2010/10/02 11:57:15 | 000,000,000 | ---D | M] (OMGPop) -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions\{61969199-e42c-49bc-bf33-79e97a1732c5}
    [2010/11/04 19:04:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/28 17:21:52 | 000,000,000 | ---D | M] (Redirect Remover) -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}
    [2010/10/08 17:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions\battlefieldheroespatcher@ea.com
    [2010/09/12 09:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions\personas@christopher.beard
    [2010/05/22 20:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\extensions\TooManyTabs@visibotech.com
    [2010/05/22 20:47:31 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\searchplugins\AOL Search.xml
    [2010/10/02 11:58:47 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Mozilla\Firefox\Profiles\nqdmrd2l.default\searchplugins\search-the-web.xml
    [2010/11/10 21:59:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/30 00:28:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/30 00:28:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/05/22 20:47:31 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AOL Search.xml

    O1 HOSTS File: ([2004/08/04 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
    O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Big Daddy\My Documents\game things (pics, etc)\CoH pictures\CoH fight.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Big Daddy\My Documents\game things (pics, etc)\CoH pictures\CoH fight.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/10/26 20:36:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/13 17:34:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Big Daddy\Desktop\OTL.exe
    [2010/11/12 23:57:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/11/12 22:58:32 | 000,000,000 | ---D | C] -- C:\broni
    [2010/11/06 21:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Daddy\My Documents\LEGO Creations
    [2010/11/06 21:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Daddy\Application Data\LEGO Company
    [2010/11/06 21:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\LEGO Company
    [2010/11/06 21:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
    [2010/11/05 23:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Daddy\Local Settings\Application Data\THQ
    [2010/11/05 21:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Daddy\Local Settings\Application Data\Deployment
    [2010/11/03 20:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Daddy\Desktop\scientist presentations
    [2010/11/01 17:01:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
    [2010/11/01 16:54:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/11/01 16:52:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/11/01 16:52:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/11/01 16:52:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/11/01 16:52:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/11/01 16:52:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/11/01 16:52:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/01 15:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Daddy\Desktop\NTBR_CD
    [2010/10/30 22:36:03 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Big Daddy\Desktop\TDSSKiller.exe
    [2010/10/29 17:00:42 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Big Daddy\Desktop\TFC.exe
    [2010/10/26 20:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Daddy\Application Data\Autodesk
    [2010/10/26 20:45:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2010/10/26 20:44:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    [2010/10/26 20:36:00 | 000,000,000 | ---D | C] -- C:\Autodesk
    [2010/10/26 18:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/10/26 18:32:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/10/26 17:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
    [2010/10/25 20:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/10/25 20:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/10/24 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Nitto 1320 Legends
    [2010/10/24 13:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Daddy\Desktop\TranquilityStory
    [2010/10/24 13:15:11 | 099,094,344 | ---- | C] (Cie Studios ) -- C:\Documents and Settings\Big Daddy\Desktop\NittoLegendsSetupFull.exe
    [2010/10/24 11:41:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Daddy\Desktop\NidoMS v90
    [2010/10/22 20:54:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
    [2010/10/21 18:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\GameKiller.net
    [2010/10/21 18:09:24 | 000,000,000 | ---D | C] -- C:\Nexon
    [2010/10/20 21:11:35 | 000,000,000 | ---D | C] -- C:\Private Servers
    [2010/10/15 18:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Big Daddy\My Documents\Maplestory Clean
     
  13. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    ========== Files - Modified Within 30 Days ==========

    [2010/11/13 18:07:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3313990476-4025588040-3206218090-1005UA.job
    [2010/11/13 18:07:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3313990476-4025588040-3206218090-1005Core.job
    [2010/11/13 17:34:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Daddy\Desktop\OTL.exe
    [2010/11/13 17:32:46 | 000,027,729 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/11/13 15:40:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/13 15:39:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/13 15:39:51 | 3218,571,264 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/12 22:09:07 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\SyncToy 2.1.lnk
    [2010/11/12 22:03:12 | 003,908,967 | R--- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\broni.exe
    [2010/11/11 23:15:43 | 000,000,399 | ---- | M] () -- C:\WINDOWS\dellstat.ini
    [2010/11/11 22:24:26 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
    [2010/11/08 22:48:00 | 083,335,474 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\Gameboy - C.A.N.D.I.D Music .zip
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/07 10:24:41 | 000,482,672 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/07 10:24:41 | 000,079,950 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/06 21:27:17 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
    [2010/11/06 21:27:17 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LEGO Digital Designer.lnk
    [2010/11/06 20:54:20 | 125,987,944 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\SetupLDD-PC-4_0_20.exe
    [2010/11/05 23:53:03 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Company of Heroes Online Launcher.appref-ms
    [2010/11/05 18:08:50 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\Google Chrome.lnk
    [2010/11/05 18:08:50 | 000,002,294 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/11/04 21:27:32 | 000,592,712 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\setup.exe
    [2010/11/01 16:55:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/31 18:55:37 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\NTBR_CD.exe
    [2010/10/31 09:59:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/30 22:36:45 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\MBRCheck.exe
    [2010/10/30 22:35:45 | 001,207,026 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\tdsskiller.zip
    [2010/10/29 17:26:46 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
    [2010/10/29 17:02:12 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\dds.scr
    [2010/10/29 17:01:50 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\4rkxpr06.exe
    [2010/10/29 17:00:42 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Daddy\Desktop\TFC.exe
    [2010/10/26 20:44:55 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/26 17:38:17 | 000,351,816 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\installer (Revit).exe
    [2010/10/26 10:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Big Daddy\Desktop\TDSSKiller.exe
    [2010/10/25 18:27:33 | 000,002,417 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch MapleStory and ZiGGi together.lnk
    [2010/10/24 14:43:53 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Nitto 1320 Legends.lnk
    [2010/10/24 13:41:18 | 099,094,344 | ---- | M] (Cie Studios ) -- C:\Documents and Settings\Big Daddy\Desktop\NittoLegendsSetupFull.exe
    [2010/10/24 11:48:41 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\NidoMS.lnk
    [2010/10/24 11:47:54 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\RandoMSv83.lnk
    [2010/10/17 20:07:31 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/10/15 00:56:23 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job

    ========== Files Created - No Company Name ==========

    [2010/11/08 22:41:56 | 083,335,474 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\Gameboy - C.A.N.D.I.D Music .zip
    [2010/11/06 21:27:17 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
    [2010/11/06 21:27:17 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LEGO Digital Designer.lnk
    [2010/11/06 20:43:48 | 125,987,944 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\SetupLDD-PC-4_0_20.exe
    [2010/11/06 05:59:05 | 000,284,990 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3313990476-4025588040-3206218090-1005-0.dat
    [2010/11/06 05:59:03 | 000,284,990 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2010/11/05 23:53:03 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Company of Heroes Online Launcher.appref-ms
    [2010/11/04 21:27:32 | 000,592,712 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\setup.exe
    [2010/11/01 19:02:37 | 003,908,967 | R--- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\broni.exe
    [2010/11/01 18:18:53 | 3218,571,264 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/01 16:55:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/11/01 16:55:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/11/01 16:52:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/11/01 16:52:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/11/01 16:52:43 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/01 16:52:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/11/01 16:52:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/31 23:05:10 | 000,002,316 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\Google Chrome.lnk
    [2010/10/31 23:05:10 | 000,002,294 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/10/31 18:54:51 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\NTBR_CD.exe
    [2010/10/30 22:36:45 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\MBRCheck.exe
    [2010/10/30 22:35:43 | 001,207,026 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\tdsskiller.zip
    [2010/10/29 17:02:05 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\dds.scr
    [2010/10/29 17:01:45 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\4rkxpr06.exe
    [2010/10/26 17:38:16 | 000,351,816 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Desktop\installer (Revit).exe
    [2010/10/24 14:43:53 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Nitto 1320 Legends.lnk
    [2010/10/24 11:48:41 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\NidoMS.lnk
    [2010/10/24 11:47:54 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\RandoMSv83.lnk
    [2010/10/21 18:48:18 | 000,002,417 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch MapleStory and ZiGGi together.lnk
    [2010/10/17 20:07:31 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/10/13 17:18:17 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
    [2010/10/13 17:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
    [2010/09/19 09:09:35 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Local Settings\Application Data\fusioncache.dat
    [2010/06/07 12:48:20 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/27 16:04:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
    [2010/05/24 18:54:52 | 000,000,399 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2010/05/23 10:35:16 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2010/05/23 10:35:15 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Big Daddy\Application Data\PnkBstrK.sys
    [2010/05/22 22:46:50 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/05/22 21:53:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/05/22 18:51:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2008/10/20 07:11:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/10/20 07:03:48 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2008/10/20 06:45:19 | 000,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/09/20 20:02:32 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/20 20:02:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2004/08/11 14:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 14:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 14:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/02/10 12:08:00 | 000,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/11/13 12:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll

    ========== LOP Check ==========

    [2010/05/22 20:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/05/22 20:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
    [2010/10/26 20:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2010/08/12 17:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2010/06/07 10:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2010/06/07 10:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2010/08/11 00:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2008/10/20 07:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/05/22 21:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2010/05/24 17:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/05/22 21:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/05/22 20:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\acccore
    [2010/10/26 20:45:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\Autodesk
    [2010/07/26 21:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\Delayed Shutdown
    [2010/05/22 21:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\HandBrake
    [2010/11/06 21:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\LEGO Company
    [2010/08/12 18:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\Need for Speed World
    [2010/08/11 00:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\Sony
    [2010/08/13 00:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\uTorrent
    [2010/05/22 21:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Big Daddy\Application Data\Western Digital
    [2010/10/15 00:56:23 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
    [2010/10/01 00:00:05 | 000,000,326 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/10/31 09:59:36 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/11/01 16:55:05 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2004/08/11 14:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/10/20 06:47:38 | 000,006,855 | RH-- | M] () -- C:\dell.sdr
    [2010/11/13 15:39:51 | 3218,571,264 | -HS- | M] () -- C:\hiberfil.sys
    [2010/05/22 18:02:03 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/11 14:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2010/05/22 20:47:38 | 000,001,561 | -H-- | M] () -- C:\IPH.PH
    [2004/08/11 14:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 02:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/05/22 19:26:35 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/11/13 15:39:43 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/11 14:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2003/07/29 06:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL
    [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 14:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/11 14:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/11 14:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2010/05/22 19:28:58 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/05 23:53:03 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Company of Heroes Online Launcher.appref-ms
    [2010/05/22 19:40:46 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/11 14:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/29 17:01:50 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\4rkxpr06.exe
    [2010/11/12 22:03:12 | 003,908,967 | R--- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\broni.exe
    [2009/05/03 20:34:55 | 145,904,872 | ---- | M] (Macrovision Corporation ) -- C:\Documents and Settings\Big Daddy\Desktop\Crysis_Patch_1_1.exe
    [2010/10/26 17:38:17 | 000,351,816 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\installer (Revit).exe
    [2009/02/14 23:57:38 | 013,876,432 | ---- | M] (Logitech ) -- C:\Documents and Settings\Big Daddy\Desktop\lgs504.exe
    [2010/10/30 22:36:45 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\MBRCheck.exe
    [2010/10/24 13:41:18 | 099,094,344 | ---- | M] (Cie Studios ) -- C:\Documents and Settings\Big Daddy\Desktop\NittoLegendsSetupFull.exe
    [2010/10/31 18:55:37 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\NTBR_CD.exe
    [2010/07/26 21:03:33 | 000,806,400 | ---- | M] (GameKiller.net) -- C:\Documents and Settings\Big Daddy\Desktop\NzNett.exe
    [2010/11/13 17:34:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Daddy\Desktop\OTL.exe
    [2010/11/04 21:27:32 | 000,592,712 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\setup.exe
    [2010/11/06 20:54:20 | 125,987,944 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Desktop\SetupLDD-PC-4_0_20.exe
    [2010/10/22 20:52:45 | 004,750,256 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Big Daddy\Desktop\Shockwave_Installer_Slim.exe
    [2010/10/26 10:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Big Daddy\Desktop\TDSSKiller.exe
    [2010/10/29 17:00:42 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Big Daddy\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 02:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/05/22 19:40:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Big Daddy\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/13 18:20:27 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Big Daddy\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/09/15 02:27:54 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/03 22:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/03 22:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/03 22:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/03 22:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/03 22:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/03 22:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/03 22:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Big Daddy\My Documents\rainbow test page.gif:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Big Daddy\My Documents\Lego (models, pics, etc.):Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Big Daddy\My Documents\Advanced Wars Models:Roxio EMC Stream
    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Big Daddy\Desktop\SecuROM Remover:Roxio EMC Stream

    < End of report >
     
  14. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    And here's Extras.txt

    OTL Extras logfile created on: 11/13/2010 6:23:54 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Big Daddy\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 294.73 Gb Total Space | 128.69 Gb Free Space | 43.66% Space Free | Partition Type: NTFS

    Computer Name: BRIAN | User Name: Big Daddy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "57761:TCP" = 57761:TCP:*:Enabled:pando Media Booster
    "57761:UDP" = 57761:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "57761:TCP" = 57761:TCP:*:Enabled:pando Media Booster
    "57761:UDP" = 57761:UDP:*:Enabled:pando Media Booster
    "1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
    "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
    "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
    "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
    "C:\Documents and Settings\Big Daddy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Big Daddy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe" = C:\Program Files\Sony\Media Manager for PSP\MediaManager.exe:*:Enabled:Media Manager for PSP 3.0 -- (Sony Creative Software Inc.)
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Steam\steamapps\common\r.u.s.e. demo\Ruse.exe" = C:\Program Files\Steam\steamapps\common\r.u.s.e. demo\Ruse.exe:*:Enabled:R.U.S.E. Demo -- (Eugen Systems)
    "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
    "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
    "C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe" = C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander -- (Gas Powered Games)
    "C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander -- (Gas Powered Games)
    "C:\Program Files\THQ\Relic Entertainment\Company of Heroes Online\Game\RelicCoHOWW.exe" = C:\Program Files\THQ\Relic Entertainment\Company of Heroes Online\Game\RelicCoHOWW.exe:*:Enabled:Company of Heroes Online (THQ) -- (THQ Canada Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{21C6344A-918B-4D35-ADB6-7614F97B78EA}" = Sony Media Manager for PSP 3.0
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
    "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2AF94338-FF58-44CB-BAD6-39D50DFF626F}" = Company of Heroes Online (THQ)
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
    "{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{62C81505-65E8-BBFF-5A9B-23958770F694}" = BannedStory
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1" = FLV Converter 3.2
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{823E050E-FAAE-4EB6-BF1C-80F8C5021239}" = ZiGGi
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
    "{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
    "{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{E0F252A6-DE85-4E93-A93B-DFC3537B3965}" = WG111v2 Configuration Utility
    "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
    "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM Toolbar" = AIM Toolbar
    "AIM_7" = AIM 7
    "Akamai" = Akamai NetSession Interface
    "Allok MPEG4 Converter_is1" = Allok MPEG4 Converter 5.1.0626
    "bs.BannedStory.B138736892407FF2891DACB3EC40AB4373DCB810.1" = BannedStory 3.0
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Cross Fire_is1" = Cross Fire En
    "Delayed Shutdown_is1" = Delayed Shutdown 3.0
    "Dell Photo Printer 720" = Dell Photo Printer 720
    "DivX Setup.divx.com" = DivX Setup
    "Fraps" = Fraps
    "Garena" = Garena 2010
    "Handbrake" = Handbrake 0.9.4
    "InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MapleStory" = MapleStory
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MSC" = McAfee SecurityCenter
    "New LEGO Digital Designer" = LEGO Digital Designer
    "Nitto 1320 Legends_is1" = Nitto 1320 Legends Public Beta 0.9.12.10
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PunkBusterSvc" = PunkBuster Services
    "RealPlayer 6.0" = RealPlayer Basic
    "SearchAssist" = SearchAssist
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Steam App 33310" = R.U.S.E. Demo
    "UnityWebPlayer" = Unity Web Player (All users)
    "uTorrent" = µTorrent
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 1.1.4
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Xfire" = Xfire (remove only)

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "477233b55d082a86" = Company of Heroes Online Launcher (THQ)
    "Google Chrome" = Google Chrome
    "Warcraft III" = Warcraft III: All Products

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/3/2010 1:15:11 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/3/2010 1:15:11 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/3/2010 1:15:11 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/3/2010 1:15:12 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/3/2010 1:15:12 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/3/2010 1:15:12 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/3/2010 1:15:12 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/3/2010 1:15:13 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/3/2010 1:15:13 AM | Computer Name = BRIAN | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/7/2010 11:02:49 PM | Computer Name = BRIAN | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    [ System Events ]
    Error - 11/13/2010 1:05:01 AM | Computer Name = BRIAN | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow
    the name to be claimed by this machine.

    Error - 11/13/2010 1:06:54 AM | Computer Name = BRIAN | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow
    the name to be claimed by this machine.

    Error - 11/13/2010 1:12:04 AM | Computer Name = BRIAN | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow
    the name to be claimed by this machine.

    Error - 11/13/2010 1:17:14 AM | Computer Name = BRIAN | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow
    the name to be claimed by this machine.

    Error - 11/13/2010 1:19:07 AM | Computer Name = BRIAN | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow
    the name to be claimed by this machine.

    Error - 11/13/2010 1:24:17 AM | Computer Name = BRIAN | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow
    the name to be claimed by this machine.

    Error - 11/13/2010 1:29:27 AM | Computer Name = BRIAN | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow
    the name to be claimed by this machine.

    Error - 11/13/2010 1:31:20 AM | Computer Name = BRIAN | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow
    the name to be claimed by this machine.

    Error - 11/13/2010 1:36:30 AM | Computer Name = BRIAN | Source = NetBT | ID = 4321
    Description = The name "WORKGROUP :1d" could not be registered on the Interface
    with IP address 10.0.0.5. The machine with the IP address 10.0.0.4 did not allow
    the name to be claimed by this machine.

    Error - 11/13/2010 2:57:57 AM | Computer Name = BRIAN | Source = Service Control Manager | ID = 7031
    Description = The McAfee Real-time Scanner service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva368.sys -- (XDva368)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva352.sys -- (XDva352)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva349.sys -- (XDva349)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\BIGDAD~1\LOCALS~1\Temp\GOP78.tmp -- (GarenaPEngine)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Big Daddy\My Documents\rainbow test page.gif:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Big Daddy\My Documents\Lego (models, pics, etc.):Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Big Daddy\My Documents\Advanced Wars Models:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Big Daddy\Desktop\SecuROM Remover:Roxio EMC Stream
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring" =-
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Here's the OTL log:

    All processes killed
    ========== OTL ==========
    Service XDva368 stopped successfully!
    Service XDva368 deleted successfully!
    File C:\WINDOWS\System32\XDva368.sys not found.
    Service XDva352 stopped successfully!
    Service XDva352 deleted successfully!
    File C:\WINDOWS\System32\XDva352.sys not found.
    Service XDva349 stopped successfully!
    Service XDva349 deleted successfully!
    File C:\WINDOWS\System32\XDva349.sys not found.
    Service GarenaPEngine stopped successfully!
    Service GarenaPEngine deleted successfully!
    File C:\DOCUME~1\BIGDAD~1\LOCALS~1\Temp\GOP78.tmp not found.
    Service EagleNT stopped successfully!
    Service EagleNT deleted successfully!
    File C:\WINDOWS\System32\drivers\EagleNT.sys not found.
    ADS C:\Documents and Settings\Big Daddy\My Documents\rainbow test page.gif:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Big Daddy\My Documents\Lego (models, pics, etc.):Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Big Daddy\My Documents\Advanced Wars Models:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Big Daddy\Desktop\SecuROM Remover:Roxio EMC Stream deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Big Daddy
    ->Temp folder emptied: 10794141 bytes
    ->Temporary Internet Files folder emptied: 1650527 bytes
    ->Java cache emptied: 726831 bytes
    ->FireFox cache emptied: 122828139 bytes
    ->Google Chrome cache emptied: 201541530 bytes
    ->Flash cache emptied: 27184 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 405 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 405 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 20963 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1169184 bytes

    Total Files Cleaned = 323.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Big Daddy
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11132010_213806

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_104.dat not found!

    Registry entries deleted on Reboot...
     
  17. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    The SecurityCheck link seems broken or not to work.
    My initial download worked but then McAfee SecurityCenter deleted it (false positive) so I disable SecurityCenter and tried downloading again and it gives this:

    This webpage is not available.

    The webpage at http://screen317.changelog.fr/SecurityCheck.exe might be temporarily down or it may have moved permanently to a new web address.

    More information on this error
    Below is the original error message

    Error 2 (net::ERR_FAILED): Unknown error.

    EDIT: After running TFC and the resulting reboot, the link worked again/ I'll run it and then do step 3.
     
  18. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    SecurityCheck log:

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    McAfee SecurityCenter
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.3
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    McAfee VIRUSS~1 mcshield.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  19. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    You need to update IE to at least version 7.
     
  20. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    Even if I never use it?
    I guess its a safety precaution?
     
  21. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Exactly. You shouldn't have any outdated programs on your computer.
    In XP Internet Explorer is used to provide Windows Updates, so you still use it.

    I still need Eset scan.
     
  22. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    ESET is hanging up on 99% quite a while, but it shows different files being scanned.
    I will post it once it finishes or after I get back if I leave before it is done.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Keep going....:)
     
  24. idunnowho

    idunnowho TS Rookie Topic Starter Posts: 31

    ESET said no threats found =D
     
  25. Broni

    Broni Malware Annihilator Posts: 47,163   +264

    Cool :)


    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.