Solved Need help got the Google redirect virus

Status
Not open for further replies.
ComboFix 10-11-15.05 - Owner 11/15/2010 20:51:42.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.612 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\jason.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\Wyoni.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SITEguard
c:\documents and settings\All Users\Application Data\SITEguard\siteguard.db
c:\documents and settings\All Users\Application Data\STOPzilla!
c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db
c:\documents and settings\All Users\Application Data\STOPzilla!\modules_scanned.db.bak
c:\documents and settings\All Users\Application Data\STOPzilla!\scanner.log
c:\documents and settings\All Users\Application Data\STOPzilla!\sgdefs.db
c:\documents and settings\All Users\Application Data\STOPzilla!\sgdwc.db
c:\documents and settings\All Users\Application Data\STOPzilla!\userdata.db
c:\documents and settings\All Users\Application Data\STOPzilla!\zilla5.log
c:\program files\Common Files\iS3
c:\program files\Common Files\iS3\Anti-Spyware\sgdfull.rsf
c:\windows\Wyoni.bin

c:\windows\System32\wscntfy.exe . . . is missing!!

.
((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 01:46 . 2010-11-16 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-11-16 00:56 . 2010-11-16 01:16 -------- d-----w- C:\ComboFix
2010-11-13 04:25 . 2010-11-13 04:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-11-13 04:21 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 04:21 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-13 04:21 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-13 04:21 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-13 04:21 . 2010-11-13 04:21 -------- d-----w- c:\program files\Avira
2010-11-13 04:21 . 2010-11-13 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-12 21:58 . 2010-11-12 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-11-12 21:57 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-12 21:57 . 2010-11-12 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-12 21:57 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\wbem\snmp
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\xircom
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\oobe
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\program files\microsoft frontpage
2010-11-12 00:56 . 2010-02-02 15:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-12 00:56 . 2010-02-02 15:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-12 00:27 . 2010-11-12 00:34 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-12 00:27 . 2010-11-12 00:27 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-11-12 00:26 . 2010-11-16 01:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-11 12:17 . 2010-11-12 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 21:51 . 2009-07-19 16:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
.

------- Sigcheck -------

[-] 2009-07-19 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-16_01.21.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-16 01:25 . 2010-11-16 01:25 16384 c:\windows\temp\Perflib_Perfdata_87c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Stickies"="c:\program files\Bret Taylor\Stickies\Stickies.exe" [2007-03-14 335872]
"RemoteCenter"="c:\program files\Creative\SBAudigy4\Entertainment Center\RcMan.exe" [2004-09-21 172032]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-23 2938552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-09-23 24576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-06-20 286720]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-07-19 128512]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-3-16 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56243:TCP"= 56243:TCP:pando Media Booster
"56243:UDP"= 56243:UDP:pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6933:TCP"= 6933:TCP:League of Legends Launcher
"6933:UDP"= 6933:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6918:TCP"= 6918:TCP:League of Legends Launcher
"6918:UDP"= 6918:UDP:League of Legends Launcher

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [7/19/2009 11:48 AM 258939]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/11/2010 7:28 PM 218592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/16/2010 10:41 AM 691696]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/11/2010 7:56 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/11/2010 7:56 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/11/2010 7:29 PM 233136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2010 11:21 PM 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/11/2010 7:33 PM 112592]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/16/2010 8:27 PM 20968]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/11/2010 7:27 PM 366840]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/11/2010 7:27 PM 63360]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/11/2010 7:56 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-11-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-11-16 c:\windows\Tasks\User_Feed_Synchronization-{FBC52E96-BF07-4D08-97BF-27368A1BAA50}.job
- c:\windows\system32\msfeedssync.exe [2009-07-19 16:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 21:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-1715567821-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:ab,5a,2f,3e,81,b5,44,b9,1e,3c,73,d8,ff,8e,54,2b,04,a2,d3,0c,96,
45,46,6b,db,5f,81,b8,e3,8d,93,11,25,63,34,85,02,47,ba,b6,ab,b1,90,65,88,99,\
"rkeysecu"=hex:a4,9f,d6,ad,e1,87,82,b9,cc,dd,79,26,d1,30,a0,95
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(876)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-11-15 21:02:08
ComboFix-quarantined-files.txt 2010-11-16 02:02
ComboFix2.txt 2010-11-16 01:23

Pre-Run: 171,162,550,272 bytes free
Post-Run: 171,152,953,344 bytes free

- - End Of File - - 661BD3B319462957BC1ABEE905B62924
 
Please, always read my instructions carefully.
I asked to allow recovery console installation and you didn't follow.
I even underlined my request!

Combofix also reports:
c:\windows\System32\wscntfy.exe ... is missing !!
Click to expand...

Attached is zipped wscntfy.exe file from my computer.
Unzip it and paste wscntfy.exe file into c:\windows\System32 folder.

Re-run Combofix, allowing recovery console installation and post fresh log.
 

Attachments

  • wscntfy.zip
    6.8 KB · Views: 2
okay when i unzip and paste the wscntfy.exe to system 32 file i got a message saying files that are required for windows to run properly have been replaced by unrecognized versions.etc.etc insert windows cd. and second combo fix tries to download microsoft windows recovery console and i click yes but im not connected to the internet cuz u said combofix disconnects me from the internet so it says boot partition cannot be enumerated correctly. so im pretty screwed as of now
 
i got a message saying files that are required for windows to run properly have been replaced by unrecognized versions.etc.etc insert windows cd
Click to expand...
Disregard the message (it's a regular generic message and paste it anyway).

When done with the above....

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Try to run it now.
 
still says the same thing =(

ComboFix 10-11-15.05 - Owner 11/15/2010 22:18:26.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.558 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\jason.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 02:38 . 2010-11-16 02:39 -------- d-----w- C:\jason
2010-11-16 02:13 . 2007-10-31 02:33 13824 ----a-w- c:\windows\system32\wscntfy.exe
2010-11-16 01:46 . 2010-11-16 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-11-16 00:56 . 2010-11-16 01:16 -------- d-----w- C:\ComboFix
2010-11-13 04:25 . 2010-11-13 04:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2010-11-13 04:21 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-13 04:21 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-13 04:21 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-13 04:21 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-13 04:21 . 2010-11-13 04:21 -------- d-----w- c:\program files\Avira
2010-11-13 04:21 . 2010-11-13 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-12 21:58 . 2010-11-12 21:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-11-12 21:57 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-12 21:57 . 2010-11-12 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-12 21:57 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\wbem\snmp
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\xircom
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\windows\system32\oobe
2010-11-12 12:26 . 2010-11-12 12:26 -------- d-----w- c:\program files\microsoft frontpage
2010-11-12 00:56 . 2010-02-02 15:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-11-12 00:56 . 2010-02-02 15:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-11-12 00:27 . 2010-11-12 00:34 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-12 00:27 . 2010-11-12 00:27 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-11-12 00:26 . 2010-11-16 03:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-11 12:17 . 2010-11-12 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 21:51 . 2009-07-19 16:00 36352 ----a-w- c:\windows\system32\drivers\disk.sys
.

------- Sigcheck -------

[-] 2009-07-19 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2007-10-31 . E9EEB38B858B637F4F8FA3401F325DC5 . 13824 . . [5.1.2600.3244] . . c:\windows\system32\wscntfy.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-16_01.21.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-16 03:14 . 2010-11-16 03:14 16384 c:\windows\temp\Perflib_Perfdata_114.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Stickies"="c:\program files\Bret Taylor\Stickies\Stickies.exe" [2007-03-14 335872]
"RemoteCenter"="c:\program files\Creative\SBAudigy4\Entertainment Center\RcMan.exe" [2004-09-21 172032]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-04-23 2938552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTHelper"="CTHELPER.EXE" [2004-09-23 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-06-20 286720]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-06-07 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-07-19 128512]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-3-16 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56243:TCP"= 56243:TCP:pando Media Booster
"56243:UDP"= 56243:UDP:pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"6933:TCP"= 6933:TCP:League of Legends Launcher
"6933:UDP"= 6933:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6918:TCP"= 6918:TCP:League of Legends Launcher
"6918:UDP"= 6918:UDP:League of Legends Launcher

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [7/19/2009 11:48 AM 258939]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/11/2010 7:28 PM 218592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/16/2010 10:41 AM 691696]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [11/11/2010 7:56 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [11/11/2010 7:56 PM 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/11/2010 7:29 PM 233136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2010 11:21 PM 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/11/2010 7:33 PM 112592]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/16/2010 8:27 PM 20968]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/11/2010 7:27 PM 366840]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [11/11/2010 7:27 PM 63360]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [11/11/2010 7:56 PM 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-11-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-11-16 c:\windows\Tasks\User_Feed_Synchronization-{FBC52E96-BF07-4D08-97BF-27368A1BAA50}.job
- c:\windows\system32\msfeedssync.exe [2009-07-19 16:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 22:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-1715567821-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:ab,5a,2f,3e,81,b5,44,b9,1e,3c,73,d8,ff,8e,54,2b,04,a2,d3,0c,96,
45,46,6b,db,5f,81,b8,e3,8d,93,11,25,63,34,85,02,47,ba,b6,ab,b1,90,65,88,99,\
"rkeysecu"=hex:a4,9f,d6,ad,e1,87,82,b9,cc,dd,79,26,d1,30,a0,95
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(868)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(2096)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-11-15 22:26:05
ComboFix-quarantined-files.txt 2010-11-16 03:25
ComboFix2.txt 2010-11-16 02:56
ComboFix3.txt 2010-11-16 02:35
ComboFix4.txt 2010-11-16 02:22
ComboFix5.txt 2010-11-16 02:58

Pre-Run: 171,108,515,840 bytes free
Post-Run: 171,104,137,216 bytes free

- - End Of File - - 93B258328A049ED01F0BC368603DF36D
 
Let's leave it for now...

How is redirection and any other issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 11/15/2010 10:38:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 456.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.38 Gb Total Space | 159.37 Gb Free Space | 57.04% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 22:38:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/22 21:53:13 | 002,938,552 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/07/19 11:00:44 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2007/09/02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/03/14 12:35:50 | 000,335,872 | ---- | M] (Bret Taylor) -- C:\Program Files\Bret Taylor\Stickies\Stickies.exe
PRC - [2006/07/13 16:27:16 | 000,528,384 | ---- | M] ( ) -- C:\WINDOWS\system32\lxctcoms.exe
PRC - [2006/06/20 12:37:42 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe
PRC - [2006/06/07 02:05:20 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5400 Series\ezprint.exe
PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/09/22 22:39:50 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTHELPER.EXE
PRC - [2004/09/22 17:54:40 | 000,045,056 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2004/09/21 11:00:00 | 000,172,032 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe
PRC - [2003/06/18 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe
PRC - [2002/03/19 17:30:00 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/15 22:38:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/07/19 10:59:05 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
MOD - [2007/09/02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2004/09/22 22:40:08 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\windows\System32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2006/07/13 16:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\windows\System32\lxctcoms.exe -- (lxct_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\NCsoft\Lineage\npkcusb.sys -- (npkcusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\NCsoft\Lineage\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/11/11 19:55:25 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/11/11 19:55:25 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/03/30 22:38:26 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010/03/16 10:41:14 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 02:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/12/15 14:41:30 | 000,268,912 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2009/06/11 18:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/09/24 09:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/04/13 17:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/02/26 10:21:16 | 000,258,939 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\a320raid.sys -- (a320raid)
DRV - [2004/09/22 22:26:42 | 000,145,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2004/09/22 22:26:30 | 000,130,288 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/09/22 22:26:14 | 000,006,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2004/09/22 22:26:04 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/09/22 22:25:52 | 000,371,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2004/09/22 22:24:50 | 000,645,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/09/22 22:23:46 | 000,148,464 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2004/09/22 22:23:28 | 000,904,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2004/09/22 06:13:54 | 000,340,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/09/02 23:18:22 | 000,006,656 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{7C910989-BFE7-49D9-871E-9ECCC4989738}: C:\Documents and Settings\Owner\Local Settings\Application Data\{7C910989-BFE7-49D9-871E-9ECCC4989738}


O1 HOSTS File: ([2010/11/15 20:59:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\windows\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe (Bret Taylor)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\windows\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\windows\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll ()
Drivers32: VIDC.VP60 - C:\windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\windows\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\windows\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56590081070202880)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 22:38:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/15 22:30:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/15 22:17:02 | 000,000,000 | ---D | C] -- C:\jason21697j
[2010/11/15 21:58:24 | 000,000,000 | ---D | C] -- C:\jason21440j
[2010/11/15 21:49:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2010/11/15 21:38:10 | 000,000,000 | ---D | C] -- C:\jason
[2010/11/15 20:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/15 20:23:20 | 000,000,000 | ---D | C] -- C:\windows\temp
[2010/11/15 19:56:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2010/11/15 19:56:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2010/11/15 19:56:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2010/11/15 19:56:14 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/11/15 19:56:13 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/15 19:55:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/12 23:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/12 23:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2010/11/12 23:21:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2010/11/12 23:21:27 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010/11/12 23:21:27 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2010/11/12 23:21:27 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntdd.sys
[2010/11/12 23:21:27 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntmgr.sys
[2010/11/12 23:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/11/12 23:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/11/12 23:13:34 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/11/12 16:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/11/12 16:57:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/11/12 16:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/12 16:57:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/11/12 07:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/11/12 07:26:35 | 000,000,000 | ---D | C] -- C:\windows\System32\xircom
[2010/11/12 07:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\outlook express
[2010/11/12 07:26:35 | 000,000,000 | ---D | C] -- C:\windows\System32\oobe
[2010/11/12 07:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2010/11/12 07:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2010/11/12 07:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\movie maker
[2010/11/12 07:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/11/12 07:26:35 | 000,000,000 | ---D | C] -- C:\windows\System32\inetsrv
[2010/11/11 19:56:52 | 000,059,664 | --S- | C] (PC Tools) -- C:\windows\System32\drivers\TfSysMon.sys
[2010/11/11 19:56:52 | 000,051,984 | --S- | C] (PC Tools) -- C:\windows\System32\drivers\TfFsMon.sys
[2010/11/11 19:56:52 | 000,033,552 | --S- | C] (PC Tools) -- C:\windows\System32\drivers\TfNetMon.sys
[2010/11/11 19:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2010/11/11 19:33:43 | 000,149,456 | ---- | C] (PC Tools) -- C:\windows\SGDetectionTool.dll
[2010/11/11 19:33:42 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDCore.dll
[2010/11/11 19:33:42 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\windows\PCTBDRes.dll
[2010/11/11 19:29:26 | 000,233,136 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctgntdi.sys
[2010/11/11 19:28:29 | 000,218,592 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
[2010/11/11 19:28:28 | 000,088,040 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\PCTAppEvent.sys
[2010/11/11 19:27:38 | 000,063,360 | ---- | C] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
[2010/11/11 19:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/11/11 19:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/11 19:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2010/11/11 19:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/11/11 19:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/11 07:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/24 13:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/05 15:04:01 | 001,187,840 | ---- | C] ( ) -- C:\windows\System32\lxctserv.dll
[2010/07/05 15:04:01 | 000,983,040 | ---- | C] ( ) -- C:\windows\System32\lxctusb1.dll
[2010/07/05 15:04:01 | 000,643,072 | ---- | C] ( ) -- C:\windows\System32\lxctpmui.dll
[2010/07/05 15:04:01 | 000,528,384 | ---- | C] ( ) -- C:\windows\System32\lxctlmpm.dll
[2010/07/05 15:04:01 | 000,409,600 | ---- | C] ( ) -- C:\windows\System32\lxctinpa.dll
[2010/07/05 15:04:01 | 000,393,216 | ---- | C] ( ) -- C:\windows\System32\lxctiesc.dll
[2010/07/05 15:04:01 | 000,163,840 | ---- | C] ( ) -- C:\windows\System32\lxctprox.dll
[2010/07/05 15:04:01 | 000,094,208 | ---- | C] ( ) -- C:\windows\System32\lxctpplc.dll
[2010/07/05 15:04:00 | 000,696,320 | ---- | C] ( ) -- C:\windows\System32\lxcthbn3.dll
[2010/07/05 15:04:00 | 000,667,648 | ---- | C] ( ) -- C:\windows\System32\lxctcomc.dll
[2010/07/05 15:04:00 | 000,421,888 | ---- | C] ( ) -- C:\windows\System32\lxctcomm.dll
[2009/09/07 22:04:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2004/09/22 22:21:10 | 000,065,536 | ---- | C] ( ) -- C:\windows\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/11/15 22:39:00 | 000,000,422 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{FBC52E96-BF07-4D08-97BF-27368A1BAA50}.job
[2010/11/15 22:38:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/15 22:30:50 | 004,932,286 | ---- | M] () -- C:\windows\{00000003-00000000-0000000D-00001102-00000004-20071102}.CDF
[2010/11/15 22:30:20 | 000,000,236 | ---- | M] () -- C:\windows\tasks\OGALogon.job
[2010/11/15 22:30:17 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/11/15 22:30:10 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/15 22:29:10 | 000,030,432 | ---- | M] () -- C:\windows\System32\BMXStateBkp-{00000003-00000000-0000000D-00001102-00000004-20071102}.rfx
[2010/11/15 22:29:10 | 000,030,432 | ---- | M] () -- C:\windows\System32\BMXState-{00000003-00000000-0000000D-00001102-00000004-20071102}.rfx
[2010/11/15 22:29:10 | 000,028,068 | ---- | M] () -- C:\windows\System32\BMXCtrlState-{00000003-00000000-0000000D-00001102-00000004-20071102}.rfx
[2010/11/15 22:29:10 | 000,028,068 | ---- | M] () -- C:\windows\System32\BMXBkpCtrlState-{00000003-00000000-0000000D-00001102-00000004-20071102}.rfx
[2010/11/15 22:29:10 | 000,001,076 | ---- | M] () -- C:\windows\System32\settingsbkup.sfm
[2010/11/15 22:29:10 | 000,001,076 | ---- | M] () -- C:\windows\System32\settings.sfm
[2010/11/15 22:29:10 | 000,000,384 | ---- | M] () -- C:\windows\System32\DVCStateBkp-{00000003-00000000-0000000D-00001102-00000004-20071102}.dat
[2010/11/15 22:29:10 | 000,000,384 | ---- | M] () -- C:\windows\System32\DVCState-{00000003-00000000-0000000D-00001102-00000004-20071102}.dat
[2010/11/15 22:16:39 | 003,910,070 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\jason.exe
[2010/11/15 21:25:43 | 000,006,994 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wscntfy.zip
[2010/11/15 20:59:56 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2010/11/15 20:13:19 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2010/11/15 19:50:17 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/11/12 23:21:39 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/12 23:18:46 | 053,123,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010/11/12 23:14:53 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lj8dgb34.exe
[2010/11/12 23:13:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe
[2010/11/12 22:59:25 | 000,000,120 | ---- | M] () -- C:\windows\Bvarijegozu.dat
[2010/11/12 16:57:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 16:28:00 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/11/11 20:03:37 | 000,000,744 | ---- | M] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2010/11/11 19:55:25 | 000,218,592 | ---- | M] (PC Tools) -- C:\windows\System32\drivers\PCTCore.sys
[2010/11/11 19:55:25 | 000,063,360 | ---- | M] (PC Tools) -- C:\windows\System32\drivers\pctplsg.sys
[2010/11/11 19:28:08 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/11 18:41:22 | 000,901,120 | -H-- | M] () -- C:\SZKGFS.dat
[2010/11/10 17:44:51 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\windows\MBR.exe
[2010/11/07 20:07:23 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/07 17:28:18 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus 2010.lnk
[2010/11/07 12:35:22 | 000,441,454 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/11/07 12:35:22 | 000,071,264 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/10/24 13:41:08 | 000,004,530 | ---- | M] () -- C:\fraglist.luar

========== Files Created - No Company Name ==========

[2010/11/15 22:16:25 | 003,910,070 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\jason.exe
[2010/11/15 21:13:31 | 000,006,994 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wscntfy.zip
[2010/11/15 20:24:50 | 1071,804,416 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/15 20:13:18 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2010/11/15 19:56:24 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2010/11/15 19:56:24 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2010/11/15 19:56:24 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2010/11/15 19:56:24 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2010/11/15 19:56:24 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2010/11/15 19:50:06 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/11/12 23:21:39 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/11/12 23:17:54 | 053,123,856 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010/11/12 23:14:51 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lj8dgb34.exe
[2010/11/12 16:57:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/11 20:03:06 | 000,000,744 | ---- | C] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2010/11/11 19:33:43 | 001,152,444 | ---- | C] () -- C:\windows\UDB.zip
[2010/11/11 19:33:43 | 000,767,952 | ---- | C] () -- C:\windows\BDTSupport.dll
[2010/11/11 19:33:43 | 000,000,882 | ---- | C] () -- C:\windows\RegSDImport.xml
[2010/11/11 19:33:43 | 000,000,879 | ---- | C] () -- C:\windows\RegISSImport.xml
[2010/11/11 19:33:43 | 000,000,131 | ---- | C] () -- C:\windows\IDB.zip
[2010/11/11 19:29:26 | 000,007,387 | ---- | C] () -- C:\windows\System32\drivers\pctgntdi.cat
[2010/11/11 19:28:30 | 000,007,383 | ---- | C] () -- C:\windows\System32\drivers\pctcore.cat
[2010/11/11 19:28:29 | 000,007,412 | ---- | C] () -- C:\windows\System32\drivers\PCTAppEvent.cat
[2010/11/11 19:28:08 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/11/11 19:27:38 | 000,007,383 | ---- | C] () -- C:\windows\System32\drivers\pctplsg.cat
[2010/11/11 18:41:22 | 000,901,120 | -H-- | C] () -- C:\SZKGFS.dat
[2010/11/07 17:28:18 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus 2010.lnk
[2010/10/24 13:41:08 | 000,004,530 | ---- | C] () -- C:\fraglist.luar
[2010/10/17 12:53:20 | 000,000,120 | ---- | C] () -- C:\windows\Bvarijegozu.dat
[2010/07/05 15:05:00 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxctvs.dll
[2010/07/05 15:04:59 | 000,335,872 | ---- | C] () -- C:\windows\System32\lxctcoin.dll
[2010/07/05 15:04:53 | 000,692,224 | ---- | C] () -- C:\windows\System32\lxctdrs.dll
[2010/07/05 15:04:53 | 000,065,536 | ---- | C] () -- C:\windows\System32\lxctcaps.dll
[2010/07/05 15:04:53 | 000,061,440 | ---- | C] () -- C:\windows\System32\lxctcnv4.dll
[2010/07/05 15:04:40 | 000,040,960 | ---- | C] () -- C:\windows\System32\lxctpmon.dll
[2010/07/05 15:04:40 | 000,032,768 | ---- | C] () -- C:\windows\System32\LXCTFXPU.DLL
[2010/07/05 15:04:01 | 000,274,432 | ---- | C] () -- C:\windows\System32\LXCTinst.dll
[2010/07/05 15:04:00 | 000,204,800 | ---- | C] () -- C:\windows\System32\lxctgrd.dll
[2010/06/10 21:39:33 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2010/06/10 21:39:33 | 000,137,256 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2010/05/29 14:04:58 | 000,092,160 | ---- | C] () -- C:\windows\System32\lua5.1a.dll
[2010/03/16 10:41:13 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010/01/01 11:28:16 | 000,045,011 | R--- | C] () -- C:\windows\System32\e10kxwdm.ini
[2010/01/01 11:28:16 | 000,000,175 | R--- | C] () -- C:\windows\System32\ctzapxx.ini
[2010/01/01 10:47:20 | 000,268,912 | R--- | C] () -- C:\windows\System32\drivers\SRS_SSCFilter_i386.sys
[2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\windows\System32\xlive.dll.cat
[2009/10/20 20:30:16 | 001,589,248 | ---- | C] () -- C:\windows\System32\libmysql_d.dll
[2009/09/07 22:04:59 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2009/09/07 22:04:55 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2009/09/07 22:04:55 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2009/08/30 15:12:12 | 000,354,816 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2009/08/27 17:37:20 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2009/08/17 22:16:19 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/16 18:33:24 | 000,168,448 | ---- | C] () -- C:\windows\System32\unrar.dll
[2009/08/16 18:33:23 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2009/08/16 18:33:22 | 002,402,304 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2009/08/16 18:33:22 | 000,881,664 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2009/08/16 18:33:22 | 000,205,824 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2009/08/16 18:33:21 | 003,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2009/08/16 18:33:20 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2009/08/16 18:27:32 | 000,147,456 | ---- | C] () -- C:\windows\System32\RTLCPAPI.dll
[2009/08/16 13:14:49 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/07/19 11:11:41 | 000,210,944 | ---- | C] () -- C:\windows\System32\msvcrt10.dll
[2008/05/26 04:09:13 | 000,286,208 | ---- | C] () -- C:\windows\System32\Cncs232.dll
[2008/04/14 07:00:00 | 000,755,200 | ---- | C] () -- C:\windows\System32\ir50_32.dll
[2008/04/14 07:00:00 | 000,338,432 | ---- | C] () -- C:\windows\System32\ir41_qcx.dll
[2008/04/14 07:00:00 | 000,200,192 | ---- | C] () -- C:\windows\System32\ir50_qc.dll
[2008/04/14 07:00:00 | 000,183,808 | ---- | C] () -- C:\windows\System32\ir50_qcx.dll
[2008/04/14 07:00:00 | 000,120,320 | ---- | C] () -- C:\windows\System32\ir41_qc.dll
[2003/03/21 04:56:12 | 000,000,194 | ---- | C] () -- C:\windows\System32\KILL.INI
[2002/09/15 22:59:46 | 000,005,515 | ---- | C] () -- C:\windows\System32\ENSDEF.INI

========== LOP Check ==========

[2010/07/05 15:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5400 Series
[2010/03/16 12:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astroburn Lite
[2010/11/11 20:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/16 10:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/10/20 20:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010/01/01 11:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/07/09 19:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/01/01 10:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SRS Labs
[2010/11/15 22:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/15 20:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/06/29 14:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/20 19:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/15 20:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.purple
[2010/07/05 21:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\5400 Series
[2010/02/20 08:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2009/12/17 21:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bret Taylor
[2010/03/16 12:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/08/16 18:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/08/07 19:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2009/08/27 17:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/07/10 20:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LolClient
[2009/09/07 22:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MoveFab
[2010/01/01 11:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Steinberg
[2009/10/20 20:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Subversion
[2010/11/10 17:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/09/18 15:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2010/11/15 22:30:20 | 000,000,236 | ---- | M] () -- C:\windows\Tasks\OGALogon.job
[2010/11/15 22:39:00 | 000,000,422 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{FBC52E96-BF07-4D08-97BF-27368A1BAA50}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/15 22:26:06 | 000,011,100 | ---- | M] () -- C:\ComboFix.txt
[2010/06/16 22:01:49 | 000,000,704 | ---- | M] () -- C:\deltaStartup.log
[2010/10/24 13:41:08 | 000,004,530 | ---- | M] () -- C:\fraglist.luar
[2010/10/24 13:41:08 | 000,004,190 | ---- | M] () -- C:\fraglist.txt
[2010/11/15 22:30:10 | 1071,804,416 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/16 18:24:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/16 20:55:36 | 000,000,462 | -H-- | M] () -- C:\IPH.PH
[2010/11/11 19:56:54 | 000,000,444 | ---- | M] () -- C:\lxct.log
[2010/11/15 17:40:18 | 000,000,840 | ---- | M] () -- C:\lxctscan.log
[2009/08/16 18:24:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/15 22:30:10 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/11/15 20:15:31 | 000,000,392 | ---- | M] () -- C:\rkill.log
[2010/11/11 18:41:22 | 000,901,120 | -H-- | M] () -- C:\SZKGFS.dat
[2010/11/12 19:54:28 | 000,039,998 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_12.11.2010_19.52.33_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/08/16 18:24:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/06/21 02:44:04 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxctdrpp.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/08/16 13:10:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/08/16 13:10:56 | 001,073,152 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/08/16 13:10:56 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/16 18:27:01 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/12 23:18:46 | 053,123,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira_antivir_personal_en.exe
[2010/11/15 22:16:39 | 003,910,070 | R--- | M] () -- C:\Documents and
 
Settings\Owner\Desktop\jason.exe
[2010/11/12 23:14:53 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lj8dgb34.exe
[2010/11/15 19:50:17 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/11/15 22:38:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/12 23:13:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/08/25 15:48:10 | 000,000,169 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/15 22:30:50 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2009/07/19 11:02:34 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 1
"RebootRelaunchTimeoutEnabled" = 1
"RebootRelaunchTimeout" = 1440

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
 
OTL Extras logfile created on: 11/15/2010 10:38:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 456.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 279.38 Gb Total Space | 159.37 Gb Free Space | 57.04% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56243:TCP" = 56243:TCP:*:Enabled:pando Media Booster
"56243:UDP" = 56243:UDP:*:Enabled:pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56243:TCP" = 56243:TCP:*:Enabled:pando Media Booster
"56243:UDP" = 56243:UDP:*:Enabled:pando Media Booster
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
"8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher
"6933:TCP" = 6933:TCP:*:Enabled:League of Legends Launcher
"6933:UDP" = 6933:UDP:*:Enabled:League of Legends Launcher
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
"6918:TCP" = 6918:TCP:*:Enabled:League of Legends Launcher
"6918:UDP" = 6918:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:5400 Series Server -- ( )
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe" = C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2 -- (EA Digital Illusions CE AB)
"C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Battlefield: Bad Company 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{0A770EE2-905F-4DBD-8963-2E4F0FAFD66F}" = Stickies
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 16
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6E710E82-6D67-4889-9DCF-9D07587628C5}" = FL Studio Creative Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1BC9F13-59FE-43E4-8498-DF5A721196C5}" = BlackBerry USB Drivers
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{AAC987E1-0C95-4EA6-BE48-C0CD9EDA0555}" = Sound Blaster Audigy 4
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CmdOpen Shell Extension" = Open Command Prompt Shell Extension (x86-32)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"Foxit Reader" = Foxit Reader
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0
"Lexmark 5400 Series" = Lexmark 5400 Series
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Silverlight" = Microsoft Silverlight
"My Drivers_is1" = My Drivers 3.31
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PROSet" = Intel(R) PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.0
"RocketDock_is1" = RocketDock 1.3.5
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 24960" = Battlefield: Bad Company 2
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"UltraDefrag" = Ultra Defragmenter
"uTorrent" = µTorrent
"Winamp" = Winamp
"WORD" = Microsoft Office Word 2007

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MLQTSource" = MediaLooks QuickTime Source 1.7.0.13 (DirectShow Filter)
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/15/2010 10:59:33 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 11/15/2010 10:59:57 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 11/15/2010 11:00:04 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 11/15/2010 11:18:07 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 11/15/2010 11:18:07 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/15/2010 11:18:07 PM | Computer Name = ANONYMOUS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/15/2010 11:18:14 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 11/15/2010 11:18:46 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 11/15/2010 11:23:52 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5634, faulting
module unknown, version 0.0.0.0, fault address 0x715b9e59.

Error - 11/15/2010 11:23:57 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ System Events ]
Error - 11/15/2010 11:14:56 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/15/2010 11:14:56 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 11/15/2010 11:14:56 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 11/15/2010 11:15:57 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The User Profile Hive Cleanup service failed to start due to the following
error: %%2

Error - 11/15/2010 11:15:57 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 11/15/2010 11:30:43 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%3" attempting to start the service iPod Service with
arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 11/15/2010 11:31:44 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The User Profile Hive Cleanup service failed to start due to the following
error: %%2

Error - 11/15/2010 11:31:44 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083

Error - 11/15/2010 11:31:44 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%3

Error - 11/15/2010 11:31:44 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7000
Description = The wscsvc service failed to start due to the following error: %%1083


< End of report >
 
oh it doesnt redirect anymore =) but sometimes a pop up will come out and the link would be google.analytis or w.e and i would just close it right away.

edit: not when im searching on google or anything just randomly popping out.
 
rarely but it happens. im still worried to go on sites that i have to put in a password like ebay etc etc.
 
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/11/11 18:41:22 | 000,901,120 | -H-- | M] () -- C:\SZKGFS.dat
[2010/11/07 17:28:18 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus 2010.lnk
[2010/10/17 12:53:20 | 000,000,120 | ---- | C] () -- C:\windows\Bvarijegozu.dat
[2010/11/11 20:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/11/15 20:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/20 08:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UpdReg deleted successfully.
C:\WINDOWS\Updreg.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\SZKGFS.dat moved successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus 2010.lnk moved successfully.
C:\WINDOWS\Bvarijegozu.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AVG9\cfgall folder moved successfully.
C:\Documents and Settings\Owner\Application Data\AVG9 folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 757496 bytes
->Temporary Internet Files folder emptied: 23113254 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 1252 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11152010_234221

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC12.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFC34.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFCB6.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFCD8.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QU1MCJTF\topic156506-2[1].html moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OBSZNUM8\crosspixel-dest[1].htm moved successfully.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
C:\System Volume Information\_restore{3A4544CD-6DF9-4543-B494-ED8A3C6B2DD9}\RP6\A0044405.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\System Volume Information\_restore{3A4544CD-6DF9-4543-B494-ED8A3C6B2DD9}\RP6\A0044450.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\System Volume Information\_restore{3A4544CD-6DF9-4543-B494-ED8A3C6B2DD9}\RP6\A0044460.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\System Volume Information\_restore{3A4544CD-6DF9-4543-B494-ED8A3C6B2DD9}\RP6\A0044470.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\System Volume Information\_restore{3A4544CD-6DF9-4543-B494-ED8A3C6B2DD9}\RP6\A0044603.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\System Volume Information\_restore{3A4544CD-6DF9-4543-B494-ED8A3C6B2DD9}\RP6\A0045336.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\System Volume Information\_restore{3A4544CD-6DF9-4543-B494-ED8A3C6B2DD9}\RP6\A0045459.dll a variant of Win32/Packed.VMProtect.AAA trojan
C:\System Volume Information\_restore{3A4544CD-6DF9-4543-B494-ED8A3C6B2DD9}\RP6\A0065980.dll a variant of Win32/Kryptik.HTA trojan
 
internet explorer i had firefox and it was infected too so i unistalled it also had google chrome but that got messed up
 
Status
Not open for further replies.

Similar threads

learninmypc
Help with FB messenger, NOT THE APP
Replies
4
Views
96
learninmypc
learninmypc
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
629
Feng Lengshun
F
midian182
Google accused of being "woke" after Gemini creates inaccurate, racially diverse historical...
2
Replies
40
Views
838
wiyosaya
wiyosaya

Latest posts

Back